View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

SV.TAINTED.INDEX_ACCESS

Unvalidated input in array indexing

Whenever input is accepted from the user or the outside environment, it should be validated for type, length, format, and range before it is used. Until properly validated, the data is said to be tainted. The SV.TAINTED family of checkers looks for the use of tainted data in code.

The SV.TAINTED.INDEX_ACCESS checker flags code that uses tainted data to access an array.

Vulnerability and risk

When input to code isn't validated properly, an attacker can craft the input in a form that isn't expected by the application. The receipt of unintended input can result in altered control flow, arbitrary resource control, and arbitrary code execution. With this sort of opportunity, an attacker could

  • provide unexpected values and cause a program crash
  • cause excessive resource consumption
  • read confidential data
  • use malicious input to modify data or alter control flow
  • execute arbitrary commands

Using values supplied by the user as an array index can lead to index out-of-bounds vulnerabilities. If the vulnerable function allows for the reading from or writing to arbitrary memory, it could lead to application instability or, with a carefully constructed attack, data disclosure vulnerabilities or code injection.

Mitigation and prevention

To avoid tainted input errors:

  • understand all the potential areas in which untrusted inputs could enter your software: parameters or arguments, cookies, input read from the network, environment variables, reverse DNS lookups, query results, filenames, databases, and any external systems
  • use a whitelist or 'known good' policy for inputs, rather than relying only on a blacklist or 'known bad' strategy
  • make sure all relevant properties of the input are validated, including length, type of input, ranges, missing or extra inputs, syntax, and consistency
  • if there are security checks on the client side of an applications, make sure they're duplicated on the server side
  • if the application combines inputs from multiple sources, perform the validation after the sources have been combined

Vulnerable code example

1  void getSize()
2  {
3    unsigned num, size;
4    int i;
5    scanf("%u %u",&num, &size);
6    sizes[num - 1] = size;
7  
8  }

Klocwork produces an issue report at line 6 indicating that unvalidated integer 'num' received through a call to 'scanf' at line 5 can be used to access an array at line 6. In this case, the SV.TAINTED.INDEX_ACCESS checker flags potentially tainted data used to access an array, which could be exploited by a malicious user.

Fixed code example

1  void getSize()
2  {
3    unsigned num, size;
4    int i;
5    scanf("%u %u",&num, &size);
6    if (num > sizeof(sizes)/sizeof(*sizes)) return;
7    sizes[num - 1] = size;
8  
9  }

In the fixed example, integer 'num' is validated at line 6 before it's used to access the array.

Related checkers

External guidance

Parent topic: Unvalidated user input
Previous topic: SV.TAINTED.FMTSTR
Next topic: SV.TAINTED.INJECTION

© Rogue Wave Software, Inc. All rights reserved. | Contact