|
|
|
|
CWE-111 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 111 (Weakness Base) | | Description | Summary When a Java application uses the Java Native Interface (JNI) to call code written in
another programming language, it can expose the application to weaknesses in that code, even if
those weaknesses cannot occur in Java. | | Weakness Ordinality | Primary (Weakness exists independent of other weaknesses) | | Causal Nature | Explicit (This is an explicit weakness resulting from behavior of the developer) | Demonstrative Examples | The following code defines a class named Echo. The class declares one native method
(defined below), which uses C to echo commands entered on the console back to the user.
class Echo { public native void runEcho(); static { System.loadLibrary("echo"); } public
static void main(String[] args) { new Echo().runEcho(); } } The following C code defines
the native method implemented in the Echo class: Java Example: #include <jni.h> #include "Echo.h"//the java class above compiled with javah #include <stdio.h> JNIEXPORT void JNICALL Java_Echo_runEcho(JNIEnv *env, jobject obj) { char buf[64]; gets(buf); printf(buf); } Because the example is implemented in Java, it may appear that it is immune to
memory issues like buffer overflow vulnerabilities. Although Java does do a good job of
making memory operations safe, this protection does not extend to vulnerabilities
occurring in source code written in other languages that are accessed using the Java
Native Interface. Despite the memory protections offered in Java, the C code in this
example is vulnerable to a buffer overflow because it makes use of gets(), which does not
perform any bounds checking on its input. The Sun Java(TM) Tutorial provides the following
description of JNI [See Reference]: The JNI framework lets your native method utilize Java
objects in the same way that Java code uses these objects. A native method can create Java
objects, including arrays and strings, and then inspect and use these objects to perform
its tasks. A native method can also inspect and use objects created by Java application
code. A native method can even update Java objects that it created or that were passed to
it, and these updated objects are available to the Java application. Thus, both the native
language side and the Java side of an application can create, update, and access Java
objects and then share these objects between them. The vulnerability in the example above
could easily be detected through a source code audit of the native method implementation.
This may not be practical or possible depending on the availability of the C source code
and the way the project is built, but in many cases it may suffice. However, the ability
to share objects between Java and native methods expands the potential risk to much more
insidious cases where improper data handling in Java may lead to unexpected
vulnerabilities in native code or unsafe operations in native code corrupt data structures
in Java. Vulnerabilities in native code accessed through a Java application are typically
exploited in the same manner as they are in applications written in the native language.
The only challenge to such an attack is for the attacker to identify that the Java
application uses native code to perform certain operations. This can be accomplished in a
variety of ways, including identifying specific behaviors that are often implemented with
native code or by exploiting a system information leak in the Java application that
exposes its use of JNI [See Reference]. | | Context Notes | Native code is unprotected by the security features enforced by the runtime
environment, such as strong typing and array bounds checking. Many safety features that
programmers may take for granted simply do not apply for native code, so you must carefully review
all such code for potential problems. Other programming languages that may be more susceptible to
buffer overflows and other attacks, such as C or C++, usually implement native code.
Language-based encapsulation is broken. | | References | | | Relationships | | | Source Taxonomies | 7 Pernicious Kingdoms - Unsafe JNI | | Applicable Platforms | Java |
|