Difference between revisions of "Misinterpreted function return value"

Jump to: navigation, search
Line 1: Line 1:
[[ASDR Table of Contents]]
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]

Revision as of 20:39, 20 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 02/20/2009

Vulnerabilities Table of Contents


If a function's return value is not properly checked, the function could have failed without proper acknowledgement.


  • Integrity: The data - which was produced as a result of an improperly checked return value of a function - could be in a bad state.

Exposure period

  • Requirements specification: The choice could be made to use a language that uses exceptions rather than return values to handle status.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack, or misuse, of mitigating technologies.


  • Languages: C or C++
  • Operating platforms: Any

Required resources




Likelihood of exploit


Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.

Risk Factors



In C/C++

    if (malloc(sizeof(int*4) < 0 )
        perror("Failure"); //should have checked if the call returned 0

Related Attacks

Related Vulnerabilities

Related Controls

  • Requirements specification: Use a language or compiler that uses exceptions and requires the catching of those exceptions.
  • Implementation: Properly check all functions which return a value.
  • Implementation: When designing any function make sure you return a value or throw an exception in case of an error.

Related Technical Impacts