CS.SV.TAINTED.BINOP

Use of Unvalidated Integers in Binary Operations

Whenever input data is accepted from the user or the outside environment, it should be validated for type, length, format, and range before it is used. Until this data is properly validated, it is said to be tainted. The CS.SV.TAINTED family of checkers looks for the use of tainted data in code.

The CS.SV.TAINTED.BINOP checker flags code that uses tainted data in arithmetic binary operations, such as addition, subtraction, or multiplication.

Vulnerability and risk

When integer data input to the code is not validated properly and is used as an operand to a binary operation, the result can be an integer overflow or wraparound. This potential situation could allow an attacker to alter the normal control flow, causing an unexpected program behavior. In the worst-case scenarios, an attacker could:

Provide unexpected values and cause a program crash
Cause excessive resource consumption
Read confidential data
Use malicious input to modify data or alter control flow
Execute arbitrary commands

Mitigation and prevention

To avoid tainted input errors:

Understand all the potential areas in which untrusted inputs could enter your software: parameters or arguments, cookies, input read from the network, environment variables, reverse DNS lookups, query results, filenames, databases, and any external systems.
Use a whitelist or 'known good' policy for inputs, rather than relying only on a blacklist or 'known bad' strategy.
Make sure all relevant properties of the input are validated, including length, type of input, ranges, missing or extra inputs, syntax, and consistency.
If there are security checks on the client side of an applications, make sure they are duplicated on the server side.
If the application combines inputs from multiple sources, perform the validation after the sources have been combined.

Vulnerable code example

Copy

1
2
3
4
5
6
7
8
9
10
11
12
   namespace myNamespace
   {    
       class BinaryOprations
       {
           public static void TrySum()
           {            
            int sum = MIN_VALUE;
               int input_value = Console.Read();
               sum = sum + input_value;
          }
      }
  }

Klocwork produces an issue report at line 9, indicating that unvalidated integer 'input_value,' received through a call to 'Console.Read()' at line 8, can be used in the binary operation at line 9, leading to potentially uncontrolled integer overflows and undefined behavior. The CS.SV.TAINTED.BINOP checker warns of this potentially harmful scenario.

Fixed code example

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
   namespace myNamespace
   {    
       class BinaryOprations
       {
           public static void TrySum()
           {            
            int sum = MIN_VALUE;
               int input_value = Console.Read();
   
           // Validate input before using it in a memory allocation 
           if (input_value > 0 && input_value <= MAX_BUFFER_SIZE)
           {
                  sum = sum + input_value;
           }
          }
      }
  }

In this example, the externally controlled data is used only after verification at line 11, and thus the code is no longer vulnerable to the integer overflow attacks.

CS.SV.TAINTED.BINOP

Use of Unvalidated Integers in Binary Operations

Vulnerability and risk

Mitigation and prevention

Vulnerable code example

Fixed code example

Related checkers

External guidance

Security training