[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97389

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Unchecked Return Value to NULL Pointer Dereference

ID: 690Date: (C)2012-05-14   (M)2012-11-08
Type: compound elementStatus: DRAFT
Abstraction Type: Base





Description

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

Applicable Platforms
Language: C
Language: C++

Common Consequences

ScopeTechnical ImpactNotes
Availability
 
DoS: crash / exit / restart
 
 

Detection Methods

NameDescriptionEffectivenessNotes
Black Box
 
This typically occurs in rarely-triggered error conditions, reducing the chances of detection during black box testing.
 
  
White Box
 
Code analysis can require knowledge of API behaviors for library functions that might return NULL, reducing the chances of detection when unknown libraries are used.
 
  

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-690 ChildOf CWE-876 Category CWE-868  

Demonstrative Examples   (Details)

  1. The code below makes a call to the getUserName() function but doesn't check the return value before dereferencing (which may cause a NullPointerException).
  2. This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer. (Demonstrative Example Id DX-1)

Observed Examples

  1. CVE-2008-1052 : Large Content-Length value leads to NULL pointer dereference when malloc fails.
  2. CVE-2006-6227 : Large message length field leads to NULL pointer dereference when malloc fails.
  3. CVE-2006-2555 : Parsing routine encounters NULL dereference when input is missing a colon separator.
  4. CVE-2003-1054 : URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.
  5. CVE-2008-5183 : chain: unchecked return value can lead to NULL dereference

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CERT Java Secure Coding ERR08-J
 
Do not catch NullPointerException or any of its ancestors
 
 
CERT C++ Secure Coding MEM32-CPP
 
Detect and handle memory allocation errors
 
 

References:
None

© 2013 SecPod Technologies