Assigning instead of comparing

From OWASP
Revision as of 06:31, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[http://s1.shard.jp/bireba/nortonantivirus.html mac afee antivirus ] [http://s1.shard.jp/galeach/new89.html asiago bread cheese ] [http://s1.shard.jp/galeach/new170.html asian american poem ] 4+4 auto trader nz [http://s1.shard.jp/frhorton/hwct2dcpc.html africa development foundation ] [http://s1.shard.jp/frhorton/7fqgy22i2.html poison control south africa ] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html auto sales web sites ] [http://s1.shard.jp/bireba/error-1920service.html trend antivirus scan ] [http://s1.shard.jp/bireba/antivirus-tests.html rating antivirus software ] [http://s1.shard.jp/frhorton/rkgv2463v.html cold war africa ] [http://s1.shard.jp/olharder/seiko-titanium-kinetic.html autoway lincoln ] [http://s1.shard.jp/losaul/australian-walkabout.html water coolers australia ] index [http://s1.shard.jp/bireba/norton-antivirus.html ravantivirus ] [http://s1.shard.jp/losaul/polo-photography.html australian university league ] [http://s1.shard.jp/losaul/south-african.html cheap air flight australia ] webmap [http://s1.shard.jp/losaul/australia-british.html elder australia ] [http://s1.shard.jp/bireba/avg-60-antivirus.html antivirus checkup ] [http://s1.shard.jp/bireba/nod-antivirus.html symantec antivirus 9.0.3 ] [http://s1.shard.jp/bireba/computer-associates.html i run my antivirus and the computer shuts down ] [http://s1.shard.jp/olharder/autobiography.html auto sales training magazine ] [http://s1.shard.jp/bireba/top-ten-antivirus.html uninstall norton antivirus corporate ] [http://s1.shard.jp/losaul/2004-australian.html exploring australia ] [http://s1.shard.jp/frhorton/kvvijfhfe.html african american easter sunday art ] [http://s1.shard.jp/bireba/avg-antivirus-7.html norton antivirus 2005 download warez ] [http://s1.shard.jp/galeach/new107.html submissive asian women ] [http://s1.shard.jp/galeach/new181.html sonera asiakaspalvelu ] [http://s1.shard.jp/losaul/australian-emus.html was fought primarily by australian troops ] [http://s1.shard.jp/galeach/new56.html longest asian river ] [http://s1.shard.jp/losaul/redfern-sydney.html drive.com australia ] [http://s1.shard.jp/frhorton/xn61tpox7.html african designs clip art ] [http://s1.shard.jp/galeach/new178.html international calling card to africa asia ] [http://s1.shard.jp/olharder/history-of-automobile.html auto ballenger ] [http://s1.shard.jp/olharder/autokillercom.html autopia disney ] asian cover duvet [http://s1.shard.jp/losaul/medical-textbooks.html backpacker melbourne australia ] [http://s1.shard.jp/bireba/cheap-norton-antivirus.html spy antivirus ] [http://s1.shard.jp/frhorton/nypq37a4u.html african grey pictures ] [http://s1.shard.jp/frhorton/qtlusvqfk.html african american gift ] [http://s1.shard.jp/frhorton/i13wxjnjb.html african nation flag ] [http://s1.shard.jp/galeach/new33.html asia girls.com ] [http://s1.shard.jp/losaul/tents-australia.html australia new zealand separator sea ] [http://s1.shard.jp/losaul/australian-landscape.html australian big brother 2003 ] [http://s1.shard.jp/frhorton/tqdtzy3e9.html www african masks ] [http://s1.shard.jp/olharder/what-is-autonomously.html automobile upholstery ] [http://s1.shard.jp/bireba/avg-antivirus.html uninstall norton antivirus corporate edition 9 ] [http://s1.shard.jp/bireba/avg-antivirus-software.html avg+antivirus+software ] panda free antivirus scan [http://s1.shard.jp/bireba/eztrust-antivirus.html bitdefender antivirus for file server ] http://www.texttrocactrrosi.com

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 05/26/2009

Vulnerabilities Table of Contents


Description

In many languages, the compare statement is very close in appearance to the assignment statement and are often confused.

This bug is generally a result of a typo and usually should cause obvious problems with program execution. If the comparison is in an if statement, the if statement will always return the value of the right-hand side variable.

Consequences

Unspecified.

Exposure period

  • Pre-design through Build: The use of tools to detect this problem is recommended.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack, or misuse, of mitigating technologies.

Platform

  • Languages: C, C++
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

Low


Risk Factors

TBD


Examples

In C/C++/Java:

void called(int foo){
        if (foo=1)  printf("foo\n");
}

int main(){
        called(2);
        return 0;
}


Related Attacks

TBD

Related Vulnerabilities

Related Controls

TBD

  • Control 1
  • Control 2
  • Pre-design: Through Build: Many IDEs and static analysis products will detect this problem.
  • Implementation: Place constants on the left. If one attempts to assign a constant with a variable, the compiler will of course produce an error.


Related Technical Impacts

TBD


References

TBD