Insecure Processing of Data

This category covers the following issues:

• Buffer Overflows
• Format Strings
• External XML Entities

Fixing Buffer Overflows

About Buffer Overflows

What is a buffer overflow?

A buffer overflow is a type of software vulnerability that occurs when a program or application attempts to write data to a buffer that is too small to hold the data. As a result, the excess data overwrites adjacent memory locations, which can cause the program to crash, execute arbitrary code, or behave in unintended ways.

Buffer overflows can occur in many types of programs, including web applications, operating systems, and device drivers. They can be caused by a range of factors, including improper input validation, improper handling of dynamic memory allocation, and the use of unsafe functions.

Check out this video for a high-level explanation:

What is the impact of a buffer overflow?

The impact of a buffer overflow vulnerability can have serious consequences, including:

• Crashes and system instability: Buffer overflows can cause the program or system to crash, which can result in data loss, downtime, and system instability.
• Code execution: In some cases, a buffer overflow can allow an attacker to execute arbitrary code on the system, which can result in unauthorized access, data theft, or system compromise.
• Denial of service: An attacker can use a buffer overflow to cause the program or system to consume excessive resources, resulting in a denial of service (DoS) attack.

How to prevent a buffer overflow?

To prevent buffer overflow vulnerabilities, developers can implement mitigation strategies, including:

• Input validation: Implement strict input validation to ensure that data entered by users is within expected limits and does not exceed buffer sizes.
• Use memory-safe languages: Use memory-safe languages such as Java, C#, or Rust, which have built-in memory management and can help prevent buffer overflow vulnerabilities.
• Implement stack canaries: Use stack canaries to detect and prevent buffer overflow attacks.
• Use safe coding practices: Use secure coding practices such as bounds checking, memory allocation, and exception handling to prevent buffer overflow vulnerabilities.
• Code review and testing: Conduct regular code reviews and testing to identify potential buffer overflow vulnerabilities and fix them before they can be exploited.

References

Taxonomies

• CWE-787: Out-of-bounds Write
• CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
• CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
• CWE-121: Stack-based Buffer Overflow
• CWE-122: Heap-based Buffer Overflow

Explanation & Prevention

• OWASP: Buffer Overflow
• OWASP: Buffer Overflow Attacks

Related CVEs

• CVE Details: CWE-787
• CVE Details: CWE-119
• CVE Details: CWE-120
• CVE Details: CWE-121
• CVE Details: CWE-122

Training

• Secure Code Warrior: Buffer Overflow

Option A: Use secure alternatives

The following functions are prone to buffer overflows and have to be avoided:

functions	functions	functions	functions
StrCat*	g_get_home_dir	lstrcat	strtrns
StrCpy*	g_get_tmp_dir	curl_getenv	swprintf
StrNCat*	getenv	lstrcpy*	vsprintf
_tccat	getopt*	scanf	vscanf
_tccpy	getpw	sprintf	wcscat
_*tscanf	gets	sscanf	wcscpy
_*stprintf	getwd	strCatBuff	wscanf
_mb*cpy	realpath	strcat	streadd
_mb*cat	f*scanf	str*cpy	_getts

Follow the steps below:

1. Go through the issues that GuardRails identified in the PR/MR.

2. Look for functions in the table above, for example:

   void manipulate_string(char* string){
     char buf[24];
     strcpy(buf, string);
   }

3. And use safe alternatives that check the buffer bounds, like:

   void manipulate_string(char* string){
     char buf[24];
     strlcpy(buf, string, sizeof(buf));
   }

4. Test it

5. Ship it 🚢 and relax 🌴

Fixing Format Strings

About Format Strings

What is a format string vulnerability?

A format string vulnerability is a type of software vulnerability that can occur in applications that use format strings to process user input. Format string vulnerabilities can be exploited by attackers to read or write arbitrary memory locations, execute arbitrary code, or cause the program to crash.

The vulnerability occurs when a format string that is controlled by an attacker is passed to a function that processes it without proper validation or sanitization. This can allow the attacker to manipulate the format string to access or modify memory locations that are not intended to be accessed or modified.

What is the impact of format string vulnerabilities?

