CWE-587 将一个固定地址复制给指针
Assignment of a Fixed Address to a Pointer
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
The software sets a pointer to a specific address other than NULL or 0.
扩展描述
Using a fixed address is not portable because that address will probably not be valid in all environments or platforms.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 344 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 758 cwe_View_ID: 1000
适用平台
Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C#', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Class': 'Assembly', 'cwe_Prevalence': 'Undetermined'}]
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Integrity', 'Confidentiality', 'Availability'] | Execute Unauthorized Code or Commands | If one executes code at a known location, an attacker might be able to inject code there beforehand. |
| Availability | DoS: Crash, Exit, or Restart | If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash. |
| ['Confidentiality', 'Integrity'] | ['Read Memory', 'Modify Memory'] | The data at a known pointer location can be easily read or influenced by an attacker. |
可能的缓解方案
Implementation
策略:
Never set a pointer to a fixed address.
示例代码
例
This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.
bad C
int result2 = (pt2Function) (12, 'a', 'b');
// Here we can inject code to execute.
The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CERT C Secure Coding | INT36-C | Imprecise | Converting a pointer to integer or integer to pointer |
| Software Fault Patterns | SFP1 | Glitch in computation |