CWE
Home > CWE List > CWE-464 Individual Dictionary Definition (Draft 9)   View the CWE List

The accidental addition of a data-structure sentinel can cause serious programming logic problems. High to Very High Availability: Generally this error will cause the data structure to not work properly by truncating the data. Pre-design: Use a language or compiler that performs automatic bounds checking. Design: Use an abstraction library to abstract away risky APIs. Not a complete solution. Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice, and Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution. Operational: Use OS-level preventative functionality. Not a complete solution. C C++ char *foo; foo=malloc(sizeof(char)*4); foo[0]='a'; foo[1]='a'; foo[2]=0; foo[3]='c'; printf("%c %c %c %c %c \n",foo[0],foo[1],foo[2],foo[3]); printf("%s\n",foo); Data-structure sentinels are often used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list. It is, of course dangerous, to allow this type of control data to be easily accessible. Therefore, it is important to protect from the addition or modification outside of some wrapper interface which provides safety. By adding a sentinel, one potentially could cause data to be truncated early. 1000 Weakness ChildOf 138 1000 Category ChildOf 461 Addition of data-structure sentinel C C++ (CWE-464)

CWE-464 Individual Dictionary Definition (Draft 9)

Addition of Data Structure Sentinel
Weakness ID
Status: Incomplete

464 (Weakness Base)

Description

Summary

The accidental addition of a data-structure sentinel can cause serious programming logic problems.

Likelihood of Exploit

High to Very High

Common Consequences

Availability: Generally this error will cause the data structure to not work properly by truncating the data.

Potential Mitigations

Pre-design: Use a language or compiler that performs automatic bounds checking.

Design: Use an abstraction library to abstract away risky APIs. Not a complete solution.

Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice, and Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.

Operational: Use OS-level preventative functionality. Not a complete solution.

Demonstrative
Examples

C/C++ Example:

char *foo;
foo=malloc(sizeof(char)*4);
foo[0]='a';
foo[1]='a';
foo[2]=0;
foo[3]='c';
printf("%c %c %c %c %c \n",foo[0],foo[1],foo[2],foo[3]);
printf("%s\n",foo);

Context Notes

Data-structure sentinels are often used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list. It is, of course dangerous, to allow this type of control data to be easily accessible. Therefore, it is important to protect from the addition or modification outside of some wrapper interface which provides safety. By adding a sentinel, one potentially could cause data to be truncated early.

Relationships
NatureTypeIDName
ChildOfWeakness ClassWeakness ClassWeakness Class138Failure to Sanitize Special Elements
ChildOfCategoryCategory461Data Structure Issues
Source Taxonomies

CLASP - Addition of data-structure sentinel

Applicable Platforms

C

C++

Page Last Updated: April 23, 2008