CWE-480: Use of Incorrect Operator

Description

The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Extended Description

These types of errors are generally the result of a typo by the programmer.

Example Vulnerable Codes

Example - 1

The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.


printf("Value is valid\n");return(1);
if (value=100) {}printf("Value is not valid\n");return(0);int isValid(int value) {}

Console.WriteLine("Value is valid.");return true;
if (value=100) {}Console.WriteLine("Value is not valid.");return false;bool isValid(int value) {}

However, the expression to be evaluated in the if statement uses the assignment operator "=" rather than the comparison operator "==". The result of using the assignment operator instead of the comparison operator causes the int variable to be reassigned locally and the expression in the if statement will always evaluate to the value on the right hand side of the expression. This will result in the input value not being properly validated, which can cause unexpected results.

Example - 2

The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.




// // Print stack overflow error message and exit// 

p1++;if(p1==(tos+SIZE)) {}*p1 == i;

// // Print stack underflow error message and exit// 

if(p1==tos) {}p1--;return *(p1+1);

// // initialize tos and p1 to point to the top of stack// 
// // code to add and remove items from stack// 
tos = stack;p1 = stack;...return 0;#define SIZE 50int *tos, *p1, stack[SIZE];void push(int i) {}int pop(void) {}int main(int argc, char *argv[]) {}

The push method includes an expression to assign the integer value to the location in the stack pointed to by the pointer variable.

However, this expression uses the comparison operator "==" rather than the assignment operator "=". The result of using the comparison operator instead of the assignment operator causes erroneous values to be entered into the stack and can cause unexpected results.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 18, 2024 16:46