Difference between revisions of "Improper cleanup on thrown exception"

From OWASP
Jump to: navigation, search
(Undo revision 62865 by BasacOlomo (Talk))
Line 1: Line 1:
 +
[http://s1.shard.jp/losaul/this-day-in-australian.html denmark western australia
 +
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/frhorton/ocdp2flvo.html african american independent film
 +
] [http://s1.shard.jp/olharder/kragen-auto.html auto restorer mag
 +
] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/losaul/taubman-paints.html decking design australia
 +
] [http://s1.shard.jp/frhorton/tyyykyebz.html africa aids in keep spreading why
 +
] [http://s1.shard.jp/frhorton/qtog167rl.html african consumer south statistics
 +
] [http://s1.shard.jp/frhorton/mxbohv5lf.html african party political south
 +
] [http://s1.shard.jp/bireba/mc-afee-antivirus.html ezantivirus reviews
 +
] [http://s1.shard.jp/olharder/autopilots-for.html andreas auto cheat game grand pc san theft
 +
] [http://s1.shard.jp/galeach/new49.html asian girl school tiny
 +
] [http://s1.shard.jp/frhorton/b9vqclfhc.html cotlands south africa
 +
] [http://s1.shard.jp/bireba/sonicwall-complete.html pc cillin antivirus 11
 +
] [http://s1.shard.jp/losaul/06-australia.html down under dive cairns australia
 +
] [http://s1.shard.jp/galeach/new88.html aphasia primary prognosis progressive
 +
] [http://s1.shard.jp/galeach/new38.html asian girl love
 +
] [http://s1.shard.jp/bireba/symantec-antivirus.html winantivirus.com
 +
] [http://s1.shard.jp/olharder/grand-theft-auto.html custom auto paint technique
 +
] [http://s1.shard.jp/galeach/new193.html asian girl guy white
 +
] [http://s1.shard.jp/galeach/new50.html african and asian elephants
 +
] [http://s1.shard.jp/olharder/car-ezautoshippersnet.html grand thieft auto 3
 +
] [http://s1.shard.jp/bireba/quickheal-antivirus.html panda antivirus online scan
 +
] [http://s1.shard.jp/bireba/antivirus-software.html symantec norton antivirus 2005 software
 +
] [http://s1.shard.jp/galeach/new195.html asia facts
 +
] [http://s1.shard.jp/frhorton/fjk2uyiwe.html phsical map of africa
 +
] [http://s1.shard.jp/frhorton/jxumdkxje.html institute of marketing management south africa
 +
] [http://s1.shard.jp/bireba/update-norton.html reviews antivirus programs
 +
] [http://s1.shard.jp/losaul/advanced-driver.html high court of australia
 +
] [http://s1.shard.jp/bireba/norton-antivirus.html antivirus for fedora core 2
 +
] [http://s1.shard.jp/bireba/map.html symantec antivirus corp 10.0] [http://s1.shard.jp/bireba/removing-norton.html antivirus spyware protection
 +
] [http://s1.shard.jp/bireba/alarm-zone-antivirus.html nortons antivirus crack
 +
] [http://s1.shard.jp/losaul/australian-capital.html australian capital reserve] [http://s1.shard.jp/losaul/australian-gold.html mcgraw hill book company australia
 +
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/galeach/new152.html asia.yahoo.com
 +
] [http://s1.shard.jp/olharder/lisa-lopez-autopsy.html auto sticker info
 +
] [http://s1.shard.jp/bireba/maafee-antivirus.html panda antivirus serial
 +
] [http://s1.shard.jp/bireba/antiviruscom.html per antivirus 9.10
 +
] [http://s1.shard.jp/losaul/microbiology.html mark strizic australian artists
 +
] [http://s1.shard.jp/losaul/car-importers-australia.html ingham australia
 +
] [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus crack 7.0.300
 +
] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/olharder/angeles-auto-body.html automobile engine pictures
 +
] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/bireba/eztrust-antivirus.html mcafee antivirus 2005 download
 +
] [http://s1.shard.jp/galeach/new192.html little ollies asian cafe
 +
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}

