...
Wiki Markup |
---|
Data sanitization requires an understanding of the data being passed and the capabilities of the subsystem. John Viega and Matt Messier provide an example of an application that inputs an email address into a buffer and then uses this string as an argument in a call to {{system()}} \[[Viega 03|AA. C References#Viega 03]\]: |
Code Block | ||
---|---|---|
| ||
sprintf(buffer, "/bin/mail %s < /tmp/email", addr); system(buffer); |
...
Wiki Markup |
---|
This noncompliant code example is taken from \[[VU#881872|AA. C References#VU881872]\], a vulnerability in the Sun Solaris TELNET daemon ({{in.telnetd}}) that allows a remote attacker to log on to the system with elevated privileges. |
...
Wiki Markup |
---|
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 88|http://cwe.mitre.org/data/definitions/88.html], "Argument Injection or Modification," and [CWE ID 78|http://cwe.mitre.org/data/definitions/78.html], "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')" \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.6, "The system function" \[[Viega 03|AA. C References#Viega 03]\] |
...
07. Characters and Strings (STR) STR03-C. Do not inadvertently truncate a null-terminated byte string