Uncontrolled process operation ¶

ID: cpp/uncontrolled-process-operation
Kind: path-problem
Security severity: 8.2
Severity: warning
Precision: medium
Tags:
   - security
   - external/cwe/cwe-114
Query suites:
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

The code passes user input directly to system, dlopen, LoadLibrary or some other process or library routine. As a result, the user can cause execution of arbitrary code.

Recommendation ¶

If possible, use hard-coded string literals for the command to run or library to load. Instead of passing the user input directly to the process or library function, examine the user input and then choose among hard-coded string literals.

If the applicable libraries or commands cannot be determined at compile time, then add code to verify that the user-input string is safe before using it.

Example ¶

int
 main
(
int
 argc
,
 char
**
 argv
)
 {

  char
 *
lib
 =
 argv
[
2
];

  
  // BAD: the user can cause arbitrary code to be loaded

  void
*
 handle
 =
 dlopen
(
lib
,
 RTLD_LAZY
);

  
  // GOOD: only hard-coded libraries can be loaded

  void
*
 handle2
;


  if
 (
!
strcmp
(
lib
,
 "inmem"
))
 {

    handle2
 =
 dlopen
(
"/usr/share/dbwrap/inmem"
,
 RTLD_LAZY
);

  }
 else
 if
 (
!
strcmp
(
lib
,
 "mysql"
))
 {

    handle2
 =
 dlopen
(
"/usr/share/dbwrap/mysql"
,
 RTLD_LAZY
);

  }
 else
 {

    die
(
"Invalid library specified
\n
"
);

  }

}

References ¶

Common Weakness Enumeration: CWE-114 .

© GitHub, Inc.
Terms
Privacy