This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Undefined Behavior"
Weilin Zhong (talk | contribs) |
Weilin Zhong (talk | contribs) |
||
Line 59: | Line 59: | ||
[[Category:Code Quality Vulnerability]] | [[Category:Code Quality Vulnerability]] | ||
− | |||
− | |||
[[Category:Unix]] | [[Category:Unix]] |
Revision as of 15:06, 21 July 2006
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Abstract
The behavior of this function is undefined unless its control parameter is set to a specific value.
Description
The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [1]. If the constraints are not met, the behavior of the functions is not defined.
It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met:
The value 1 must be passed to the third parameter (the version number) of the following file system function:
__xmknod
The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions:
__wcstod_internal __wcstof_internal __wcstol_internal __wcstold_internal __wcstoul_internal
The value 3 must be passed as the first parameter (the version number) of the following file system functions:
__xstat __lxstat __fxstat __xstat64 __lxstat64 __fxstat64
Examples
Related Threats
Related Attacks
Related Vulnerabilities
Related Countermeasures
References
[1] The Linux Standard Base Specification 2.0.1, Interfaces Definitions for libc. http://www.linuxbase.org/spec/refspecs/LSB_1.2.0/gLSB/libcman.html.