CWE-233: Improper Handling of Parameters

Description

The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

This Android application has registered to handle a URL when sent an intent:


// ...// 
// ...// 


String URL = intent.getStringExtra("URLToOpen");int length = URL.length();
// ...// 
if("com.example.URLHandler.openURL".equals(intent.getAction())) {}@Overridepublic void onReceive(Context context, Intent intent) {}IntentFilter filter = new IntentFilter("com.example.URLHandler.openURL");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}

The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-228: Improper Handling of Syntactically Invalid Structure
Go to
CWE-234: Failure to Handle Missing Parameter
Go to
CWE-235: Improper Handling of Extra Parameters
Go to
CWE-236: Improper Handling of Undefined Parameters
Go to

Visit http://cwe.mitre.org/ for more details.