CWE-839: Numeric Range Comparison Without Minimum Check
Learn about CWE-839 (Numeric Range Comparison Without Minimum Check), its security impact, exploitation methods, and prevention guidelines.
What is Numeric Range Comparison Without Minimum Check?
• Overview: This vulnerability occurs when a program checks that a numeric value does not exceed a maximum limit but fails to ensure it is above a minimum threshold, potentially allowing negative or otherwise invalid values.
• Exploitation Methods:
- Attackers can input negative values where only positive values are expected.
- Common techniques include using negative inputs to manipulate memory allocation, access beyond buffer limits, or exploit application logic flaws.
• Security Impact:
- Direct consequences include potential buffer overflows, memory corruption, and application crashes.
- Potential cascading effects include unauthorized access to memory, data corruption, or application logic manipulation.
- Business impact could involve financial loss, data breaches, and reputational damage.
• Prevention Guidelines:
- Implement checks to ensure that numeric values are within both minimum and maximum boundaries.
- Use unsigned data types for variables expected to hold only positive values.
- Employ input validation libraries and frameworks to enforce strict validation rules.
- Recommended tools include static analysis tools to detect missing boundary checks in code.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: C, C++
Affected Technologies: Not specified
Vulnerable Code Example
// This function attempts to access an array element based on user input
#include <stdio.h>
void processInput(int index) {
int data[] = {10, 20, 30, 40, 50};
int arraySize = sizeof(data) / sizeof(data[0]);
// Vulnerable: Only checks if the index is less than the maximum
if (index < arraySize) {
printf("Array element at index %d is %d\n", index, data[index]);
} else {
printf("Index out of bounds\n");
}
}
int main() {
int userInput;
printf("Enter an index: ");
scanf("%d", &userInput);
processInput(userInput);
return 0;
}
Explanation
In the vulnerable code above, the function processInput only checks whether the index is less than the arraySize. This means if a user inputs a negative number, it can lead to accessing unintended memory locations. This can cause a security issue or crash the program, as negative indices are not handled.
How to fix Numeric Range Comparison Without Minimum Check?
To fix this vulnerability, ensure that the index is within a valid range by checking both the lower and upper bounds. Always validate that the index is greater than or equal to zero and less than the array size before using it to access an array.
Fixed Code Example
// This function safely accesses an array element after validating user input
#include <stdio.h>
void processInput(int index) {
int data[] = {10, 20, 30, 40, 50};
int arraySize = sizeof(data) / sizeof(data[0]);
// Fixed: Check both the lower and upper bounds of the index
if (index >= 0 && index < arraySize) {
printf("Array element at index %d is %d\n", index, data[index]);
} else {
printf("Index out of bounds\n");
}
}
int main() {
int userInput;
printf("Enter an index: ");
scanf("%d", &userInput);
processInput(userInput);
return 0;
}
Explanation
In the fixed code, we have added a check index >= 0 to ensure that the index is non-negative. This prevents out-of-bounds access for negative values, effectively mitigating the security risk. This simple validation step is crucial in preventing potential vulnerabilities associated with unvalidated or improperly validated input. Always ensure inputs are thoroughly validated before use in array indexing to maintain program stability and security.