CWE

Use of Path Manipulation Function without Maximum-sized Buffer

ID: 785		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.

Extended Description

Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.

Applicable Platforms
Language: C
Language: C++

Time Of Introduction

• Implementation

Common Consequences

Scope	Technical Impact	Notes
Integrity Confidentiality Availability	Modify memory Execute unauthorized code or commands DoS: crash / exit / restart

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Implementation		Always specify output buffers large enough to handle the maximum-size possible result from path manipulation functions.

Relationships

Related CWE	Type	View	Chain
CWE-785 ChildOf CWE-890	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
A weakness where code path has:
1. end statement that passes buffer to path manipulation function where the size of the buffer is smaller than expected by the path manipulation function

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
7 Pernicious Kingdoms		Often Misused: File System

References:
None