Difference between revisions of "Addition of data-structure sentinel"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
<br>
 
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]
[[ASDR Table of Contents]]__TOC__
+
__TOC__
  
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
==Overview==
+
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
  
 +
[[ASDR Table of Contents]]
 +
 +
==Description==
 +
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
 
The accidental addition of a data-structure sentinel can cause serious programming logic problems.
 
The accidental addition of a data-structure sentinel can cause serious programming logic problems.
  
==Consequences ==
+
'''Consequences'''
  
 
* Availability: Generally this error will cause the data structure to not work properly by truncating the data.
 
* Availability: Generally this error will cause the data structure to not work properly by truncating the data.
  
==Exposure period ==
+
'''Exposure period'''
  
 
* Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
 
* Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
Line 22: Line 26:
 
* Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack of or misuse of mitigating technologies.
 
* Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack of or misuse of mitigating technologies.
  
==Platform ==
+
'''Platform'''
  
 
* Languages: C, C++, Fortran, Assembly
 
* Languages: C, C++, Fortran, Assembly
Line 28: Line 32:
 
* Operating platforms: All, although partial preventative measures may be deployed depending on environment.
 
* Operating platforms: All, although partial preventative measures may be deployed depending on environment.
  
==Required resources ==
+
'''Required resources'''
  
 
Any
 
Any
  
==Severity ==
+
'''Severity'''
  
 
Very High
 
Very High
  
==Likelihood of exploit ==
+
'''Likelihood of exploit'''
  
 
High to Very High
 
High to Very High
 
==Avoidance and mitigation ==
 
 
* Pre-design: Use a language or compiler that performs automatic bounds checking.
 
 
* Design: Use an abstraction library to abstract away risky APIs. Not a complete solution.
 
 
* Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice, and Microsoft Visual Studio / GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
 
 
* Operational: Use OS-level preventative functionality. Not a complete solution.
 
 
==Discussion ==
 
  
 
Data-structure sentinels are often used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list.
 
Data-structure sentinels are often used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list.
Line 58: Line 50:
 
By adding a sentinel, one potentially could cause data to be truncated early.
 
By adding a sentinel, one potentially could cause data to be truncated early.
  
==Examples ==
 
  
 +
 +
==Risk Factors==
 +
TBD
 +
 +
==Examples==
 
In C/C++:
 
In C/C++:
  
Line 72: Line 68:
 
printf("%s\n",foo);
 
printf("%s\n",foo);
 
</pre>
 
</pre>
 +
 +
==Related [[Attacks]]==
 +
TBD
 +
* [[Attack 1]]
 +
* [[Attack 2]]
 +
 +
 +
==Related [[Vulnerabilities]]==
 +
TBD
 +
* [[Vulnerability 1]]
 +
* [[Vulnerabiltiy 2]]
 +
 +
 +
==Related [[Controls]]==
 +
TBD
 +
* [[Control 1]]
 +
* [[Control 2]]
 +
 +
* Pre-design: Use a language or compiler that performs automatic bounds checking.
 +
 +
* Design: Use an abstraction library to abstract away risky APIs. Not a complete solution.
 +
 +
* Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice, and Microsoft Visual Studio / GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
 +
 +
* Operational: Use OS-level preventative functionality. Not a complete solution.
 +
 +
 +
 +
==Related [[Technical Impacts]]==
 +
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
 +
 +
 +
==References==
 +
TBD
 +
[[Category:FIXME|need links
 +
 +
 +
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 +
 +
Availability Vulnerability
 +
 +
Authorization Vulnerability
 +
 +
Authentication Vulnerability
 +
 +
Concurrency Vulnerability
 +
 +
Configuration Vulnerability
 +
 +
Cryptographic Vulnerability
 +
 +
Encoding Vulnerability
 +
 +
Error Handling Vulnerability
 +
 +
Input Validation Vulnerability
 +
 +
Logging and Auditing Vulnerability
 +
 +
Session Management Vulnerability]]
 +
 +
__NOTOC__
  
  

Revision as of 14:26, 21 September 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Contents


Last revision (mm/dd/yy): 09/21/2008

Vulnerabilities Table of Contents

ASDR Table of Contents

Description

The accidental addition of a data-structure sentinel can cause serious programming logic problems.

Consequences

  • Availability: Generally this error will cause the data structure to not work properly by truncating the data.

Exposure period

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Design: Mitigating technologies such as safe string libraries and container abstractions could be introduced.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack of or misuse of mitigating technologies.

Platform

  • Languages: C, C++, Fortran, Assembly
  • Operating platforms: All, although partial preventative measures may be deployed depending on environment.

Required resources

Any

Severity

Very High

Likelihood of exploit

High to Very High

Data-structure sentinels are often used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list.

It is, of course dangerous, to allow this type of control data to be easily accessible. Therefore, it is important to protect from the addition or modification outside of some wrapper interface which provides safety.

By adding a sentinel, one potentially could cause data to be truncated early.


Risk Factors

TBD

Examples

In C/C++:

char *foo;
foo=malloc(sizeof(char)*4);
foo[0]='a';
foo[1]='a';
foo[2]=0;
foo[3]='c';
printf("%c %c %c %c %c \n",foo[0],foo[1],foo[2],foo[3]);
printf("%s\n",foo);

Related Attacks

TBD


Related Vulnerabilities

TBD


Related Controls

TBD

  • Pre-design: Use a language or compiler that performs automatic bounds checking.
  • Design: Use an abstraction library to abstract away risky APIs. Not a complete solution.
  • Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice, and Microsoft Visual Studio / GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
  • Operational: Use OS-level preventative functionality. Not a complete solution.


Related Technical Impacts


References

TBD