Difference between revisions of "Failure to account for default case in switch"

Jump to: navigation, search
(Related Controls)
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
[[ASDR Table of Contents]]

Revision as of 19:40, 20 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 02/20/2009

Vulnerabilities Table of Contents


The failure to account for the default case in switch statements may lead to complex logical errors and may aid in other, unexpected security-related conditions.


Undefined: Depending on the logical circumstances involved, any consequences may result: e.g., issues of confidentiality, authentication, authorization, availability, integrity, accountability, or non-repudiation.

Exposure period

Implementation: This flaw is a simple logic issue, introduced entirely at implementation time.


  • Language: Any
  • Platform: Any

Required resources




Likelihood of exploit


This flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are made based on poor information, and cascading failure results.

This cascading failure may result in any number of security issues, and constitutes a significant failure in the system. In the case of switch style statements, the very simple act of creating a default case can mitigate this situation, if done correctly.

Often however, the default cause is used simply to represent an assumed option, as opposed to working as a sanity check. This is poor practice and in some cases is as bad as omitting a default case entirely.

Risk Factors



In general, a safe switch statement has this form:

switch (value) {       
  case 'A':            
  case 'B':            
    printf("Neither A nor B\n");    

This is because the assumption cannot be made that all possible cases are accounted for. A good practice is to reserve the default case for error handling.

Related Attacks

Related Vulnerabilities

  • Undefined: A logical flaw of this kind might lead to any number of other flaws.

Related Controls

  • Implementation: Ensure that there are no unaccounted for cases, when adjusting flow or values based on the value of a given variable. In switch statements, this can be accomplished through the use of the default label.

Related Technical Impacts