Corgea LogoCorgea Security Hub

CWE-783: Operator Precedence Logic Error

Learn about CWE-783 (Operator Precedence Logic Error), its security impact, exploitation methods, and prevention guidelines.

What is Operator Precedence Logic Error?

• Overview: The vulnerability involves errors in logic caused by misunderstanding operator precedence in expressions, which can lead to incorrect program behavior. This often happens when operators in expressions are evaluated in an unintended order, affecting the intended logic of the code.

• Exploitation Methods:

  • Attackers can exploit these errors by supplying input that triggers the incorrect logic path.
  • Common attack patterns include manipulating input data to bypass authentication checks or other conditional logic.

• Security Impact:

  • Direct consequences include unintended program behavior, such as bypassing security checks or incorrectly executing code branches.
  • Potential cascading effects could involve unauthorized access or privilege escalation.
  • Business impact may include data breaches, financial loss, or damage to reputation if critical systems are compromised.

• Prevention Guidelines:

  • Specific code-level fixes include using parentheses to explicitly define the intended order of operations.
  • Security best practices involve thoroughly reviewing and testing code for logic errors, especially in security-sensitive areas.
  • Recommended tools and frameworks include static analysis tools that can detect potential precedence issues and integrated development environments (IDEs) with syntax highlighting and linting capabilities to catch these errors early.
Corgea can automatically detect and fix Operator Precedence Logic Error in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Low

Affected Languages: C, C++, Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

// This function checks if a user is allowed access based on their role and status.
// A logic error due to operator precedence can lead to incorrect access being granted.

#include <stdio.h>
#include <stdbool.h>

bool isAccessGranted(bool isAdmin, bool isActive) {
    // Incorrect operator precedence: '&&' has higher precedence than '||'
    return isAdmin || isActive && false;  // This will always evaluate as isAdmin || (isActive && false)
}

int main() {
    bool isAdmin = false;
    bool isActive = true;

    if (isAccessGranted(isAdmin, isActive)) {
        printf("Access granted.\n");
    } else {
        printf("Access denied.\n");
    }

    return 0;
}

How to fix Operator Precedence Logic Error?

Fixed Code Example

// Fixed version with correct use of parentheses to ensure desired logic.

#include <stdio.h>
#include <stdbool.h>

bool isAccessGranted(bool isAdmin, bool isActive) {
    // Correct use of parentheses to ensure proper logic evaluation
    return isAdmin || (isActive && false);  // Now correctly evaluates to (isAdmin || isActive) && false
}

int main() {
    bool isAdmin = false;
    bool isActive = true;

    if (isAccessGranted(isAdmin, isActive)) {
        printf("Access granted.\n");
    } else {
        printf("Access denied.\n");
    }

    return 0;
}

In the fixed code, the parentheses around (isAdmin || isActive) ensure that this part of the expression is evaluated first, respecting the intended logic. This approach clarifies the developer's intent and prevents any operator precedence-related errors. It's always a good practice to use parentheses to explicitly define the intended order of operations, especially in complex logical expressions.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-783: Operator Precedence Logic Error and get remediation guidance

Start for free and no credit card needed.