CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-785: Use of Path Manipulation Function without Maximum-sized Buffer

 
Use of Path Manipulation Function without Maximum-sized Buffer
Weakness ID: 785 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.

Extended Description

Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.

+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

C

C++

+ Common Consequences
ScopeEffect

Technical Impact: Modify memory; Execute unauthorized code or commands; DoS: crash / exit / restart

+ Demonstrative Examples

Example 1

(Bad Code)
Example Language:
char *createOutputDirectory(char *name) {
char outputDirectoryName[128];
if (getCurrentDirectory(128, outputDirectoryName) == 0) {
return null;
}
if (!PathAppend(outputDirectoryName, "output")) {
return null;
}
if (!PathAppend(outputDirectoryName, name)) {

return null;
}
if (SHCreateDirectoryEx(NULL, outputDirectoryName, NULL) != ERROR_SUCCESS) {

return null;
}
return StrDup(outputDirectoryName);
}

In this example the function creates a directory named "output\<name>" in the current directory and returns a heap-allocated copy of its name. For most values of the current directory and the name parameter, this function will work properly. However, if the name parameter is particularly long, then the second call to PathAppend() could overflow the outputDirectoryName buffer, which is smaller than MAX_PATH bytes.

+ Potential Mitigations

Phase: Implementation

Always specify output buffers large enough to handle the maximum-size possible result from path manipulation functions.

+ Background Details

Windows provides a large number of utility functions that manipulate buffers containing filenames. In most cases, the result is returned in a buffer that is passed in as input. (Usually the filename is modified in place.) Most functions require the buffer to be at least MAX_PATH bytes in length, but you should check the documentation for each function individually. If the buffer is not large enough to store the result of the manipulation, a buffer overflow can occur.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class20Improper Input Validation
Development Concepts699
Seven Pernicious Kingdoms (primary)700
ChildOfWeakness BaseWeakness Base120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Development Concepts (primary)699
Research Concepts1000
ChildOfCategoryCategory632Weaknesses that Affect Files or Directories
Resource-specific Weaknesses (primary)631
ChildOfCategoryCategory633Weaknesses that Affect Memory
Resource-specific Weaknesses631
ChildOfWeakness BaseWeakness Base676Use of Potentially Dangerous Function
Research Concepts (primary)1000
ChildOfCategoryCategory890SFP Cluster: Memory Access
Software Fault Pattern (SFP) Clusters (primary)888
+ Affected Resources
  • Memory
  • File/Directory
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsOften Misused: File System
+ White Box Definitions

A weakness where code path has:

1. end statement that passes buffer to path manipulation function where the size of the buffer is smaller than expected by the path manipulation function

+ Maintenance Notes

Much of this entry was originally part of CWE-249, which was deprecated for several reasons.

This entry is at a much lower level of abstraction than most entries because it is function-specific. It also has significant overlap with other entries that can vary depending on the perspective. For example, incorrect usage could trigger either a stack-based overflow (CWE-121) or a heap-based overflow (CWE-122). The CWE team has not decided how to handle such entries.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01CigitalExternal
updated Time_of_Introduction
2008-08-01KDM AnalyticsExternal
added/updated white box definitions
2008-09-08MITREInternal
updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings
2009-05-27MITREInternal
updated Demonstrative_Examples
2009-07-17External
Improved the White_Box_Definition
2011-06-01MITREInternal
updated Common_Consequences
2012-05-11MITREInternal
updated Relationships
Page Last Updated: June 23, 2014