CWE-242: Use of Inherently Dangerous Function
Learn about CWE-242 (Use of Inherently Dangerous Function), its security impact, exploitation methods, and prevention guidelines.
What is Use of Inherently Dangerous Function?
• Overview: Use of Inherently Dangerous Function (CWE-242) occurs when software uses functions that are fundamentally unsafe, often due to lack of security considerations in their design, such as not checking input sizes.
• Exploitation Methods:
- Attackers exploit this vulnerability by providing input that exceeds expected sizes, causing buffer overflows.
- Common attack patterns include sending large inputs to functions like gets() or using unsafe operators like >> to overflow buffers.
• Security Impact:
- Direct consequences include arbitrary code execution, crashes, or data corruption.
- Potential cascading effects can lead to unauthorized access or system compromise.
- Business impact may involve data breaches, loss of customer trust, and financial penalties.
• Prevention Guidelines:
- Specific code-level fixes include replacing unsafe functions like gets() with safer alternatives like fgets().
- Security best practices involve performing input validation and using bounds-checked functions.
- Recommended tools and frameworks include static analysis tools to detect unsafe function usage and adopting secure coding standards.
Corgea can automatically detect and fix Use of Inherently Dangerous Function in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit:
Affected Languages: C, C++
Affected Technologies: Not specified
Vulnerable Code Example
C Example
// vulnerable.c {6}
// This C program demonstrates the use of an inherently dangerous function: gets().
// The function gets() does not perform bounds checking on the input, leading to buffer overflow vulnerabilities.
#include <stdio.h>
int main() {
char buffer[100];
printf("Enter some text: ");
gets(buffer); // Vulnerable: gets() does not check the buffer size, allowing buffer overflow.
printf("You entered: %s\n", buffer);
return 0;
}
How to fix Use of Inherently Dangerous Function?
The gets() function is inherently dangerous because it does not perform bounds checking, which can lead to buffer overflow vulnerabilities. To fix this issue, you should use safer alternatives like fgets(), which allows you to specify the maximum number of characters to read, including the null terminator. This ensures that the input will not exceed the bounds of the buffer.
Key Fixes:
- Replace
gets()withfgets(). - Specify the size of the buffer to
fgets()to prevent overflow. - Use
stdinas the input stream forfgets()when reading from standard input.
Fixed Code Example
// fixed.c {8}
// This C program uses fgets() instead of gets() to safely read input from the user.
// fgets() performs bounds checking and prevents buffer overflow by limiting input size.
#include <stdio.h>
int main() {
char buffer[100];
printf("Enter some text: ");
if (fgets(buffer, sizeof(buffer), stdin) != NULL) { // Fixed: fgets() limits input size to the buffer length.
printf("You entered: %s", buffer); // No need for \n as fgets() retains the newline character
} else {
printf("Error reading input.\n");
}
return 0;
}
In the fixed version, fgets() is used with sizeof(buffer) to ensure that input does not exceed the buffer's capacity, preventing overflow. The use of fgets() also handles input errors gracefully by checking the return value. This change effectively mitigates the CWE-242 vulnerability by replacing the dangerous gets() function with a safer alternative that includes bounds checking.