Information Disclosure from Undefined Integer Conversions via atoi Family in C

Medium Risk Memory Safety
catoiatolatollinteger-conversionoverflowinformation-disclosurelogic-bypassparsing-errors

What it is

A medium-severity security vulnerability where C code uses atoi, atol, or atoll functions that lack error reporting and can overflow or misparse input, yielding undefined behavior and incorrect values. These functions can't distinguish between legitimate zero values and parsing errors, and they don't detect integer overflow conditions. When these incorrect values propagate into logic, size computations, or security checks, they can enable buffer overflows, logic bypass, authentication bypass, or information disclosure attacks.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

// VULNERABLE: atoi for buffer size without validation
void allocate_buffer(const char* size_str) {
    int size = atoi(size_str);  // Returns 0 on error!
    
    char* buffer = malloc(size);
    if (!buffer) {
        return;
    }
    
    strcpy(buffer, "data");
    printf("Buffer: %s\n", buffer);
    free(buffer);
}
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <limits.h>

// SECURE: strtol with validation
void allocate_buffer(const char* size_str) {
    char* endptr;
    errno = 0;
    
    long size_long = strtol(size_str, &endptr, 10);
    
    // Check for parsing errors
    if (errno == ERANGE || size_long < 1 || size_long > INT_MAX) {
        printf("Invalid size\n");
        return;
    }
    
    // Check entire string was consumed
    if (endptr == size_str || *endptr != '\0') {
        printf("Invalid format\n");
        return;
    }
    
    int size = (int)size_long;
    char* buffer = malloc(size);
    if (!buffer) {
        return;
    }
    
    strcpy(buffer, "data");
    printf("Buffer: %s\n", buffer);
    free(buffer);
}

💡 Why This Fix Works

The vulnerable code uses atoi() which returns 0 on parse errors, leading to malloc(0) and potential buffer overflow. The secure version uses strtol() with proper error checking via errno, validates the range, and ensures the entire string was consumed.

Why it happens

Using atoi to parse size parameters for memory allocation without validating the result or checking for overflow conditions.

Root causes

atoi Used for Size and Memory Allocation Calculations

Using atoi to parse size parameters for memory allocation without validating the result or checking for overflow conditions.

Authentication and Access Control Logic Using atoi

Security-critical code that uses atoi for parsing user IDs or permission levels without proper validation.

Network Protocol Parsing with atoi

Network applications using atoi to parse port numbers, packet sizes, or protocol parameters without validation.

Fixes

1

Replace atoi with strtol and Error Checking

Use strtol, strtoll, or strtoul functions which provide error reporting through errno and end pointer validation.

2

Validate Parsed Values Against Expected Range

Always validate that parsed integers fall within the expected range for your application logic.

3

Check for Complete String Consumption

Verify that the entire input string was consumed during parsing to detect trailing invalid characters.

Detect This Vulnerability in Your Code

Sourcery automatically identifies information disclosure from undefined integer conversions via atoi family in c and many other security issues in your codebase.

Scan Your Code for Free Explore More Vulnerabilities