[metadata]
id = "POS30-C"
type = "rule"
category = "POS"
number = 30
title = "Use the readlink() function properly"
description = """
Thereadlink()function reads where a link points to. It makesnoeffort to null-
terminate its second argument,buffer. Instead, it just returns the number of
characters it has written. Iflenis equal tosizeof(buf), the null terminator is
written 1 byte past the end ofbuf: char buf[1024]; ssize_t len =
readlink("/usr/bin/perl", buf, sizeof(buf)); buf[len] = '\0';
"""
severity = "High"
likelihood = "Probable"
priority = "P18"
level = "L1"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 05, 2025"
[rules.cert_c.POS30-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/POS30-C.+Use+the+readlink%28%29+function+properly"
cwe = ["CWE-170"]