[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

246852

 
 

909

 
 

194149

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Incorrect Check of Function Return Value

ID: 253Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Base





Description

The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.

Likelihood of Exploit: Low

Applicable Platforms
Language Class: All

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Availability
Integrity
 
Unexpected state
DoS: crash / exit / restart
 
An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors.
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 
Language Selection
 
Use a language or compiler that uses exceptions and requires the catching of those exceptions.
 
  
Implementation
 
 Properly check all functions which return a value.
 
  
Implementation
 
 When designing any function make sure you return a value or throw an exception in case of an error.
 
  

Relationships

Related CWETypeViewChain
CWE-253 ChildOf CWE-889 Category CWE-888  

Demonstrative Examples   (Details)

  1. This code attempts to allocate memory for 4 integers and checks if the allocation succeeds.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CLASP  Misinterpreted function return value
 
 

References:

  1. Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 7, "Return Value Testing and Interpretation", Page 340.'. Published on 2006.

© SecPod Technologies