Difference between revisions of "Undefined Behavior"

From OWASP
Jump to: navigation, search
Line 59: Line 59:
  
 
[[Category:Code Quality Vulnerability]]
 
[[Category:Code Quality Vulnerability]]
 
[[Category:Code Snippet]]
 
  
 
[[Category:Unix]]
 
[[Category:Unix]]

Revision as of 10:06, 21 July 2006

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

Abstract

The behavior of this function is undefined unless its control parameter is set to a specific value.

Description

The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [1]. If the constraints are not met, the behavior of the functions is not defined.

It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met:

The value 1 must be passed to the third parameter (the version number) of the following file system function:

	__xmknod

The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions:

	__wcstod_internal
	__wcstof_internal
	__wcstol_internal
	__wcstold_internal
	__wcstoul_internal

The value 3 must be passed as the first parameter (the version number) of the following file system functions:

	__xstat
	__lxstat
	__fxstat
	__xstat64
	__lxstat64
	__fxstat64

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

References

[1] The Linux Standard Base Specification 2.0.1, Interfaces Definitions for libc. http://www.linuxbase.org/spec/refspecs/LSB_1.2.0/gLSB/libcman.html.

Categories