Kingdom: Input Validation and Representation

Input validation and representation problems ares caused by metacharacters, alternate encodings and numeric representations. Security problems result from trusting input. The issues include: "Buffer Overflows," "Cross-Site Scripting" attacks, "SQL Injection," and many others.

Unsafe Native Invoke

C#/VB.NET/ASP.NET

Abstract

Improper use of the Platform Invocation Services can render managed applications vulnerable to security flaws in other languages.

Explanation

Unsafe Native Invoke errors occur when a managed application uses P/Invoke to call native (unmanaged) code written in another programming language.

Example 1: The following C# code defines a class named Echo. The class declares one native method that uses C to echo commands entered on the console back to the user.


class Echo
{
  [DllImport("mylib.dll")]
  internal static extern void RunEcho();

  static void main(String[] args)
  {
    RunEcho();
  }
}

The following C code defines the native method implemented in the Echo class:


#include <stdio.h>

void __stdcall RunEcho()
{
  char* buf = (char*) malloc(64 * sizeof(char));
  gets(buf);
  printf(buf);
}

Because the Echo is implemented in managed code, it may appear that it is immune to memory issues like buffer overflow vulnerabilities. Although the managed environment does do a good job of making memory operations safe, this protection does not extend to vulnerabilities occurring in native code accessed using P/Invoke. Despite the memory protections offered in the managed runtime environment, the native code in this example is vulnerable to a buffer overflow because it makes use of gets(), which does not perform any bounds checking on its input. As well, buf is allocated but not freed and therefore is a memory leak.

The vulnerability in Example 1 could easily be detected through a source code audit of the native method implementation. This may not be practical or possible depending on the availability of source code and the way the project is built, but in many cases it may suffice. However, the ability to share objects between the managed and native environments expands the potential risk to much more insidious cases where improper data handling in managed code may lead to unexpected vulnerabilities in native code or to unsafe operations in native code corrupting data structures in managed code.

Vulnerabilities in native code accessed through a managed application are typically exploited in the same manner as they are in applications written in the native language. The only challenge to such an attack is for the attacker to identify that the managed application uses native code to perform certain operations. This can be accomplished in a variety of ways, including identifying specific behaviors that are often implemented with native code or by exploiting a system information leak in the managed application that exposes its use of P/Invoke.

References

[1] How to: Call Native DLLs from Managed Code Using PInvoke

[2] Standards Mapping - Common Weakness Enumeration CWE ID 111

[3] Standards Mapping - Common Weakness Enumeration Top 25 2024 [12] CWE ID 020

[4] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002754

[5] Standards Mapping - FIPS200 SI

[6] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data

[7] Standards Mapping - NIST Special Publication 800-53 Revision 4 SI-10 Information Input Validation (P1)

[8] Standards Mapping - NIST Special Publication 800-53 Revision 5 SI-10 Information Input Validation

[9] Standards Mapping - OWASP Mobile 2014 M7 Client Side Injection

[10] Standards Mapping - OWASP Mobile 2024 M4 Insufficient Input/Output Validation

[11] Standards Mapping - OWASP Top 10 2004 A1 Unvalidated Input

[12] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.1

[13] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.3.1.1

[14] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6

[15] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6

[16] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6

[17] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6

[18] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4

[19] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4

[20] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection

[21] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation

[22] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation, Control Objective C.3.2 - Web Software Attack Mitigation

[23] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3510 CAT I

[24] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3510 CAT I

[25] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3510 CAT I

[26] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3510 CAT I

[27] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3510 CAT I

[28] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3510 CAT I

[29] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3510 CAT I

[30] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002560 CAT I

[31] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002560 CAT I

[32] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002560 CAT I

[33] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002560 CAT I

[34] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002560 CAT I

[35] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002560 CAT I

[36] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002560 CAT I

[37] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002560 CAT I

[38] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002560 CAT I

[39] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002560 CAT I

[40] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002560 CAT I

[41] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002560 CAT I

[42] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002560 CAT I

[43] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002530 CAT II, APSC-DV-002560 CAT I

[44] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002530 CAT II, APSC-DV-002560 CAT I

[45] Standards Mapping - Web Application Security Consortium Version 2.00 Improper Input Handling (WASC-20)

desc.dataflow.dotnet.unsafe_native_invoke