This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Undefined Behavior"
Weilin Zhong (talk | contribs) |
(Reverting to last version not containing links to www.textpasc4t.com) |
||
| (7 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{Template:Vulnerability}} | {{Template:Vulnerability}} | ||
| + | {{Template:Fortify}} | ||
| + | |||
| + | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
| + | |||
| + | [[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]] | ||
==Description== | ==Description== | ||
| − | ==Examples == | + | The behavior of this function is undefined unless its control parameter is set to a specific value. |
| + | |||
| + | The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [1]. If the constraints are not met, the behavior of the functions is not defined. | ||
| + | |||
| + | It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met: | ||
| + | |||
| + | The value 1 must be passed to the third parameter (the version number) of the following file system function: | ||
| + | |||
| + | <pre> | ||
| + | __xmknod | ||
| + | </pre> | ||
| + | |||
| + | The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions: | ||
| + | |||
| + | <pre> | ||
| + | __wcstod_internal | ||
| + | __wcstof_internal | ||
| + | __wcstol_internal | ||
| + | __wcstold_internal | ||
| + | __wcstoul_internal | ||
| + | </pre> | ||
| + | |||
| + | The value 3 must be passed as the first parameter (the version number) of the following file system functions: | ||
| + | |||
| + | <pre> | ||
| + | __xstat | ||
| + | __lxstat | ||
| + | __fxstat | ||
| + | __xstat64 | ||
| + | __lxstat64 | ||
| + | __fxstat64 | ||
| + | |||
| + | </pre> | ||
| + | |||
| + | |||
| + | |||
| + | ==Risk Factors== | ||
| + | |||
| + | TBD | ||
| + | |||
| + | ==Examples== | ||
| + | |||
| + | ===Short example name=== | ||
| + | : A short example description, small picture, or sample code with [http://www.site.com links] | ||
| + | |||
| + | ===Short example name=== | ||
| + | : A short example description, small picture, or sample code with [http://www.site.com links] | ||
| + | |||
| + | |||
| + | ==Related [[Attacks]]== | ||
| + | |||
| + | * [[Attack 1]] | ||
| + | * [[Attack 2]] | ||
| + | |||
| + | |||
| + | ==Related [[Vulnerabilities]]== | ||
| + | |||
| + | * [[Vulnerability 1]] | ||
| + | * [[Vulnerabiltiy 2]] | ||
| + | |||
| + | |||
| + | |||
| + | ==Related [[Controls]]== | ||
| + | |||
| + | * [[Control 1]] | ||
| + | * [[Control 2]] | ||
| + | |||
| + | |||
| + | ==Related [[Technical Impacts]]== | ||
| + | |||
| + | * [[Technical Impact 1]] | ||
| + | * [[Technical Impact 2]] | ||
| + | |||
| + | |||
| + | ==References== | ||
| + | |||
| + | |||
| + | * [1] The Linux Standard Base Specification 2.0.1, Interfaces Definitions for libc. http://www.linuxbase.org/spec/refspecs/LSB_1.2.0/gLSB/libcman.html. | ||
| + | |||
| + | |||
| + | [[Category:FIXME|add links | ||
| + | |||
| + | In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki> | ||
| + | |||
| + | Availability Vulnerability | ||
| + | |||
| + | Authorization Vulnerability | ||
| + | |||
| + | Authentication Vulnerability | ||
| + | |||
| + | Concurrency Vulnerability | ||
| + | |||
| + | Configuration Vulnerability | ||
| + | |||
| + | Cryptographic Vulnerability | ||
| + | |||
| + | Encoding Vulnerability | ||
| − | + | Error Handling Vulnerability | |
| − | + | Input Validation Vulnerability | |
| − | + | Logging and Auditing Vulnerability | |
| − | + | Session Management Vulnerability]] | |
| − | + | __NOTOC__ | |
| − | |||
| + | [[Category:OWASP ASDR Project]] | ||
[[Category:General Logic Error Vulnerability]] | [[Category:General Logic Error Vulnerability]] | ||
| + | [[Category:Code Quality Vulnerability]] | ||
| + | [[Category:Unix]] | ||
| + | [[Category:Vulnerability]] | ||
Latest revision as of 18:29, 27 May 2009
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
- This article includes content generously donated to OWASP by
Last revision (mm/dd/yy): 05/27/2009
Vulnerabilities Table of Contents
Description
The behavior of this function is undefined unless its control parameter is set to a specific value.
The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [1]. If the constraints are not met, the behavior of the functions is not defined.
It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met:
The value 1 must be passed to the third parameter (the version number) of the following file system function:
__xmknod
The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions:
__wcstod_internal __wcstof_internal __wcstol_internal __wcstold_internal __wcstoul_internal
The value 3 must be passed as the first parameter (the version number) of the following file system functions:
__xstat __lxstat __fxstat __xstat64 __lxstat64 __fxstat64
Risk Factors
TBD
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Attacks
Related Vulnerabilities
Related Controls
Related Technical Impacts
References
- [1] The Linux Standard Base Specification 2.0.1, Interfaces Definitions for libc. http://www.linuxbase.org/spec/refspecs/LSB_1.2.0/gLSB/libcman.html.
