- Forward


Error-Handling and Exception-Handling Vulnerabilities
An Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu

Print

Overview
Back SMYC Forward
  • The Nature of the Vulnerability:
    • Code that does not handle errors/exceptions properly (or at all)
  • The Nature of the Attack:
    • Provide input that causes an error/exception
  • The Nature of the Harm:
    • Most commonly the harm is the denial of availability
    • Sometimes these attacks can lead to other kinds of harm and/or attacks
Variants of the Vulnerability
Back SMYC Forward
  • Providing Too Much Information:
    • Providing detailed technical error messages to the user either directly or indirectly
  • Ignoring Errors/Exceptions:
    • Not using return codes
    • Not handling (unchecked) exceptions or pro forma handling of (checked) exceptions
  • Inappropriate Return Values:
    • Error codes that are also valid return values (e.g., returning -1 for a numeric function)
Mitigation
Back SMYC Forward
  • Code Reviews:
    • Necessary but tedious
  • Testing:
    • Unit tests should always exercise all possible errors/exceptions
  • Defensive Programming:
    • Recognize that programs will generate errors/exceptions and act accordingly (i.e., to make the program more reliable and secure)
Defensive Programming
Back SMYC Forward
  • Assertions (i.e. code that allow a program to check itself as it runs):
    • Use assertions to document assumptions and/or unexpected conditions
    • Use assertions for situations that should never occur; use error/handling for conditions you expect
  • Return Values:
    • Adopt a consistent policy about return values (e.g., return error codes, return neutral values, return next valid, return closest valid)
    • Recognize that ther may be a correctness versus robustness trade-off
Defensive Programming (cont.)
Back SMYC Forward
  • Logging:
    • Capture and log error information in an appropriate location
    • Use care to avoid making the logging system a vulnerability (e.g., prevent large log files, do not have unsanitized user input in the log, do not allow user input to determine the location of the log file)
  • Custom Error Messages:
    • Filter error messages provided to users
  • Exceptions:
    • Use exceptions for exceptional circumstances (i.e. do not overuse)
    • Do not "pass the buck" (i.e., handle exceptions that can be handled and re-throw those that can't)
There's Always More to Learn
Back -