Unchecked Array Indexing

From Guidance Share

Jump to: navigation, search

Contents

Description

Unchecked array indexing occurs when an unchecked value is used as an index into a buffer.


Applies To

  • Languages: C, C++, Assembly
  • Operating Platforms: All


Example

Impact

  • Availability: Unchecked array indexing will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area
  • Integrity: If the memory corrupted is data, rather than instructions, the system will continue to function with improper values.
  • Access Control: If the memory corrupted memory can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow.


Vulnerabilities

  • Failure to check array boundaries before indexing

Countermeasures

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Implementation: Include sanity checks to ensure the validity of any values used as index variables. In loops, use greater-than-or-equal-to, or less-than-or-equal-to, as opposed to simply greater-than, or less-than compare statements.


Vulnerability Patterns


How Tos

Personal tools