CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.4)  

CWE-606: Unchecked Input for Loop Condition

Individual Definition in a New Window
Unchecked Input for Loop Condition
Status: Draft
Weakness ID: 606 (Weakness Base)
+ Description
Summary

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping.

+ Time of Introduction
* Implementation
+ Demonstrative Examples

C Example:
void iterate(int n){
int i;
for (i = 0; i < n; i++){
foo();
}
}
void iterateFoo()
{
unsigned num;
scanf("%u",&num);
iterate(num);
}
+ Potential Mitigations

Do not use user-controlled data for loop conditions.

Perform input validation.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness ClassWeakness Class20Improper Input Validation
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness ClassWeakness Class398Indicator of Poor Code Quality
Research Concepts1000
ChildOfCategoryCategory738CERT C Secure Coding Section 04 - Integers (INT)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDMapped Node Name
Anonymous Tool Vendor (under NDA)  
CERT C Secure CodingINT03-CUse a secure integer library
+ Content History
Submissions
Anonymous Tool Vendor (under NDA). (Externally Mined)
Modifications
Eric Dalci. Cigital. 2008-07-01. (External)
updated Potential_Mitigations, Time_of_Introduction
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Relationships, Taxonomy_Mappings, Type
CWE Content Team. MITRE. 2008-11-24. (Internal)
updated Relationships, Taxonomy_Mappings
CWE Content Team. MITRE. 2009-05-27. (Internal)
updated Demonstrative_Examples
Page Last Updated: May 26, 2009