Undefined Behavior

Thank you for visiting OWASP.org. We have migrated our community to a new web platform and regretably the content for this page needed to be programmatically ported from its previous wiki page. There’s still some work to be done.

Description

The behavior of this function is undefined unless its control parameter is set to a specific value.

The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [1]. If the constraints are not met, the behavior of the functions is not defined.

It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met:

The value 1 must be passed to the third parameter (the version number) of the following file system function:

    __xmknod

The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions:

    __wcstod_internal
    __wcstof_internal
    __wcstol_internal
    __wcstold_internal
    __wcstoul_internal

The value 3 must be passed as the first parameter (the version number) of the following file system functions:

    __xstat
    __lxstat
    __fxstat
    __xstat64
    __lxstat64
    __fxstat64

Risk Factors

TBD

Examples

Short example name

- A short example description, small picture, or sample code with links

Short example name

- A short example description, small picture, or sample code with links

References

[[Category:FIXME add links

In addition, one should classify vulnerability based on the following subcategories: Ex:[[Category:Error_Handling_Vulnerability|Category:Error Handling Vulnerability]]

Availability Vulnerability

Authorization Vulnerability

Authentication Vulnerability

Concurrency Vulnerability

Configuration Vulnerability

Cryptographic Vulnerability

Encoding Vulnerability

Error Handling Vulnerability

Input Validation Vulnerability

Logging and Auditing Vulnerability

Session Management Vulnerability]]

NOTOC

Category:OWASP ASDR Project Category:General Logic Error Vulnerability Category:Code Quality Vulnerability Category:Unix Category:Vulnerability