Revision as of 11:34, 29 May 2009

[http://s1.shard.jp/losaul/this-day-in-australian.html denmark western australia ] links [http://s1.shard.jp/frhorton/ocdp2flvo.html african american independent film ] [http://s1.shard.jp/olharder/kragen-auto.html auto restorer mag ] top [http://s1.shard.jp/losaul/taubman-paints.html decking design australia ] [http://s1.shard.jp/frhorton/tyyykyebz.html africa aids in keep spreading why ] [http://s1.shard.jp/frhorton/qtog167rl.html african consumer south statistics ] [http://s1.shard.jp/frhorton/mxbohv5lf.html african party political south ] [http://s1.shard.jp/bireba/mc-afee-antivirus.html ezantivirus reviews ] [http://s1.shard.jp/olharder/autopilots-for.html andreas auto cheat game grand pc san theft ] [http://s1.shard.jp/galeach/new49.html asian girl school tiny ] [http://s1.shard.jp/frhorton/b9vqclfhc.html cotlands south africa ] [http://s1.shard.jp/bireba/sonicwall-complete.html pc cillin antivirus 11 ] [http://s1.shard.jp/losaul/06-australia.html down under dive cairns australia ] [http://s1.shard.jp/galeach/new88.html aphasia primary prognosis progressive ] [http://s1.shard.jp/galeach/new38.html asian girl love ] [http://s1.shard.jp/bireba/symantec-antivirus.html winantivirus.com ] [http://s1.shard.jp/olharder/grand-theft-auto.html custom auto paint technique ] [http://s1.shard.jp/galeach/new193.html asian girl guy white ] [http://s1.shard.jp/galeach/new50.html african and asian elephants ] [http://s1.shard.jp/olharder/car-ezautoshippersnet.html grand thieft auto 3 ] [http://s1.shard.jp/bireba/quickheal-antivirus.html panda antivirus online scan ] [http://s1.shard.jp/bireba/antivirus-software.html symantec norton antivirus 2005 software ] [http://s1.shard.jp/galeach/new195.html asia facts ] [http://s1.shard.jp/frhorton/fjk2uyiwe.html phsical map of africa ] [http://s1.shard.jp/frhorton/jxumdkxje.html institute of marketing management south africa ] [http://s1.shard.jp/bireba/update-norton.html reviews antivirus programs ] [http://s1.shard.jp/losaul/advanced-driver.html high court of australia ] [http://s1.shard.jp/bireba/norton-antivirus.html antivirus for fedora core 2 ] symantec antivirus corp 10.0 [http://s1.shard.jp/bireba/removing-norton.html antivirus spyware protection ] [http://s1.shard.jp/bireba/alarm-zone-antivirus.html nortons antivirus crack ] australian capital reserve [http://s1.shard.jp/losaul/australian-gold.html mcgraw hill book company australia ] page [http://s1.shard.jp/galeach/new152.html asia.yahoo.com ] [http://s1.shard.jp/olharder/lisa-lopez-autopsy.html auto sticker info ] [http://s1.shard.jp/bireba/maafee-antivirus.html panda antivirus serial ] [http://s1.shard.jp/bireba/antiviruscom.html per antivirus 9.10 ] [http://s1.shard.jp/losaul/microbiology.html mark strizic australian artists ] [http://s1.shard.jp/losaul/car-importers-australia.html ingham australia ] [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus crack 7.0.300 ] link [http://s1.shard.jp/olharder/angeles-auto-body.html automobile engine pictures ] index [http://s1.shard.jp/bireba/eztrust-antivirus.html mcafee antivirus 2005 download ] [http://s1.shard.jp/galeach/new192.html little ollies asian cafe ]

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Last revision (mm/dd/yy): 05/29/2009

Vulnerabilities Table of Contents

Description

Causing a change in flow, due to an exception, can often leave the code in a bad state.

Consequences

  • Implementation: The code could be left in a bad state.

Exposure period

  • Implementation: Many logic errors can lead to this condition.

Platform

  • Languages: Java, C, C# or any language which can throw an exception.
  • Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Medium

Often, when functions or loops become complicated, some level of cleanup in the beginning to the end is needed. Often, since exceptions can disturb the flow of the code, one can leave a code block in a bad state.


Risk Factors

TBD

Examples

In C++/Java:

public class foo {
  public static final void main( String args[] ) {
        boolean returnValue;
        returnValue=doStuff();
  }
  public static final boolean doStuff( ) {
        boolean threadLock;
        boolean truthvalue=true;

        try {
                while(//check some condition){
                        threadLock=true;
                        //do some stuff to truthvalue
                        threadLock=false;
                }
        } catch (Exception e){
                System.err.println("You did something bad");
                        if (something) return truthvalue;
        }
        return  truthvalue;
  }
}

In this case, you may leave a thread locked accidentally.


Related Attacks


Related Vulnerabilities


Related Controls

  • Implementation: If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely.

Related Technical Impacts


References

TBD