CWE-468 不正确的指针放大

Incorrect Pointer Scaling

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: Medium

基本描述

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 682 cwe_View_ID: 1000 cwe_Ordinal: Primary

适用平台

Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Memory', 'Modify Memory'] Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read.

可能的缓解方案

Architecture and Design

策略:

Use a platform with high-level memory abstractions.

Implementation

策略:

Always use array indexing instead of direct pointer manipulation.

Architecture and Design

策略:

Use technologies for preventing buffer overflows.

示例代码

This example attempts to calculate the position of the second byte of a pointer.

bad C

int p = x;
char * second_char = (char
)(p + 1);

In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CLASP Unintentional pointer scaling
CERT C Secure Coding ARR39-C Exact Do not add or subtract a scaled integer to a pointer
CERT C Secure Coding EXP08-C Ensure pointer arithmetic is used correctly
Software Fault Patterns SFP1 Glitch in computation

引用