Difference between revisions of "Undefined Behavior"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 +
{{Template:Fortify}}
 +
 +
==Abstract==
 +
 +
The behavior of this function is undefined unless its control parameter is set to a specific value.
  
 
==Description==
 
==Description==
 +
 +
The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [1]. If the constraints are not met, the behavior of the functions is not defined.
 +
 +
It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met:
 +
 +
The value 1 must be passed to the third parameter (the version number) of the following file system function:
 +
 +
<pre>
 +
__xmknod
 +
</pre>
 +
 +
The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions:
 +
 +
<pre>
 +
__wcstod_internal
 +
__wcstof_internal
 +
__wcstol_internal
 +
__wcstold_internal
 +
__wcstoul_internal
 +
</pre>
 +
 +
The value 3 must be passed as the first parameter (the version number) of the following file system functions:
 +
 +
<pre>
 +
__xstat
 +
__lxstat
 +
__fxstat
 +
__xstat64
 +
__lxstat64
 +
__fxstat64
 +
 +
</pre>
  
 
==Examples ==
 
==Examples ==
Line 13: Line 50:
 
==Related Countermeasures==
 
==Related Countermeasures==
  
==Categories==
+
==References==
  
{{Template:Stub}}
+
[1] The Linux Standard Base Specification 2.0.1, Interfaces Definitions for libc. http://www.linuxbase.org/spec/refspecs/LSB_1.2.0/gLSB/libcman.html.
 +
 
 +
==Categories==
  
 
[[Category:General Logic Error Vulnerability]]
 
[[Category:General Logic Error Vulnerability]]
 +
 +
[[Category:Code Quality Vulnerability]]
 +
 +
[[Category:Code Snippet]]
 +
 +
[[Category:Unix]]

Revision as of 10:06, 21 July 2006

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

Abstract

The behavior of this function is undefined unless its control parameter is set to a specific value.

Description

The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [1]. If the constraints are not met, the behavior of the functions is not defined.

It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met:

The value 1 must be passed to the third parameter (the version number) of the following file system function:

	__xmknod

The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions:

	__wcstod_internal
	__wcstof_internal
	__wcstol_internal
	__wcstold_internal
	__wcstoul_internal

The value 3 must be passed as the first parameter (the version number) of the following file system functions:

	__xstat
	__lxstat
	__fxstat
	__xstat64
	__lxstat64
	__fxstat64

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

References

[1] The Linux Standard Base Specification 2.0.1, Interfaces Definitions for libc. http://www.linuxbase.org/spec/refspecs/LSB_1.2.0/gLSB/libcman.html.

Categories