Java does not support the use of unsigned types, except for the 16 bit char
datatype. Sometimes, it is necessary to interoperate with native languages such as C/C++ that use unsigned types extensively. The standard practice to deal with unsigned types is to read their values into Java's larger signed
primitives. For example, a signed long
is used to hold an unsigned integer
.
Noncompliant Code Example
This example incorrectly uses a generic method for reading in integer data irrespective of the signedness. It assumes that the value is always signed and thus treats the most significant bit (MSB) as the sign bit causing misinterpretations about the actual magnitude of the integer.
public static int getInteger(DataInputStream is) throws IOException { return is.readInt(); }
Compliant Solution
This compliant solution assumes that the unsigned
integer has 32 bits. It reads in an unsigned
integer value into a long
variable using the readInt()
method. If the read integer is unsigned
, the most significant bit may be turned on. Consequently, all the higher order bits of the resulting long
will be set due to sign extension, and these have to be masked off as demonstrated.
public static long getInteger2(DataInputStream is) throws IOException { return is.readInt() & 0xFFFFFFFFL; }
Risk Assessment
Treating an unsigned type as signed can result in misinterpretations and can lead to erroneous calculations.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
SEC01-J |
low |
unlikely |
medium |
P2 |
L3 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[API 06]] Class DataInputStream: method readInt
[[Harold 97]] Chapter 2: Primitive Data Types, Cross Platform Issues, Unsigned Integers
INT00-J. Provide methods to read and write Little-Endian data 04. Integers (INT) 04. Integers (INT)