SV.LPP.CONST
Use of insecure macro for dangerous function
There are several Microsoft Windows functions that can use dangerous macros as parameters, allowing a malicious user to access the registry or run arbitrary commands. RegCreateKeyEx, SHRegCreateUSKey, or RegOpenKeyEx may have their desired-access parameter set to KEY_ALL_ACCESS, which can allow a malicious user to modify attributes in the registry. If the key contains a reference to a DLL, modifying such a reference can permit the running of arbitrary commands.
The SV.LPP.CONST checker finds instances in which the RegCreateKeyEx, SHRegCreateUSKey, or RegOpenKeyEx access parameter is set to KEY_ALL_ACCESS.
Vulnerability and risk
Use of all-access macros results in inappropriately loose permissions for the access of resources. This practice can compromise the security of the software by allowing attackers to gain privileges, access sensitive information, and possibly execute commands. Resource access should always use the lowest level of privilege required to get the job done.
Mitigation and prevention
These flagged defects should be reviewed, and the identified parameters replaced with safer macros or code that ensures lower privileges are enforced.
Vulnerable code example
LONG foo(HKEY hkey, LPCTSTR lpSubKey, DWORD ulOptions, PHKEY phkResult) {
return RegOpenKeyEx(hkey, lpSubKey, ulOptions, KEY_ALL_ACCESS, phkResult);
}
Klocwork produces an issue report at line 2, indicating that function RegOpenKeyEx is using macro KEY_ALL_ACCESS as its desired access parameter. Using this loose access permission macro causes a vulnerability in the code that could result in attackers compromising the security of the software. The issue should be reviewed and KEY_ALL_ACCESS replaced with a safer macro or code that ensures lower privilege use.
Related checkers
External guidance
- CWE-284: Improper Access Control
- OWASP A1:2021 Broken Access Control
- STIG-ID:APP3450.1 Access Control
- STIG-ID:APP3480.1 Role-Based Access
- STIG-ID:APP3480.2 Role-Based Access
- STIG-ID:APP3500 Excessive Privileges
- STIG-ID:APP3630.4 Application vulnerable to race conditions
- Microsoft library: Registry security and access rights
Security training
Application security training materials provided by Secure Code Warrior.