Improper Handling of Length Parameter Inconsistency [CWE-130] — The Hacktivists

1. Description
………………………………

This weakness describes a situation when the length of attacker-controlled input is inconsistent with the length of the associated data. An attacker might be able to pass a large input to the application, which can result in buffer errors.

// Improper Handling of Length Parameter Inconsistency [CWE-130] vulnerable code example
// (c) HTB Research
#include "StdAfx.h"
#include <stdlib.h>
#include <stdio.h>
#include <string>

int main(int argc, char **argv[]) {
char secretString[6] = {'A','A','A','A','A'};
char buf1[5];
int iLen = 0;
int iLen2 = 0;
int i = 0;
iLen = argc;
for (i = 0; i< iLen;i++) {
buf1[i] = secretString[i];
}
iLen2 = strlen(secretString);
printf("The buffer is: %s\n",buf1);
printf("The secretString length buffer is : %d\n",iLen2);
printf("This is the secret: %s\n",secretString);
exit(0);
return 0;
}
// Improper Handling of Length Parameter Inconsistency [CWE-130] vulnerable code example
// (c) HTB Research
#include "StdAfx.h"
#include <stdio.h>
#include <stdlib.h>

int HandleData(char *data, int length) {
int isOK,index;
printf("Length is %d\n\n", length);
for (index = 0; index <= length; index++) {
printf("%c",data[index]);
}
return isOK;
}

int main(int argc, char *argv[])
{
char *data = "This is fake data from a TCP paquet";
int data_length = atoi(argv[1]);
HandleData(data,data_length);
}
Figure — The first 20 bytes are read from the buffer
Figure — The application read data outside the bounds
Figure — The application crashes instantly when the passed value is equal to 20000 bytes
Figure — The application crashes when the passed value is equal to 20000 bytes

2. Potential impact
………………………………

An attacker, who controls input length, might be able to read or write data to arbitrary memory locations and gain access to potentially sensitive information, cause an application crash or execute arbitrary code on the target system.

3. Attack patterns
………………………………

This weakness has one CAPEC pattern:

4. Affected software
………………………………

Software written in languages such as C and C++ that does not perform memory management is potentially vulnerable to this weakness.

5. Severity and CVSS Scoring
……………………………………..

This weakness could lead to memory disclosure, crash or execution of arbitrary code. In the case of information disclosure, it should be scored as C:L/I:N/A:N.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store