...
This noncompliant code example is from an actual vulnerability (VU#837857) discovered in some versions of the X Window System server. The vulnerability exists because the programmer neglected to provide the open and close parentheses following the geteuid() function identifier. As a result, the geteuid token returns the address of the function, which is never equal to zero. As a result, the or condition of this if statement is always true and access is provided to the protected block for all users. Many compilers issue a warning noting such pointless expressions. Therefore, this coding error is normally detected by adherence to MSC00-C. Compile cleanly at high warning levels.
| Code Block | ||||
|---|---|---|---|---|
| ||||
/* First the options that are only allowed for root */
if (getuid() == 0 || geteuid != 0) {
/* ... */
}
|
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| BAD_COMPARE | Can detect the specific instance where the address of a function is compared against 0, such as in the case of | |||||||
| |||||||||
| GCC |
| Can detect violations of this recommendation when the | |||||||
| EFFECT |
...
ISO/IEC TR 17961 (Draft) Comparing function addresses to zero [funcaddr]
ISO/IEC TR 24772 "KOA Likely incorrect expressions"
...
MITRE CWE: CWE-480, "Use of incorrect operator"
Bibliography
[Hatton 1995] Section 2.7.2, "Errors of omission and addition"
...