All integer values originating from untrusted sources should be evaluated to determine whether there are identifiable upper and lower bounds. If so, these limits should be enforced by the interface. Anything that can be done to limit the input of excessively large or small integers should help prevent overflow and other type range errors. Furthermore, it is easier to find and correct input problems than it is to trace internal errors back to faulty inputs.
Non-Compliant Code example
In the following non-compliant code, a function that is assumed to be closely exposed to a user takes a size parameter to determine the size of a table to be created.
Code Block | ||
---|---|---|
| ||
int create_table(size_t size) {
char **table = malloc(size * sizeof(char *));
if(table == NULL) {
/* Handle error condition */
}
/* ... */
return 0;
}
|
However, since size
can be controlled by the user, it could be specified to be either large enough to consume large amounts of system resources and still succeed or large enough to cause the call to malloc()
to fail, which, depending on how error handling is implemented, may result in a denial of service condition.
Compliant Solution
This compliant solution defines a maximum size for the table to be created and verifies that the passed size parameter is within this range. Note that the size parameter is typed as size_t
and is by definition unsigned, thus, it need not be checked that it is negative (see INT01-A. Use size_t for all integer values representing the size of an object).
Code Block | ||
---|---|---|
| ||
enum { MAX_TABLE_SIZE = 256 };
int create_table(size_t size) {
char **table;
if(size > MAX_TABLE_SIZE) {
return -1;
}
table = malloc(size * sizeof(char *));
if(table == NULL) {
/* Handle error condition */
}
/* ... */
return 0;
}
|
Risk Assessment
Failing to enforce the limits on integer values can result in a denial of service condition.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
INT04-A | 2 1 (mediumlow) | 2 (probable) | 1 (high) | P4 P2 | L3 |
Related Vulnerabilities
...