Error-Handling and Exception-Handling Vulnerabilities

Error-Handling and Exception-Handling Vulnerabilities
An Introduction

Computer Science Department

bernstdh@jmu.edu

Overview

The Nature of the Vulnerability:
- Code that does not handle errors/exceptions properly (or at all)
The Nature of the Attack:
- Provide input that causes an error/exception
The Nature of the Harm:
- Most commonly the harm is the denial of availability
- Sometimes these attacks can lead to other kinds of harm and/or attacks

Variants of the Vulnerability

Providing Too Much Information:
- Providing detailed technical error messages to the user either directly or indirectly
Ignoring Errors/Exceptions:
- Not using return codes
- Not handling (unchecked) exceptions or pro forma handling of (checked) exceptions
Inappropriate Return Values:
- Error codes that are also valid return values (e.g., returning -1 for a numeric function)

Mitigation

Code Reviews:
- Necessary but tedious
Testing:
- Unit tests should always exercise all possible errors/exceptions
Defensive Programming:
- Recognize that programs will generate errors/exceptions and act accordingly (i.e., to make the program more reliable and secure)

Defensive Programming

Assertions (i.e. code that allow a program to check itself as it runs):
- Use assertions to document assumptions and/or unexpected conditions
- Use assertions for situations that should never occur; use error/handling for conditions you expect
Return Values:
- Adopt a consistent policy about return values (e.g., return error codes, return neutral values, return next valid, return closest valid)
- Recognize that ther may be a correctness versus robustness trade-off

Defensive Programming (cont.)

Logging:
- Capture and log error information in an appropriate location
- Use care to avoid making the logging system a vulnerability (e.g., prevent large log files, do not have unsanitized user input in the log, do not allow user input to determine the location of the log file)
Custom Error Messages:
- Filter error messages provided to users
Exceptions:
- Use exceptions for exceptional circumstances (i.e. do not overuse)
- Do not "pass the buck" (i.e., handle exceptions that can be handled and re-throw those that can't)

There's Always More to Learn