Function Call with Incorrectly Specified Arguments| ID: 628 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Base |
Description
The product calls a function, procedure, or routine with
arguments that are not correctly specified, leading to always-incorrect behavior
and resultant weaknesses.
Extended DescriptionThere are multiple ways in which this weakness can be introduced,
including:the wrong variable or reference;an incorrect number of arguments;incorrect order of arguments;wrong type of arguments; orwrong value.
Applicable PlatformsLanguage Class: All
Time Of Introduction
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| OtherAccess_Control | Quality degradationGain privileges / assume
identity | This weakness can cause unintended behavior and can lead to additional
weaknesses such as allowing an attacker to gain unintended access to
system resources. |
Detection Methods
| Name | Description | Effectiveness | Notes |
|---|
| Other | Since these bugs typically introduce obviously incorrect behavior,
they are found quickly, unless they occur in rarely-tested code paths.
Managing the correct number of arguments can be made more difficult in
cases where format strings are used, or when variable numbers of
arguments are supported. | | |
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Build and Compilation | | Once found, these issues are easy to fix. Use code inspection tools
and relevant compiler features to identify potential violations. Pay
special attention to code that is not likely to be exercised heavily
during QA. | | |
| Architecture and Design | | Make sure your API's are stable before you use them in production
code. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-628 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the following Java snippet, the accessGranted() method is
accidentally called with the static ADMIN_ROLES array rather than the user
roles. (Demonstrative Example Id DX-64)
- The following PHP method authenticates a user given a
username/password combination but is called with the parameters in reverse
order. (Demonstrative Example Id DX-62)
- This Perl code intends to record whether a user authenticated
successfully or not, and to exit if the user fails to authenticate. However,
when it calls ReportAuth(), the third argument is specified as 0 instead of
1, so it does not exit. (Demonstrative Example Id DX-63)
Observed Examples
- CVE-2006-7049 : The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CERT C Secure Coding | DCL10-C | Maintain the contract between the writer and caller of
variadic functions | |
| CERT C Secure Coding | EXP37-C | Call functions with the arguments intended by the
API | |
| CERT C Secure Coding | MEM08-C | Use realloc() only to resize dynamically allocated
arrays | |
References:None
