Description
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Many functions will return some value about the success of their actions. This will alert the program whether or not to handle any errors caused by that function.
Modes of Introduction:
– Implementation
Likelihood of Exploit: Medium
Related Weaknesses
Consequences
Integrity, Availability: DoS: Crash, Exit, or Restart, Unexpected State
The data which were produced as a result of a function call could be in a bad state upon return. If the return value is not checked, then this bad data may be used in operations, possibly leading to a crash or other unintended behaviors.
Potential Mitigations
Phase: Requirements
Effectiveness:
Description:
Phase: Implementation
Effectiveness: High
Description:
Check the results of all functions that return a value and verify that the value is expected.
Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment.
Phase: Implementation
Effectiveness: High
Description:
If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).
Using specific exceptions, and ensuring that exceptions are checked, helps programmers to anticipate and appropriately handle many unusual events that could occur.
Phase: Implementation
Effectiveness:
Description:
Phase: Implementation
Effectiveness:
Description:
Performing extensive input validation does not help with handling unusual conditions, but it will minimize their occurrences and will make it more difficult for attackers to trigger them.
Phase: Architecture and Design, Implementation
Effectiveness:
Description:
If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.
Phase: Architecture and Design
Effectiveness:
Description:
Use system limits, which should help to prevent resource exhaustion. However, the software should still handle low resource conditions since they may still occur.
CVE References
- CVE-2007-3798
- Unchecked return value leads to resultant integer overflow and code execution.
- CVE-2006-4447
- Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.
- CVE-2006-2916
- Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.