CWE - CWE-188: Reliance on Data/Memory Layout (1.6)

Home > CWE List > CWE- Individual Dictionary Definition (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-188: Reliance on Data/Memory Layout

Reliance on Data/Memory Layout

Weakness ID: 188 (Weakness Base)

Status: Draft

Description

Description Summary

The software makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.

Time of Introduction

Architecture and Design
Implementation

Applicable Platforms

Languages

C++

Common Consequences

Scope	Effect
Integrity Confidentiality	Can result in unintended modifications or information leaks of data.

Likelihood of Exploit

Low

Demonstrative Examples

Example 1

(Bad Code)

void example() {

char a;

char b;

*(&a + 1) = 0;

}

Here, b may not be one byte past a. It may be one byte in front of a. Or, they may have three bytes between them because they get aligned to 32-bit boundaries.

Potential Mitigations

Phase	Description
	Design and Implementation: In flat address space situations, never allow computing memory addresses as offsets from another memory address.
Architecture and Design	Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar).
	Testing: Test that the implementation properly handles each case in the protocol grammar.

Other Notes

When changing platforms or protocol versions, data may move in unintended ways. For example, some architectures may place local variables a and b right next to each other with a on top; some may place them next to each other with b on top; and others may add some padding to each. This ensured that each variable is aligned to a proper word size. In protocol implementations, it is common to offset relative to another field to pick out a specific piece of data. Exceptional conditions -- often involving new protocol versions -- may add corner cases that lead to the data layout changing in an unusual way. The result can be that an implementation accesses a particular part of a packet, treating data of one type as data of another type.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	137	Representation Errors	Development Concepts (primary)699
ChildOf	Weakness Class	435	Interaction Error	Research Concepts1000
ChildOf	Weakness Class	758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior	Research Concepts (primary)1000
ParentOf	Weakness Base	198	Use of Incorrect Byte Ordering	Research Concepts (primary)1000

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
CLASP			Reliance on data layout

Content History

Submissions
Submission Date	Submitter	Organization	Source
	CLASP		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Time of Introduction
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Applicable Platforms, Common Consequences, Relationships, Other Notes, Taxonomy Mappings
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Relationships
2009-10-29	CWE Content Team	MITRE	Internal
2009-10-29	updated Common Consequences

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us