Difference between revisions of "Improper cleanup on thrown exception"

Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
[http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/olharder/autosurf-site.html autodisconnect
] [http://s1.shard.jp/losaul/this-day-in-australian.html perth australia day skyworks 2005
] [http://s1.shard.jp/olharder/3-auto-geneva.html auto compressor man
] [http://s1.shard.jp/frhorton/hwct2dcpc.html africa safari club
] [http://s1.shard.jp/galeach/new118.html postini asia content filtering
] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/galeach/new35.html asia logistics post production
] [http://s1.shard.jp/bireba/antivirus-freeware.html winantivirus.com
] [http://s1.shard.jp/losaul/save-the-children.html save the children australia] [http://s1.shard.jp/losaul/real-estate.html thewestaustralian
] [http://s1.shard.jp/losaul/wiremesh-australia.html school holidays australia 2006
] [http://s1.shard.jp/galeach/new163.html asianbookie .com] [http://s1.shard.jp/bireba/symantec-antivirus.html pc cillin antivirus updates
] [http://s1.shard.jp/olharder/siemens-automotive.html auto buy now
] [http://s1.shard.jp/olharder/arena-auto-auction.html dobbs tire auto
] [http://s1.shard.jp/bireba/download-symantec.html norton antivirus live update download
] [http://s1.shard.jp/losaul/australia-behringer.html carlton crest hotel melbourne australia
] [http://s1.shard.jp/olharder/ontario-auto-insurance.html autos imports
] [http://s1.shard.jp/frhorton/ru5u87lsh.html african marriage ritual
] [http://s1.shard.jp/losaul/idp-australia.html idp australia education] [http://s1.shard.jp/frhorton/ds9o5dtz4.html african cooking
] [http://s1.shard.jp/losaul/seven-nightclub.html teaching hospitals australia
] [http://s1.shard.jp/olharder/the-home-auto.html presto auto loan
] [http://s1.shard.jp/frhorton/dxtxzjkte.html south africa brazil travel agents] [http://s1.shard.jp/bireba/noton-antivirus.html crack for avg antivirus 7.0
] [http://s1.shard.jp/frhorton/wlyxxgvnc.html biomes of south africa
] [http://s1.shard.jp/frhorton/tiwomyd3z.html african gray parrots
] [http://s1.shard.jp/galeach/new82.html asia directory religion s.net spain travel travel
] [http://s1.shard.jp/galeach/new95.html australasia capital east europe far international morgan stanley
] [http://s1.shard.jp/olharder/autonomy-principal.html autotext filename
] [http://s1.shard.jp/frhorton/kqcuriisf.html africa hire in oil refinery
] [http://s1.shard.jp/losaul/jamberoo-recreation.html australian open mens
] [http://s1.shard.jp/frhorton/h4xwn2n8q.html teaching about africa
] [http://s1.shard.jp/losaul/australian-gold.html mcgraw hill book company australia
] [http://s1.shard.jp/frhorton/yrru8gs2g.html percentage of aids in africa
] [http://s1.shard.jp/frhorton/8fsjs64q2.html east african airlines] [http://s1.shard.jp/olharder/lisa-lopez-autopsy.html auto renault
] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/bireba/microworld-antivirus.html lu1848 norton antivirus
] [http://s1.shard.jp/frhorton/z7u5veip8.html africa west coast highest mountain
] [http://s1.shard.jp/olharder/what-is-autonomously.html northwest idaho auto trader magazine
] [http://s1.shard.jp/galeach/new37.html influential asian americans
] [http://s1.shard.jp/galeach/new17.html asiafriendfinder.com dating go p143923.subasian
] [http://s1.shard.jp/losaul/email-directory.html cable beach resort broome western australia
] [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus live update not working
] [http://s1.shard.jp/frhorton/lmi1tnyfh.html africa mask
] [http://s1.shard.jp/bireba/avast-free-antivirus.html the sheild pro antivirus for macintosh
] [http://s1.shard.jp/galeach/new94.html trammel crow asian art

Revision as of 10:00, 27 May 2009


This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/27/2009

Vulnerabilities Table of Contents


Causing a change in flow, due to an exception, can often leave the code in a bad state.


  • Implementation: The code could be left in a bad state.

Exposure period

  • Implementation: Many logic errors can lead to this condition.


  • Languages: Java, C, C# or any language which can throw an exception.
  • Operating platforms: Any

Required resources




Likelihood of exploit


Often, when functions or loops become complicated, some level of cleanup in the beginning to the end is needed. Often, since exceptions can disturb the flow of the code, one can leave a code block in a bad state.

Risk Factors



In C++/Java:

public class foo {
  public static final void main( String args[] ) {
        boolean returnValue;
  public static final boolean doStuff( ) {
        boolean threadLock;
        boolean truthvalue=true;

        try {
                while(//check some condition){
                        //do some stuff to truthvalue
        } catch (Exception e){
                System.err.println("You did something bad");
                        if (something) return truthvalue;
        return  truthvalue;

In this case, you may leave a thread locked accidentally.

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely.

Related Technical Impacts