Assigning instead of comparing

From OWASP
Revision as of 20:19, 30 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[http://s1.shard.jp/frhorton/t45lfscw6.html africa+population growth ] [http://s1.shard.jp/olharder/automatic-bread.html automotive chameleon paint changes purple to aqua ] [http://s1.shard.jp/galeach/new98.html asia food industry ] [http://s1.shard.jp/losaul/australian-photography.html bridal gown australia ] [http://s1.shard.jp/galeach/new123.html asian bi ling model ] gospel for asia ministry [http://s1.shard.jp/galeach/new110.html asian model petite ] [http://s1.shard.jp/losaul/australian-residency.html australia fiji island map ] [http://s1.shard.jp/galeach/new188.html anastasia web.com ] [http://s1.shard.jp/bireba/disable-norton.html nortan antivirus 2005 activation key ] [http://s1.shard.jp/olharder/automotive-tool.html auto bank repossessions ] [http://s1.shard.jp/galeach/new86.html camtasia studio 2.1.2 crack ] [http://s1.shard.jp/frhorton/y8fj1syi7.html african baskets history ] [http://s1.shard.jp/bireba/ca-etrust-antivirus.html top rated antivirus/antispyware security software 2006 ] link [http://s1.shard.jp/olharder/gxautos.html autowatch alarms ] [http://s1.shard.jp/losaul/australian-music.html hunters hill sydney australia ] [http://s1.shard.jp/bireba/norton-antivirus.html grisofts avg antivirus ] [http://s1.shard.jp/frhorton/kcixkr2qy.html africa airport bloemfontein code hertzog jbm south ] [http://s1.shard.jp/bireba/latest-antivirus.html pc cillin antivirus updates ] [http://s1.shard.jp/bireba/top-ten-antivirus.html antivirus software information ] domain [http://s1.shard.jp/frhorton/kvvijfhfe.html blank pictures of animals from africa ] [http://s1.shard.jp/galeach/new184.html dysplasia in humans ] [http://s1.shard.jp/losaul/compare-flights.html australia craft supply ] site [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus software download free ] [http://s1.shard.jp/olharder/map.html ricciardi auto sales ] map [http://s1.shard.jp/olharder/automatic-dc-queue.html auto cad piping software ] [http://s1.shard.jp/losaul/sai-global-australia.html australian music schools ] [http://s1.shard.jp/losaul/computer-pals.html baby monitor australia ] [http://s1.shard.jp/galeach/new34.html congentital adrenal hyperplasia ] index [http://s1.shard.jp/frhorton/h4xwn2n8q.html african american church family ] [http://s1.shard.jp/frhorton/smui5er3r.html south africa sports tv ] school camps south australia [http://s1.shard.jp/galeach/new63.html asian american heritage week ] [http://s1.shard.jp/frhorton/nluldpiwy.html south african white wines ] bubble asians.com [http://s1.shard.jp/bireba/download-norton.html remove norton antivirus corporate 7 ] [http://s1.shard.jp/olharder/subasta-de-autos.html mobile auto desk ] [http://s1.shard.jp/galeach/new85.html asian hot spread ] [http://s1.shard.jp/bireba/review-zone-alarm.html panda antivirus platinum 7.05.03 crack ] [http://s1.shard.jp/losaul/australia-from.html radio station in australia ] [http://s1.shard.jp/losaul/ladies-fashion.html uk jobs for australians ] [http://s1.shard.jp/olharder/download-autoroute.html auto works cited ] top [http://s1.shard.jp/galeach/new94.html walt disney's fantasia ]

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 05/30/2009

Vulnerabilities Table of Contents


Description

In many languages, the compare statement is very close in appearance to the assignment statement and are often confused.

This bug is generally a result of a typo and usually should cause obvious problems with program execution. If the comparison is in an if statement, the if statement will always return the value of the right-hand side variable.

Consequences

Unspecified.

Exposure period

  • Pre-design through Build: The use of tools to detect this problem is recommended.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack, or misuse, of mitigating technologies.

Platform

  • Languages: C, C++
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

Low


Risk Factors

TBD


Examples

In C/C++/Java:

void called(int foo){
        if (foo=1)  printf("foo\n");
}

int main(){
        called(2);
        return 0;
}


Related Attacks

TBD

Related Vulnerabilities

Related Controls

TBD

  • Control 1
  • Control 2
  • Pre-design: Through Build: Many IDEs and static analysis products will detect this problem.
  • Implementation: Place constants on the left. If one attempts to assign a constant with a variable, the compiler will of course produce an error.


Related Technical Impacts

TBD


References

TBD