CWE-464 对数据结构哨兵域的增加
Addition of Data Structure Sentinel
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: High
基本描述
The accidental addition of a data-structure sentinel can cause serious programming logic problems.
扩展描述
Data-structure sentinels are often used to mark the structure of data. A common example of this is the null character at the end of strings or a special sentinel to mark the end of a linked list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the addition or modification of sentinels.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 138 cwe_View_ID: 1000 cwe_Ordinal: Primary
适用平台
Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}]
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Integrity | Modify Application Data | Generally this error will cause the data structure to not work properly by truncating the data. |
可能的缓解方案
['Implementation', 'Architecture and Design']
策略:
Encapsulate the user from interacting with data sentinels. Validate user input to verify that sentinels are not present.
Implementation
策略:
Proper error checking can reduce the risk of inadvertently introducing sentinel values into data. For example, if a parsing function fails or encounters an error, it might return a value that is the same as the sentinel.
Architecture and Design
策略:
Use an abstraction library to abstract away risky APIs. This is not a complete solution.
Operation
策略:
Use OS-level preventative functionality. This is not a complete solution.
示例代码
例
The following example assigns some character values to a list of characters and prints them each individually, and then as a string. The third character value is intended to be an integer taken from user input and converted to an int.
bad C
foo=malloc(sizeof(char)5);
foo[0]='a';
foo[1]='a';
foo[2]=atoi(getc(stdin));
foo[3]='c';
foo[4]='�'
printf("%c %c %c %c %c n",foo[0],foo[1],foo[2],foo[3],foo[4]);
printf("%sn",foo);
The first print statement will print each character separated by a space. However, if a non-integer is read from stdin by getc, then atoi will not make a conversion and return 0. When foo is printed as a string, the 0 at character foo[2] will act as a NULL terminator and foo[3] will never be printed.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CLASP | Addition of data-structure sentinel | ||
| CERT C Secure Coding | STR03-C | Do not inadvertently truncate a null-terminated byte string | |
| CERT C Secure Coding | STR06-C | Do not assume that strtok() leaves the parse string unchanged |
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论