Difference between revisions of "Ignored function return value"

From OWASP
Jump to: navigation, search
Line 57: Line 57:
 
Not available.
 
Not available.
  
==Categories ==
 
  
 
[[Category:Vulnerability]]
 
[[Category:Vulnerability]]

Revision as of 23:12, 27 May 2006


Overview

If a functions return value is not checked, it could have failed without any warning.

Consequences

  • Integrity: The data which was produced as a result of a function could be in a bad state.

Exposure period

Implementation: This flaw is a simple logic issue, introduced entirely at implementation time.

Platform

  • Languages: C or C++
  • Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Low

Avoidance and mitigation

  • Implementation: Check all functions which return a value
  • Implementation: When designing any function make sure you return a value or throw an exception in case of an error
  • discussion

Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function

Example

In C/C++:

malloc(sizeof(int)*4);

In Java:

Although some Java members may use return values to state their status, it is preferable to use exceptions.

Related problems

Not available.