SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 73

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 74

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: text shuffling

...

Wiki Markup
This noncompliant example shows a bug in Tomcat version 4.1.24, initially discovered by Reasoning \[[Reasoning 2003|AA. Bibliography#Reasoning 03]\]. The {{cardinality}} method was designed to return the number of occurrences of object {{obj}} in collection {{col}}. One valid use of the {{cardinality}} method  is to determine how many objects in the collection are {{null}}. However, because membership in the collection is checked using the expression {{obj.equals(elt)}}, a null pointer dereference is guaranteed whenever {{obj}} is {{null}} and {{elt}} is not {{null}}.

Code Block
bgColor#FFcccc
public static int cardinality(Object obj, final Collection col) {
  int count = 0;
  Iterator it = col.iterator();
  while (it.hasNext()) {
    Object elt = it.next();
    if ((null == obj && null == elt) || obj.equals(elt)) {  // null pointer dereference
      count++;
    }
  }
  return count;
}

...

Note that explicit null checks as shown here are one acceptable approach to eliminating null pointer dereferences; .

Risk Assessment

Wiki MarkupDereferencing a {{null}} pointer can lead to a denial of service. For example, Java Web Start applications and applets particular to JDK version 1.6, prior to update 4, were affected by a bug that had some noteworthy security consequences. In some isolated cases, the application or applet's attempt to establish an HTTPS connection with a server generated a {{NullPointerException}} \[[SDN 2008|AA. Bibliography#SDN 08]\]. The resulting failure to establish a secure HTTPS connection with the server caused a denial of service: clients were temporarily forced to use an insecure http channel for data exchange. In multithreaded programs, null pointer dereferences can violate cache coherency policies and can cause resource leaks.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP01-J

low

likely

high

P3

L3

...

The Coverity Prevent Version 5.0 FORWARD_NULL checker can detect the instance where reference is checked against null but then dereferenced anyway.

Related Vulnerabilities

Wiki Markup
Java Web Start applications and applets particular to JDK version 1.6, prior to update 4, were affected by a bug that had some noteworthy security consequences. In some isolated cases, the application or applet's attempt to establish an HTTPS connection with a server generated a {{NullPointerException}} \[[SDN 2008|AA. Bibliography#SDN 08]\]. The resulting failure to establish a secure HTTPS connection with the server caused a denial of service: clients were temporarily forced to use an insecure http channel for data exchange.

Related Guidelines

CERT C Secure Coding Standard

EXP34-C. Do not dereference null pointers

CERT C++ Secure Coding Standard

EXP34-CPP. Ensure a null pointer is not dereferenced

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="213733f32bcb90e7-e65ec4cf-49b44b23-a5e5b1d2-319ae4c93ef70795b412fd2a"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Null Pointer Dereference [XYH]"

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE ID 476, "NULL Pointer Dereference"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a0e0039344793913-fabbb66a-41c44d0f-bdeabb72-b1364140b8e40561a1f56461"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[method doPrivileged()

http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="91139e5cdc61d8bc-56ca22f3-4e6447dc-b8a7a27a-abf81f8a9f55a6b034ecb694"><ac:plain-text-body><![CDATA[

[[Hovemeyer 2007

AA. Bibliography#Hovemeyer 07]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b18bb7c8eb3cb50f-469699b7-4f104144-9d7c82cc-5fd3aa62e34c982ffcf1e435"><ac:plain-text-body><![CDATA[

[[Reasoning 2003

AA. Bibliography#Reasoning 03]]

Defect ID 00-0001

]]></ac:plain-text-body></ac:structured-macro>

 

Null Pointer Dereference

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7877c5c961cdd0a6-c7742439-4f0a433f-97a2a080-ac62d3c705bdf1a2bb5c6ec0"><ac:plain-text-body><![CDATA[

[[SDN 2008

AA. Bibliography#SDN 08]]

[Bug ID 6514454

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6514454]

]]></ac:plain-text-body></ac:structured-macro>

...