CWE-587: Assignment of a Fixed Address to a Pointer
Assignment of a Fixed Address to a Pointer
Weakness ID: 587 (Weakness Base)
Status: Draft
Description
Description Summary
The software sets a pointer to a specific address other than NULL or 0.
Extended Description
Using a fixed address is not portable because that address will probably not be valid in all environments or platforms.
Time of Introduction
Architecture and Design
Implementation
Applicable Platforms
Languages
C
C++
C#
Assembly
Common Consequences
Scope
Effect
Integrity
Confidentiality
Availability
Technical Impact: Execute unauthorized code or
commands
If one executes code at a known location, an attacker might be able to
inject code there beforehand.
Availability
Technical Impact: DoS: crash / exit /
restart
If the code is ported to another platform or environment, the pointer
is likely to be invalid and cause a crash.
Confidentiality
Integrity
Technical Impact: Read memory; Modify memory
The data at a known pointer location can be easily read or influenced
by an attacker.
Demonstrative Examples
Example 1
This code assumes a particular function will always be found at a
particular address. It assigns a pointer to that address and calls the
function.
(Bad Code)
Example
Language: C
int (*pt2Function) (float, char, char)=0x08040000;
int result2 = (*pt2Function) (12, 'a', 'b');
// Here we can inject code to execute.
The same function may not always be found at the same memory address.
This could lead to a crash, or an attacker may alter the memory at the
expected address, leading to arbitrary code execution.
Potential Mitigations
Phase: Implementation
Never set a pointer to a fixed address.
Weakness Ordinalities
Ordinality
Description
Primary
(where
the weakness exists independent of other weaknesses)
Description
