Corgea LogoCorgea Security Hub

CWE-462: Duplicate Key in Associative List (Alist)

Learn about CWE-462 (Duplicate Key in Associative List (Alist)), its security impact, exploitation methods, and prevention guidelines.

What is Duplicate Key in Associative List (Alist)?

• Overview: Duplicate Key in Associative List (Alist) occurs when an associative list contains multiple entries with the same key, leading to confusion over which value should be used and potentially masking errors.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by deliberately inserting duplicate keys to cause unexpected behavior or bypass checks.
  • Common attack patterns include injecting duplicate keys to manipulate logic or data retrieval processes.

• Security Impact:

  • Direct consequences include incorrect data retrieval or processing, leading to logical errors in the application.
  • Potential cascading effects may involve data integrity issues and compromised decision-making processes within the application.
  • Business impact may include erroneous transactions, data corruption, and loss of customer trust.

• Prevention Guidelines:

  • Specific code-level fixes involve implementing checks to prevent duplicate key entries during insertion or updating data.
  • Security best practices include using data structures that inherently do not allow duplicates, such as maps or dictionaries with unique keys.
  • Recommended tools and frameworks may include static analysis tools to detect potential duplicate key vulnerabilities and libraries that enforce strict key uniqueness.
Corgea can automatically detect and fix Duplicate Key in Associative List (Alist) in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Low

Affected Languages: C, C++, Java, C#

Affected Technologies: Not specified

Vulnerable Code Example

C Example

#include <stdio.h>
#include <string.h>

#define MAX_ENTRIES 100

typedef struct {
    char key[50];
    char value[50];
} Entry;

Entry alist[MAX_ENTRIES];
int entry_count = 0;

void add_entry(const char* key, const char* value) {
    // Vulnerable code: Does not prevent adding duplicate keys
    for (int i = 0; i < entry_count; i++) {
        if (strcmp(alist[i].key, key) == 0) {
            // Duplicate key found but ignored
            printf("Warning: Duplicate key '%s' is ignored.\n", key);
        }
    }
    // Potentially adds a duplicate entry
    strcpy(alist[entry_count].key, key);
    strcpy(alist[entry_count].value, value);
    entry_count++;
}

void print_entries() {
    for (int i = 0; i < entry_count; i++) {
        printf("Key: %s, Value: %s\n", alist[i].key, alist[i].value);
    }
}

int main() {
    add_entry("user1", "Alice");
    add_entry("user2", "Bob");
    add_entry("user1", "Charlie");  // Attempt to add duplicate key
    print_entries();
    return 0;
}

Explanation:

  • The code above allows duplicate keys to be added to the associative list without preventing them. Even though a warning is printed, the duplicate entry is still added, leading to potential data inconsistency and errors.

How to fix Duplicate Key in Associative List (Alist)?

To fix this vulnerability, the code should update the value of an existing entry if a duplicate key is detected, rather than adding a new entry with the same key. This ensures that all keys remain unique and maintains data consistency.

Fixed Code Example

#include <stdio.h>
#include <string.h>

#define MAX_ENTRIES 100

typedef struct {
    char key[50];
    char value[50];
} Entry;

Entry alist[MAX_ENTRIES];
int entry_count = 0;

void add_entry(const char* key, const char* value) {
    // Fixed code: Checks for duplicate keys and updates the value if found
    for (int i = 0; i < entry_count; i++) {
        if (strcmp(alist[i].key, key) == 0) {
            // Update the existing entry's value
            strcpy(alist[i].value, value);
            printf("Updated existing key '%s' with new value.\n", key);
            return;
        }
    }
    // No duplicate found, safe to add a new entry
    if (entry_count < MAX_ENTRIES) {
        strcpy(alist[entry_count].key, key);
        strcpy(alist[entry_count].value, value);
        entry_count++;
    } else {
        printf("Error: Unable to add entry. List is full.\n");
    }
}

void print_entries() {
    for (int i = 0; i < entry_count; i++) {
        printf("Key: %s, Value: %s\n", alist[i].key, alist[i].value);
    }
}

int main() {
    add_entry("user1", "Alice");
    add_entry("user2", "Bob");
    add_entry("user1", "Charlie");  // Update existing key
    print_entries();
    return 0;
}

Explanation:

  • The fixed code now properly checks for existing keys before adding a new entry.
  • If a duplicate key is found, it updates the existing entry's value instead of adding a new one.
  • This approach prevents duplicate keys and ensures data integrity by maintaining unique keys throughout the list.
Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-462: Duplicate Key in Associative List (Alist) and get remediation guidance

Start for free and no credit card needed.