CWE - VIEW LIST: CWE-690: Unchecked Return Value to NULL Pointer Dereference (1.6)

Home > CWE List > VIEW LIST: CWE-690: Unchecked Return Value to NULL Pointer Dereference (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-690: Unchecked Return Value to NULL Pointer Dereference

Unchecked Return Value to NULL Pointer Dereference

Definition in a New Window

Compound Element ID: 690 (Compound Element Base: Chain)

Status: Draft

Description

Description Summary

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

Extended Description

While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.

Applicable Platforms

Languages

C++

Detection Factors

Black Box:	This typically occurs in rarely-triggered error conditions, reducing the chances of detection during black box testing.
White Box:	Code analysis can require knowledge of API behaviors for library functions that might return NULL, reducing the chances of detection when unknown libraries are used.

Demonstrative Examples

Example 1

The code below makes a call to the getUserName() function but doesn't check the return value before dereferencing (which may cause a NullPointerException).

(Bad Code)

Java

String username = getUserName();

if (username.equals(ADMIN_USER)) {

...

}

Observed Examples

Reference	Description
CVE-2008-1052	Large Content-Length value leads to NULL pointer dereference when malloc fails.
CVE-2006-6227	Large message length field leads to NULL pointer dereference when malloc fails.
CVE-2006-2555	Parsing routine encounters NULL dereference when input is missing a colon separator.
CVE-2003-1054	URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.

Other Notes

A typical occurrence of this weakness occurs when an application includes user-controlled input to a malloc() call. The related code might be correct with respect to preventing buffer overflows, but if a large value is provided, the malloc() will fail due to insufficient memory. This problem also frequently occurs when a parsing routine expects that certain elements will always be present. If malformed input is provided, the parser might return NULL. For example, strtok() can return NULL.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to	Named Chain(s) this relationship pertains to
ChildOf	Weakness Class	20	Improper Input Validation	Research Concepts (primary)1000
StartsWith	Weakness Base	252	Unchecked Return Value	Named Chains (primary)709	Unchecked Return Value to NULL Pointer Dereference690

Relevant Properties

Validity

Content History

Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Sean Eidemiller	Cigital	External
2008-07-01	added/updated demonstrative examples
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Time of Introduction
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Applicable Platforms, Description, Detection Factors, Relationships, Other Notes

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us