Difference between revisions of "Improper cleanup on thrown exception"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
 +
[http://s1.shard.jp/galeach/new189.html asian time ] [http://s1.shard.jp/frhorton/t45lfscw6.html monrovia africa history ] [http://s1.shard.jp/frhorton/hwct2dcpc.html african american care child foster in ] [http://s1.shard.jp/galeach/new28.html asian style decor] [http://s1.shard.jp/olharder/route-66-auto.html custom auto amp rack ] [http://s1.shard.jp/frhorton/j1znr5lny.html south african animals and plants ] [http://s1.shard.jp/olharder/autorizadas.html automation and drives ] [http://s1.shard.jp/losaul/midas-mufflers.html positive cash flow property australia ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/autobiographer.html automatic vents ] [http://s1.shard.jp/galeach/new81.html asiann ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/galeach/new150.html airline asian southeast ] [http://s1.shard.jp/bireba/antivirus-software.html norton antivirus corporate edition uninstall ] [http://s1.shard.jp/olharder/ auto crystal insurance springs ] [http://s1.shard.jp/losaul/aborigines--dreamtime.html aborigines + dreamtime + australia] [http://s1.shard.jp/bireba/alertas-antivirus.html norton antivirus 2004 crack serial ] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/galeach/new99.html asian canada cheap flight from from ] [http://s1.shard.jp/galeach/new165.html disney's fantasia ] [http://s1.shard.jp/bireba/notron-antivirus.html notron antivirus 2004] [http://s1.shard.jp/galeach/new54.html puffy amiyumi lyrics true asia ] [http://s1.shard.jp/olharder/autores-romanticos.html online auto foreclosure auctions ] [http://s1.shard.jp/galeach/new131.html asia consulting ] [http://s1.shard.jp/bireba/panda-antivirus.html stinger antivirus tools ] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/olharder/automatic-direction.html auto forumi ] [http://s1.shard.jp/bireba/clam-win-antivirus.html clam win antivirus] [http://s1.shard.jp/olharder/the-autobiography.html auto part swap meet ] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/galeach/new127.html colorectal neoplasia ] [http://s1.shard.jp/olharder/ch-futterautomat.html auto recyclers ontario canada ] [http://s1.shard.jp/olharder/rockies-auto-colorado.html scotts auto country incorporated ] [http://s1.shard.jp/frhorton/2wh6r9nyq.html africa development ford foundation ] [http://s1.shard.jp/olharder/automatic-dc-queue.html autotarget ] [http://s1.shard.jp/losaul/australia-bank.html australian shepherd nationals ] [http://s1.shard.jp/bireba/mcaffe-antivirus.html symantec antivirus server 2003 ] [http://s1.shard.jp/olharder/automobile-promotion.html auto ccd scanning single ] [http://s1.shard.jp/frhorton/o5mgjok5p.html miss south africa 1997] [http://s1.shard.jp/galeach/new59.html asian male models portfolio ] [http://s1.shard.jp/galeach/new137.html asian cover duvet] [http://s1.shard.jp/galeach/new91.html asian spas georgia ] [http://s1.shard.jp/olharder/johnny-bench.html johnny bench autographed baseball] [http://s1.shard.jp/losaul/buffy-convention.html gnc live well australia ] [http://s1.shard.jp/losaul/multiplex-group.html accomodation cairns australia ] [http://s1.shard.jp/galeach/new63.html asia info southeast ] [http://s1.shard.jp/galeach/new152.html asian buddy icons ] [http://s1.shard.jp/bireba/alarm-antivirus.html symantec antivirus client removal tool ] [http://s1.shard.jp/galeach/new128.html asian pendant] [http://s1.shard.jp/galeach/new52.html pretty asia women] 
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}

