CWE - CWE-135: Incorrect Calculation of Multi-Byte String Length (2.4)

Home > CWE List > CWE- Individual Dictionary Definition (2.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives
Contact Us

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Search the Site

CWE-135: Incorrect Calculation of Multi-Byte String Length

Incorrect Calculation of Multi-Byte String Length

Weakness ID: 135 (Weakness Base)

Status: Draft

Description

Description Summary

The software does not correctly calculate the length of strings that can contain wide or multi-byte characters.

Time of Introduction

Implementation

Applicable Platforms

Languages

C++

Common Consequences

Scope	Effect
Integrity Confidentiality Availability	Technical Impact: Execute unauthorized code or commands This weakness may lead to a buffer overflow. Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. This can often be used to subvert any other security service.
Availability Confidentiality	Technical Impact: Read memory; DoS: crash / exit / restart; DoS: resource consumption (CPU); DoS: resource consumption (memory) Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
Confidentiality	Technical Impact: Read memory In the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences.

Demonstrative Examples

Example 1

The following example would be exploitable if any of the commented incorrect malloc calls were used.

(Bad Code)

Example Language: C

#include <stdio.h>

#include <strings.h>

#include <wchar.h>

int main() {

wchar_t wideString[] = L"The spazzy orange tiger jumped " \

"over the tawny jaguar.";

wchar_t *newString;

printf("Strlen() output: %d\nWcslen() output: %d\n",

strlen(wideString), wcslen(wideString));

/* Wrong because the number of chars in a string isn't related to its length in bytes //

newString = (wchar_t *) malloc(strlen(wideString));

/* Wrong because wide characters aren't 1 byte long! //

newString = (wchar_t *) malloc(wcslen(wideString));

/* Wrong because wcslen does not include the terminating null */

newString = (wchar_t *) malloc(wcslen(wideString) * sizeof(wchar_t));

/* correct! */

newString = (wchar_t *) malloc((wcslen(wideString) + 1) * sizeof(wchar_t));

/* ... */

}

The output from the printf() statement would be:

(Result)

Strlen() output: 0

Wcslen() output: 53

Potential Mitigations

Phase: Implementation

Strategy: Input Validation

Always verify the length of the string unit character.

Phase: Implementation

Strategy: Libraries or Frameworks

Use length computing functions (e.g. strlen, wcslen, etc.) appropriately with their equivalent type (e.g.: byte, wchar_t, etc.)

Other Notes

There are several ways in which improper string length checking may result in an exploitable condition. All of these, however, involve the introduction of buffer overflow conditions in order to reach an exploitable state. The first of these issues takes place when the output of a wide or multi-byte character string, string-length function is used as a size for the allocation of memory. While this will result in an output of the number of characters in the string, note that the characters are most likely not a single byte, as they are with standard character strings. So, using the size returned as the size sent to new or malloc and copying the string to this newly allocated memory will result in a buffer overflow. Another common way these strings are misused involves the mixing of standard string and wide or multi-byte string functions on a single string. Invariably, this mismatched information will result in the creation of a possibly exploitable buffer overflow condition. Again, if a language subject to these flaws must be used, the most effective mitigation technique is to pay careful attention to the code at implementation time and ensure that these flaws do not occur.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	133	String Errors	Development Concepts (primary)699
ChildOf	Weakness Class	682	Incorrect Calculation	Research Concepts (primary)1000
ChildOf	Category	741	CERT C Secure Coding Section 07 - Characters and Strings (STR)	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf	Category	857	CERT Java Secure Coding Section 12 - Input Output (FIO)	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ChildOf	Category	890	SFP Cluster: Memory Access	Software Fault Pattern (SFP) Clusters (primary)888
MemberOf	View	884	CWE Cross-section	CWE Cross-section (primary)884

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Mapped Node Name
CLASP		Improper string length checking
CERT C Secure Coding	STR33-C	Size wide character strings correctly
CERT Java Secure Coding	FIO10-J	Ensure the array is filled when using read() to fill an array

References

[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 5, "Unicode and ANSI Buffer Size Mismatches" Page 153. 2nd Edition. Microsoft. 2002.

Content History

Submissions
Submission Date	Submitter	Organization	Source
	CLASP		Externally Mined

Contributions
Contribution Date	Contributor	Organization	Source
2010-01-11	Gregory Padgett	Unitrends	Feedback
2010-01-11	correction to Demonstrative_Example
Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Potential_Mitigations, Time_of_Introduction
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings
2008-11-24	CWE Content Team	MITRE	Internal
2008-11-24	updated Relationships, Taxonomy_Mappings
2009-05-27	CWE Content Team	MITRE	Internal
2009-05-27	updated Description
2010-02-16	CWE Content Team	MITRE	Internal
2010-02-16	updated Demonstrative_Examples, References
2011-06-01	CWE Content Team	MITRE	Internal
2011-06-01	updated Common_Consequences, Relationships, Taxonomy_Mappings
2011-06-27	CWE Content Team	MITRE	Internal
2011-06-27	updated Common_Consequences
2012-05-11	CWE Content Team	MITRE	Internal
2012-05-11	updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings
2012-10-30	CWE Content Team	MITRE	Internal
2012-10-30	updated Potential_Mitigations
Previous Entry Names
Change Date	Previous Entry Name
2008-04-11	Improper String Length Checking

Page Last Updated: February 20, 2013


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us