Difference between revisions of "Failure to account for default case in switch"

From OWASP
Jump to: navigation, search
(Related Controls)
Line 85: Line 85:
  
 
* Implementation: Ensure that there are no unaccounted for cases, when adjusting flow or values based on the value of a given variable. In switch statements, this can be accomplished through the use of the default label.
 
* Implementation: Ensure that there are no unaccounted for cases, when adjusting flow or values based on the value of a given variable. In switch statements, this can be accomplished through the use of the default label.
 
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
 
 
  
 
==Related [[Technical Impacts]]==
 
==Related [[Technical Impacts]]==

Revision as of 19:53, 23 September 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 09/23/2008

Vulnerabilities Table of Contents

ASDR Table of Contents


Description

The failure to account for the default case in switch statements may lead to complex logical errors and may aid in other, unexpected security-related conditions.

Consequences

Undefined: Depending on the logical circumstances involved, any consequences may result: e.g., issues of confidentiality, authentication, authorization, availability, integrity, accountability, or non-repudiation.

Exposure period

Implementation: This flaw is a simple logic issue, introduced entirely at implementation time.

Platform

  • Language: Any
  • Platform: Any

Required resources

Any

Severity

Undefined.

Likelihood of exploit

Undefined.

This flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are made based on poor information, and cascading failure results.

This cascading failure may result in any number of security issues, and constitutes a significant failure in the system. In the case of switch style statements, the very simple act of creating a default case can mitigate this situation, if done correctly.

Often however, the default cause is used simply to represent an assumed option, as opposed to working as a sanity check. This is poor practice and in some cases is as bad as omitting a default case entirely.


Risk Factors

TBD

Examples

In general, a safe switch statement has this form:

switch (value) {       
  case 'A':            
    printf("A!\n");            
    break;        
  case 'B':            
    printf("B!\n");            
    break;        
  default:            
    printf("Neither A nor B\n");    
}

This is because the assumption cannot be made that all possible cases are accounted for. A good practice is to reserve the default case for error handling.

Related Attacks


Related Vulnerabilities

  • Undefined: A logical flaw of this kind might lead to any number of other flaws.


Related Controls

  • Implementation: Ensure that there are no unaccounted for cases, when adjusting flow or values based on the value of a given variable. In switch statements, this can be accomplished through the use of the default label.

Related Technical Impacts


References

TBD