Deletion of Data-structure Sentinel

From Guidance Share

Jump to: navigation, search

Contents

Description

The malicious deletion of a data-structure sentinel can cause serious programing logic problems. Addition of a data-structure sentinal can result in data truncation.

Applies To

  • Languages: C, C++, Fortran, Assembly
  • Operating platforms: All, although partial preventative measures may be deployed depending on environment.

Example

Often times sentinel values are used to mark a data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list. It is, of course dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the deletion or modification outside of some wrapper interface which provides safety.

Impact

  • Availability: Generally this error will cause the data structure to not work properly.
  • Authorization: If a control character, such as NULL is removed, one may cause resource access control problems.

Vulnerabilities

  • Failure to protect data structure sentinals from modification by untrusted users.

Countermeasures

  • Pre-design : Use a language or compiler that performs automatic bounds checking.
  • Design : Use an abstraction library to abstract away risky APIs. Not a complete solution.
  • Build: Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
  • Operational : Use OS-level preventative functionality. Not a complete solution.

Vulnerability Patterns

How Tos

Personal tools