Reino: Code Quality

Una mala calidad del código lleva a un comportamiento no predecible. Desde la perspectiva de un usuario, muchas veces también supone una usabilidad limitada. Pero para un atacante es una oportunidad para atacar al sistema de formas insospechadas.

Use After Free

Abstract
Al hacer referencia a una memoria una vez liberada, se puede producir un bloqueo del programa.
Explanation
Los errores de uso tras la liberación se producen cuando un programa sigue usando un puntero una vez que este se ha liberado. Al igual que los errores de doble liberación y las pérdidas de memoria, los errores de uso tras la liberación presentan dos causas habituales, que a veces se superponen:

- Condiciones de error y otras circunstancias excepcionales.

- Confusión en cuanto a la parte del programa responsable de liberar la memoria

Los errores de uso tras la liberación a menudo no tienen ningún efecto, pero en otras ocasiones pueden provocar que se bloquee el programa. Aunque es técnicamente factible reasignar la memoria liberada y que el usuario malintencionado utilice esta reasignación para iniciar un ataque de buffer overflow, no conocemos ningún ataque basado en este tipo de método.

Ejemplo: el siguiente código muestra un error de uso tras la liberación:


char* ptr = (char*)malloc (SIZE);
...
if (err) {
    abrt = 1;
    free(ptr);
}
...
if (abrt) {
    logError("operation aborted before commit", ptr);
}
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 416
[2] Standards Mapping - Common Weakness Enumeration Top 25 2019 [1] CWE ID 119, [7] CWE ID 416
[3] Standards Mapping - Common Weakness Enumeration Top 25 2020 [5] CWE ID 119, [8] CWE ID 416
[4] Standards Mapping - Common Weakness Enumeration Top 25 2021 [7] CWE ID 416, [17] CWE ID 119
[5] Standards Mapping - Common Weakness Enumeration Top 25 2022 [7] CWE ID 416, [19] CWE ID 119
[6] Standards Mapping - Common Weakness Enumeration Top 25 2023 [4] CWE ID 416, [17] CWE ID 119
[7] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[8] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data
[9] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 21.3
[10] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 18-4-1
[11] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[12] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[13] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[14] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[15] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[16] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[20] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[21] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection
[22] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection
[23] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[44] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[45] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.cpp.use_after_free