This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Null Dereference"
Weilin Zhong (talk | contribs) |
Weilin Zhong (talk | contribs) |
||
| Line 1: | Line 1: | ||
{{Template:Vulnerability}} | {{Template:Vulnerability}} | ||
| + | {{Template:Fortify}} | ||
| + | |||
| + | ==Abstract== | ||
| + | |||
| + | The program can potentially dereference a null pointer, thereby raising a NullPointerException. | ||
==Description== | ==Description== | ||
| + | |||
| + | Null pointer errors are usually the result of one or more programmer assumptions being violated. | ||
| + | |||
| + | Most null pointer issues result in general software reliability problems, but if an attacker can intentionally trigger a null pointer dereference, the attacker might be able to use the resulting exception to bypass security logic or to cause the application to reveal debugging information that will be valuable in planning subsequent attacks. | ||
==Examples == | ==Examples == | ||
| + | |||
| + | In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a null pointer exception when it attempts to call the trim() method. | ||
| + | |||
| + | String cmd = System.getProperty("cmd"); | ||
| + | cmd = cmd.trim(); | ||
==Related Threats== | ==Related Threats== | ||
| Line 15: | Line 29: | ||
==Categories== | ==Categories== | ||
| − | + | [[Category:Code Quality Vulnerability]] | |
| + | |||
| + | [[Category:Java]] | ||
[[Category:Implementation]] | [[Category:Implementation]] | ||
| + | |||
| + | [[Category:Code Snippet]] | ||
Revision as of 17:10, 20 July 2006
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
- This article includes content generously donated to OWASP by
Abstract
The program can potentially dereference a null pointer, thereby raising a NullPointerException.
Description
Null pointer errors are usually the result of one or more programmer assumptions being violated.
Most null pointer issues result in general software reliability problems, but if an attacker can intentionally trigger a null pointer dereference, the attacker might be able to use the resulting exception to bypass security logic or to cause the application to reveal debugging information that will be valuable in planning subsequent attacks.
Examples
In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a null pointer exception when it attempts to call the trim() method.
String cmd = System.getProperty("cmd"); cmd = cmd.trim();
