CWE-464 对数据结构哨兵域的增加

Addition of Data Structure Sentinel

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: High

基本描述

The accidental addition of a data-structure sentinel can cause serious programming logic problems.

扩展描述

Data-structure sentinels are often used to mark the structure of data. A common example of this is the null character at the end of strings or a special sentinel to mark the end of a linked list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the addition or modification of sentinels.

相关缺陷

• cwe_Nature: ChildOf cwe_CWE_ID: 138 cwe_View_ID: 1000 cwe_Ordinal: Primary

适用平台

Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

可能的缓解方案

['Implementation', 'Architecture and Design']

策略:

Encapsulate the user from interacting with data sentinels. Validate user input to verify that sentinels are not present.

Implementation

策略:

Proper error checking can reduce the risk of inadvertently introducing sentinel values into data. For example, if a parsing function fails or encounters an error, it might return a value that is the same as the sentinel.

Architecture and Design

策略:

Use an abstraction library to abstract away risky APIs. This is not a complete solution.

Operation

策略:

Use OS-level preventative functionality. This is not a complete solution.

示例代码

例

The following example assigns some character values to a list of characters and prints them each individually, and then as a string. The third character value is intended to be an integer taken from user input and converted to an int.

bad C

The first print statement will print each character separated by a space. However, if a non-integer is read from stdin by getc, then atoi will not make a conversion and return 0. When foo is printed as a string, the 0 at character foo[2] will act as a NULL terminator and foo[3] will never be printed.

分类映射

文章来源于互联网:scap中文网