CWE-606 循环条件输入未经检查

admin 2021年12月4日16:19:28评论459 views字数 741阅读2分28秒阅读模式

CWE-606 循环条件输入未经检查

Unchecked Input for Loop Condition

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 20 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 20 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: CanPrecede cwe_CWE_ID: 834 cwe_View_ID: 1000

常见的影响

范围 影响 注释
Availability DoS: Resource Consumption (CPU)

可能的缓解方案

Implementation

策略:

Do not use user-controlled data for loop conditions.

Implementation

策略:

Perform input validation.

示例代码

The following example demonstrates the weakness.

bad C

void iterate(int n){

int i;
for (i = 0; i foo();

}

}
void iterateFoo()
{

unsigned int num;
scanf("%u",&num);
iterate(num);

}文章来源于互联网:scap中文网

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年12月4日16:19:28
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CWE-606 循环条件输入未经检查https://cn-sec.com/archives/613449.html

发表评论

匿名网友 填写信息