CS.SV.TAINTED.DLLPRELOAD

Unvalidated input - untrusted data is used for load the Dll

If a program uses external input to load a DLL, it can be left open to a DLL load attack. This checker reports defects when external (and untrusted) strings are used to load a DLL.

Vulnerability and risk

When input to code isn't validated properly, an attacker can craft the input in a form that isn't expected by the application. The receipt of unintended input can result in altered control flow, arbitrary resource control, and arbitrary code execution. With this sort of opportunity, an attacker could

  • provide unexpected values and cause a program crash
  • cause excessive resource consumption
  • read confidential data
  • use malicious input to modify data or alter control flow
  • execute arbitrary commands

Mitigation and prevention

To avoid tainted input errors:

  • understand all the potential areas in which untrusted inputs could enter your software: parameters or arguments, cookies, input read from the network, environment variables, reverse DNS lookups, query results, filenames, databases, and any external systems
  • use a whitelist or 'known good' policy for inputs, rather than relying only on a blacklist or 'known bad' strategy
  • make sure all relevant properties of the input are validated, including length, type of input, ranges, missing or extra inputs, syntax, and consistency
  • if there are security checks on the client side of an applications, make sure they're duplicated on the server side
  • if the application combines inputs from multiple sources, perform the validation after the sources have been combined

Vulnerable code example 1

1   using System;
2   using System.Reflection;
3   
4   namespace CS.SV.TAINTED.DLLPRELOAD
5   {
6       class Program
7       {
8           static void Main(string[] args)
9           {
10              string fullName = args[1];
11              Assembly SampleAssembly2 = Assembly.ReflectionOnlyLoadFrom(fullName);
12          }
13      }
14  }

In this example, the string is obtained from the command line arguments and is therefore also susceptible to a malicious input. Klocwork reports this issue as a CS.SV.TAINTED.DLLPRELOAD defect at line 11.

Vulnerable code example 2

1   using System;
2   using System.Reflection;
3   
4   namespace CS.SV.TAINTED.DLLPRELOAD
5   {
6       class Program
7       {
8           static void Main(string[] args)
9           {
10              string fullName = Console.ReadLine();
11              Assembly SampleAssembly = Assembly.LoadFile(fullName);
12          }
13      }
14  }

In this example, the string is obtained from the user and is thus also susceptible to a malicious input. Klocwork reports this issue as a CS.SV.TAINTED.DLLPRELOAD defect at line 11.

External guidance

Security training

Application security training materials provided by Secure Code Warrior.