Format string vulnerabilities can have serious consequences, including:

• Information disclosure: An attacker can use a format string vulnerability to read sensitive information from memory, such as passwords, encryption keys, or other data.
• Remote code execution: An attacker can use a format string vulnerability to execute arbitrary code on the system, allowing them to take control of the system or steal sensitive data.
• Denial of service: An attacker can use a format string vulnerability to cause the program to crash or enter an infinite loop, resulting in a denial of service (DoS) attack.

How to prevent format string vulnerabilities?

To prevent format string vulnerabilities, developers can implement several strategies, including:

• Input validation: Validate input to ensure that it is within expected limits and does not exceed buffer sizes or contain unexpected characters.
• Use of safe formatting functions: Use safe formatting functions that provide bounds checking, such as snprintf or printf_s, rather than unsafe functions like printf.
• String sanitization: Sanitize format strings to remove any characters that could be used to exploit a vulnerability, such as %n, which can be used to write arbitrary data to a memory location.
• Use of static analysis tools: Use static analysis tools to identify potential format string vulnerabilities during code review and testing.

References

Taxonomies

• CWE-134: Use of Externally-Controlled Format String

Explanation & Prevention

• OWASP: Format String Attacks
• OWASP: Testing for Format String Injection

Related CVEs

• CVE Details: CWE-134

Training

• Secure Code Warrior: Format Strings

Option A: Use format string functions securely

The following function patterns are prone to format string attacks:

• *printf*
• syslog

Follow the steps below:

1. Go through the issues that GuardRails identified in the PR/MR.

2. Look for function patterns like shown above, for example:

   int main(int argc, char **argv){
     char buf[128];
     snprintf(buf,128,argv[1]);
   }

3. Ensure that all format string functions are passed a static string that cannot be controlled by the user and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings.

4. Test it

5. Ship it 🚢 and relax 🌴

Fixing XML External Entities

About XML External Entities

What is XML External Entities (XXE) injection?

XML External Entities (XXE) injection is a type of security vulnerability that allows attackers to exploit the processing of XML data by an application.

This occurs when an application accepts XML data from an untrusted source and processes it without proper validation, allowing the inclusion of external entities that can be malicious or contain sensitive information.

As a result, attackers can perform various malicious activities, such as stealing user data, executing arbitrary code, or performing denial-of-service attacks.

Check out this video for a high-level explanation:

What is the impact of XXE injection?

XML External Entities (XXE) injection can lead to various security threats and risks, such as:

• Information theft: XXE attacks can steal sensitive information, such as login credentials, credit card details, or other personally identifiable information, by injecting malicious code or entities that collect and transmit user data to attackers.
• Server-side request forgery: XXE attacks can initiate requests to systems that are accessible from the affected web server.
• Denial of service: XXE attacks can cause denial-of-service (DoS) attacks by injecting malicious code or entities that consume system resources, such as CPU or memory, leading to system crashes or slowdowns.
• Arbitrary code execution: XXE attacks can execute arbitrary code on the server by injecting malicious code or entities that exploit vulnerabilities in the application or the underlying operating system.

How to prevent XXE injection?

To prevent XML External Entities (XXE) injection, it is important to follow security best practices and implement appropriate security measures, such as:

• Disable external entity processing: Disable the processing of external entities in XML parsers and libraries to prevent XXE vulnerabilities.
• Use secure parsers and libraries: Use secure parsers and libraries that support secure XML processing.
• Use input validation: Validate user input to ensure that it is safe and does not contain malicious code or entities.
• Keep software up to date: Keep software and security protocols up to date, as new vulnerabilities and security patches are regularly released.

References

Taxonomies

• OWASP Top 10 - A05 Security Misconfiguration
• SANS TOP 25 - #24
• CWE-611: Improper Restriction of XML External Entity Reference

Explanation & Prevention

• OWASP: XXE Processing
• OWASP: XXE Prevention Cheat Sheet
• MSDN Security Briefs - XML Denial of Service Attacks and Defenses
• Identifying XML External Entity vulnerability (XXE)
• WS-Attacks.org: XML Entity Expansion
• WS-Attacks.org: XML External Entity DOS
• WS-Attacks.org: XML Entity Reference Attack

Related CVEs

• CVE Details: CWE-611

Training

• Secure Code Warrior: XML External Entities (XXE)