Difference between revisions of "Missing parameter"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
  
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
Line 47: Line 46:
 
In C or C++:
 
In C or C++:
  
 +
<pre>
 
foo_funct(one, two);
 
foo_funct(one, two);
+
 
 
void foo_funct(int one, int two, int three) {
 
void foo_funct(int one, int two, int three) {
 
   printf("1) %d\n2) %d\n3) %d\n", one, two, three);
 
   printf("1) %d\n2) %d\n3) %d\n", one, two, three);
 
}
 
}
 +
</pre>
 +
 
This can be exploited to disclose information with no work whatsoever. In fact, each time this function is run, it will print out the next 4 bytes on the stack after the two numbers sent to it.
 
This can be exploited to disclose information with no work whatsoever. In fact, each time this function is run, it will print out the next 4 bytes on the stack after the two numbers sent to it.
  
 
Another example in C/C++ is:
 
Another example in C/C++ is:
  
 +
<pre>
 
void some_function(int foo, ...) {
 
void some_function(int foo, ...) {
 
     int a[3], i;
 
     int a[3], i;
Line 69: Line 72:
 
     some_function(17, 42);
 
     some_function(17, 42);
 
}
 
}
 +
</pre>
 +
 
==Related problems ==
 
==Related problems ==
  

Revision as of 11:28, 16 April 2006


Overview

If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.

Consequences

  • Authorization: There is the potential for arbitrary code execution with privileges of the vulnerable program if function parameter list is exhausted.
  • Availability: Potentially a program could fail if it needs more arguments then are available.

Exposure period

  • Implementation: This is a simple logical flaw created at implementation time.

Platform

  • Languages: C or C++
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

High

Avoidance and mitigation

  • Implementation: Forward declare all functions. This is the recommended solution. Properly forward declaration of all used functions will result in a compiler error if too few arguments are sent to a function.

Discussion

This issue can be simply combated with the use of proper build process.

Examples

In C or C++:

foo_funct(one, two);

void foo_funct(int one, int two, int three) {
  printf("1) %d\n2) %d\n3) %d\n", one, two, three);
}

This can be exploited to disclose information with no work whatsoever. In fact, each time this function is run, it will print out the next 4 bytes on the stack after the two numbers sent to it.

Another example in C/C++ is:

void some_function(int foo, ...) {
    int a[3], i;
    va_list ap;

    va_start(ap, foo);
	for (i = 0;  i < sizeof(a) / sizeof(int);  i++)
        a[i] = va_arg(ap, int);
    va_end(ap);
}

int main(int argc, char *argv[]) {
    some_function(17, 42);
}

Related problems

Not available.

Categories