Main Content

Missing case for switch condition

switch variable not covered by cases and default case is missing

expand all in page

Description

This defect occurs when the switch variable can take values that are not covered by a case statement.

Note

Bug Finder only raises a defect if the switch variable is not full range.

Risk

If the switch variable takes a value that is not covered by a case statement, your program can have unintended behavior.

A switch-statement that makes a security decision is particularly vulnerable when all possible values are not explicitly handled. An attacker can use this situation to deviate the normal execution flow.

Fix

It is good practice to use a default statement as a catch-all for values that are not covered by a case statement. Even if the switch variable takes an unintended value, the resulting behavior can be anticipated.

Examples

expand all

#include <stdio.h>
#include <string.h>

typedef enum E
{
    ADMIN=1,
    GUEST,
    UNKNOWN = 0
} LOGIN;

static LOGIN system_access(const char *username) {
  LOGIN user = UNKNOWN;

  if ( strcmp(username, "root") == 0 )
    user = ADMIN;

  if ( strcmp(username, "friend") == 0 )
    user = GUEST;

  return user;
}

int identify_bad_user(const char * username)
{
    int r=0;

    switch( system_access(username) ) 
    {
    case ADMIN:
        r = 1;
        break;
    case GUEST:
        r = 2;
    }

    printf("Welcome!\n");
    return r;
}

In this example, the enum parameter User can take a value UNKNOWN that is not covered by a case statement.

Correction — Add a Default Condition

One possible correction is to add a default condition for possible values that are not covered by a case statement.

#include <stdio.h>
#include <string.h>

typedef enum E
{
    ADMIN=1,
    GUEST,
    UNKNOWN = 0
} LOGIN;

static LOGIN system_access(const char *username) {
  LOGIN user = UNKNOWN;

  if ( strcmp(username, "root") == 0 )
    user = ADMIN;

  if ( strcmp(username, "friend") == 0 )
    user = GUEST;

  return user;
}

int identify_bad_user(const char * username)
{
    int r=0;

    switch( system_access(username) ) 
    {
    case ADMIN:
        r = 1;
        break;
    case GUEST:
        r = 2;
	break;
    default:
        printf("Invalid login credentials!\n");
    }

    printf("Welcome!\n");
    return r;
}

Result Information

Group: Security
Language: C | C++
Default: Off
Command-Line Syntax: MISSING_SWITCH_CASE
Impact: Low

Version History

Introduced in R2015b

See Also

Topics