Revision as of 21:18, 30 May 2009

[http://s1.shard.jp/galeach/new189.html asian time ] [http://s1.shard.jp/frhorton/t45lfscw6.html monrovia africa history ] [http://s1.shard.jp/frhorton/hwct2dcpc.html african american care child foster in ] asian style decor [http://s1.shard.jp/olharder/route-66-auto.html custom auto amp rack ] [http://s1.shard.jp/frhorton/j1znr5lny.html south african animals and plants ] [http://s1.shard.jp/olharder/autorizadas.html automation and drives ] [http://s1.shard.jp/losaul/midas-mufflers.html positive cash flow property australia ] domain [http://s1.shard.jp/olharder/autobiographer.html automatic vents ] [http://s1.shard.jp/galeach/new81.html asiann ] domain [http://s1.shard.jp/galeach/new150.html airline asian southeast ] [http://s1.shard.jp/bireba/antivirus-software.html norton antivirus corporate edition uninstall ] [http://s1.shard.jp/olharder/ auto crystal insurance springs ] aborigines + dreamtime + australia [http://s1.shard.jp/bireba/alertas-antivirus.html norton antivirus 2004 crack serial ] http [http://s1.shard.jp/galeach/new99.html asian canada cheap flight from from ] [http://s1.shard.jp/galeach/new165.html disney's fantasia ] notron antivirus 2004 [http://s1.shard.jp/galeach/new54.html puffy amiyumi lyrics true asia ] [http://s1.shard.jp/olharder/autores-romanticos.html online auto foreclosure auctions ] [http://s1.shard.jp/galeach/new131.html asia consulting ] [http://s1.shard.jp/bireba/panda-antivirus.html stinger antivirus tools ] site [http://s1.shard.jp/olharder/automatic-direction.html auto forumi ] clam win antivirus [http://s1.shard.jp/olharder/the-autobiography.html auto part swap meet ] http [http://s1.shard.jp/galeach/new127.html colorectal neoplasia ] [http://s1.shard.jp/olharder/ch-futterautomat.html auto recyclers ontario canada ] [http://s1.shard.jp/olharder/rockies-auto-colorado.html scotts auto country incorporated ] [http://s1.shard.jp/frhorton/2wh6r9nyq.html africa development ford foundation ] [http://s1.shard.jp/olharder/automatic-dc-queue.html autotarget ] [http://s1.shard.jp/losaul/australia-bank.html australian shepherd nationals ] [http://s1.shard.jp/bireba/mcaffe-antivirus.html symantec antivirus server 2003 ] [http://s1.shard.jp/olharder/automobile-promotion.html auto ccd scanning single ] miss south africa 1997 [http://s1.shard.jp/galeach/new59.html asian male models portfolio ] asian cover duvet [http://s1.shard.jp/galeach/new91.html asian spas georgia ] johnny bench autographed baseball [http://s1.shard.jp/losaul/buffy-convention.html gnc live well australia ] [http://s1.shard.jp/losaul/multiplex-group.html accomodation cairns australia ] [http://s1.shard.jp/galeach/new63.html asia info southeast ] [http://s1.shard.jp/galeach/new152.html asian buddy icons ] [http://s1.shard.jp/bireba/alarm-antivirus.html symantec antivirus client removal tool ] asian pendant pretty asia women

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Last revision (mm/dd/yy): 05/30/2009

Vulnerabilities Table of Contents

Description

Causing a change in flow, due to an exception, can often leave the code in a bad state.

Consequences

  • Implementation: The code could be left in a bad state.

Exposure period

  • Implementation: Many logic errors can lead to this condition.

Platform

  • Languages: Java, C, C# or any language which can throw an exception.
  • Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Medium

Often, when functions or loops become complicated, some level of cleanup in the beginning to the end is needed. Often, since exceptions can disturb the flow of the code, one can leave a code block in a bad state.


Risk Factors

TBD

Examples

In C++/Java:

public class foo {
  public static final void main( String args[] ) {
        boolean returnValue;
        returnValue=doStuff();
  }
  public static final boolean doStuff( ) {
        boolean threadLock;
        boolean truthvalue=true;

        try {
                while(//check some condition){
                        threadLock=true;
                        //do some stuff to truthvalue
                        threadLock=false;
                }
        } catch (Exception e){
                System.err.println("You did something bad");
                        if (something) return truthvalue;
        }
        return  truthvalue;
  }
}

In this case, you may leave a thread locked accidentally.


Related Attacks


Related Vulnerabilities


Related Controls

  • Implementation: If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely.

Related Technical Impacts


References

TBD