SV.TAINTED.CALL.LOOP_BOUND
Unvalidated input used as a loop boundary by function call
Whenever input is accepted from the user or the outside environment, it should be validated for type, length, format, and range before it is used. Until properly validated, the data is said to be tainted. The SV.TAINTED family of checkers looks for the use of tainted data in code.
The SV.TAINTED.CALL.LOOP_BOUND error is reported when a loop variable is passed as an argument to another function and used as a loop boundary.
Vulnerability and risk
When input to code isn't validated properly, an attacker can craft the input in a form that isn't expected by the application. The receipt of unintended input can result in altered control flow, arbitrary resource control, and arbitrary code execution. With this sort of opportunity, an attacker could
- provide unexpected values and cause a program crash
- cause excessive resource consumption
- read confidential data
- use malicious input to modify data or alter control flow
- execute arbitrary commands
Vulnerable code example
void iterate(int n){
int i;
for (i = 0; i < n; i++){
foo();
}
}
void iterateFoo()
{
unsigned num;
scanf("%u",&num);
iterate(num);
}
Klocwork produces an issue report at line 13 indicating that the unvalidated integer value 'num' received through a call to 'scanf' at line 11 can be used in a loop condition through a call to 'iterate' at line 13. In this case, the SV.TAINTED.CALL.LOOP_BOUND checker finds code that uses potentially tainted data passed to another function as a loop boundary.
Fixed code example
void iterate(int n){
int i;
for (i = 0; i < n; i++){
foo();
}
}
void iterateFoo()
{
unsigned num;
scanf("%u",&num);
if (num < 100) iterate(num);
}
In the fixed example, the integer value 'num' is checked at line 13 before the iteration.
Related checkers
External guidance
- CERT ARR00-C: Understand how arrays work
- CERT CTR50-CPP: Guarantee that container indices and iterators are within the valid range
- CERT INT04-C: Enforce limits on integer values originating from tainted sources
- CWE-20: Improper Input Validation
- CWE-606: Unchecked Input for Loop Condition
- OWASP A3:2021 Injection
- STIG-ID: APP3510 Insufficient input validation