Main Content

CWE Rule 535

Exposure of Information Through Shell Error Message

Since R2024a

expand all in page

Description

Rule Description

A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.

Polyspace Implementation

The rule checker checks for Sensitive data printed out.

Examples

expand all

Issue

This issue occurs when print functions such as stdout or stderr print sensitive information.

The checker considers the following as sensitive information:

  • Return values of password manipulation functions such as getpw, getpwnam or getpwuid.

  • Input values of functions such as the Windows®-specific function LogonUser.

Risk

Printing sensitive information, such as passwords or user information, allows an attacker additional access to the information.

Fix

One fix for this defect is to not print out sensitive information.

If you are saving your logfile to an external file, set the file permissions so that attackers cannot access the logfile information.

Example — Printing Passwords
#include <sys/types.h>
#include <pwd.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>

extern void verify_null(const char* buf);
void bug_sensitivedataprint(const char * my_user) {
    struct passwd* result, pwd;
    long bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
    char buf[1024] = "";
    getpwnam_r(my_user, &pwd, buf, bufsize, &result);
    puts("Name\n");
    puts(pwd.pw_name);
    puts("PassWord\n");
    puts(pwd.pw_passwd); //Noncompliant
    memset(buf, 0, sizeof(buf));
    verify_null(buf);
}

In this example, Bug Finder flags puts for printing out the password pwd.pw_passwd.

Correction — Obfuscate the Password

One possible correction is to obfuscate the password information so that the information is not visible. 

#include <sys/types.h>
#include <pwd.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>

extern void verify_null(const char* buf);

void sensitivedataprint(const char * my_user) {
    struct passwd* result, pwd;
    long bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
    char buf[1024] = "";
    getpwnam_r(my_user, &pwd, buf, bufsize, &result);
    puts("Name\n");
    puts(pwd.pw_name);
    puts("PassWord\n");
    puts("XXXXXXXX\n"); 
    memset(buf, 0, sizeof(buf));
    verify_null(buf);
}

Check Information

Category: Others

Version History

Introduced in R2024a

See Also

Topics

External Websites