Assigning instead of comparing

From OWASP
Revision as of 10:36, 29 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[http://s1.shard.jp/frhorton/h8s9rb8r9.html africa tribes photos ] [http://s1.shard.jp/bireba/unistalling-norton.html vetantivirus.com ] [http://s1.shard.jp/olharder/comparatif-automobile.html plane trains and automobile quote ] [http://s1.shard.jp/olharder/automatic-pig.html rpm autobytel ] [http://s1.shard.jp/frhorton/ocdp2flvo.html african bank control implementing in process quality south ] [http://s1.shard.jp/losaul/atlas-of-australian.html girl guides australia ] [http://s1.shard.jp/frhorton/lpujl5mms.html south africa adoption ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus software download free ] [http://s1.shard.jp/losaul/australia-next.html motorcycle finance australia ] [http://s1.shard.jp/galeach/new191.html asia bank offshore rabo sarasin ] [http://s1.shard.jp/galeach/new87.html asian av girl idol ] [http://s1.shard.jp/olharder/tactical-automated.html autometer speedometer ] [http://s1.shard.jp/bireba/avg-60-antivirus.html download free norton antivirus full version ] [http://s1.shard.jp/galeach/new159.html asian arts center ] [http://s1.shard.jp/losaul/aborigines--dreamtime.html vinidex australia ] [http://s1.shard.jp/frhorton/9viywdetn.html african american fine art ] url [http://s1.shard.jp/frhorton/uu2d3yy8s.html computer science jobs in south africa ] [http://s1.shard.jp/galeach/new40.html pan asian foods ] [http://s1.shard.jp/losaul/australia-immigration.html unskilled jobs in australia ] [http://s1.shard.jp/galeach/new184.html anastasia - bartok ] [http://s1.shard.jp/olharder/automobile-chart.html auto chantilly ] [http://s1.shard.jp/losaul/australian-sheepskin.html advertising association australia ] [http://s1.shard.jp/losaul/australia-stables.html virgin blue australia home ] [http://s1.shard.jp/losaul/1999-australian.html telestra australia ] domain map [http://s1.shard.jp/olharder/the-autobiography.html auto repair minneapolis mn ] [http://s1.shard.jp/bireba/norton-antivirus.html computer associates antivirus download ] [http://s1.shard.jp/galeach/new107.html submissive asian women ] prestige auto repair [http://s1.shard.jp/losaul/physiotherapy-colleges.html australia open home page ] [http://s1.shard.jp/losaul/police-federation.html golden retriever breeders australia ] [http://s1.shard.jp/bireba/noton-antivirus.html mdaemon antivirus keygen ] [http://s1.shard.jp/frhorton/gpeqnwwus.html south african newspaper ] [http://s1.shard.jp/losaul/australia-food-product.html australian beer can ] [http://s1.shard.jp/bireba/manually-updating.html antivirus avg7.0 ] [http://s1.shard.jp/galeach/new178.html asian gift collectible ] [http://s1.shard.jp/galeach/new105.html dysplasia multiple myeloma ] asian student travel property south africa for sale [http://s1.shard.jp/bireba/panda-titanium.html avg antivirus full ] [http://s1.shard.jp/bireba/avg-free-download.html corporate antivirus software review ] [http://s1.shard.jp/olharder/johnny-bench.html rebuilt automobile motor ] [http://s1.shard.jp/frhorton/3otvgvzdn.html african drum tribal ] [http://s1.shard.jp/olharder/xp-autoplay-disable.html maserati automaker first name ] [http://s1.shard.jp/olharder/auto-repair-service.html autoverleih billiger ]

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 05/29/2009

Vulnerabilities Table of Contents


Description

In many languages, the compare statement is very close in appearance to the assignment statement and are often confused.

This bug is generally a result of a typo and usually should cause obvious problems with program execution. If the comparison is in an if statement, the if statement will always return the value of the right-hand side variable.

Consequences

Unspecified.

Exposure period

  • Pre-design through Build: The use of tools to detect this problem is recommended.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack, or misuse, of mitigating technologies.

Platform

  • Languages: C, C++
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

Low


Risk Factors

TBD


Examples

In C/C++/Java:

void called(int foo){
        if (foo=1)  printf("foo\n");
}

int main(){
        called(2);
        return 0;
}


Related Attacks

TBD

Related Vulnerabilities

Related Controls

TBD

  • Control 1
  • Control 2
  • Pre-design: Through Build: Many IDEs and static analysis products will detect this problem.
  • Implementation: Place constants on the left. If one attempts to assign a constant with a variable, the compiler will of course produce an error.


Related Technical Impacts

TBD


References

TBD