Assignment of a Fixed Address to a Pointer

Draft Variant

Structure: Simple

Description

The product sets a pointer to a specific address other than NULL or 0.

Extended Description

Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

Common Consequences 3

Scope: IntegrityConfidentialityAvailability

Impact: Execute Unauthorized Code or Commands

If one executes code at a known location, an attacker might be able to inject code there beforehand.

Scope: Availability

Impact: DoS: Crash, Exit, or RestartReduce MaintainabilityReduce Reliability

If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.

Scope: ConfidentialityIntegrity

Impact: Read MemoryModify Memory

The data at a known pointer location can be easily read or influenced by an attacker.

Potential Mitigations 1

Phase: Implementation

Never set a pointer to a fixed address.

Demonstrative Examples 1

ID : DX-192

This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.

Code Example:

Bad

// Here we can inject code to execute.*

The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution.

Applicable Platforms

Languages:

C : UndeterminedC++ : UndeterminedC# : UndeterminedAssembly : Undetermined

Modes of Introduction

Implementation

Functional Areas

Memory Management

Affected Resources

Memory

Related Weaknesses

ChildOf:

Use of Invariant Value in Dynamically Changing Context (CWE-344)

ChildOf:

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior (CWE-758)

Taxonomy Mapping

CERT C Secure Coding
Software Fault Patterns