CWE-170: Improper Null Termination

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CWE-170: Improper Null Termination

Koo, Hsiao-Ming (Michael)

Dear CWE Research Group,


It appears the descriptions (or definitions) of CWE-170: Improper Null Termination is misleading at best.  Briefly, CWE-170 should clearly only cover cases in which C strings are not (null) terminated.  Other CWEs apply to cases of terminators of general data structures

  CWE-707: Improper Enforcement of Message or Data Structure

  CWE-463: Deletion of Data Structure Sentinel Unfortunately some of the text makes it sound like this applies to more general cases, like terminating a list of values in an array with a sentinel value like -99.


It is suggested changing the Description Summary and Platform Notes.

Everything seems fine.  (The following text is from version 1.11.)


  Description Summary

  The software does not terminate or incorrectly terminates a string

  or array with a null character or equivalent terminator.


>> Remove "or array" and also remove "or equivalent terminator".  If

   one *really* wants to include the word "array", parenthesize, e.g.,

      ... terminates a string (in an array) with a null character ...



  Platform Notes

  Conceptually, this does not just apply to the C language; any

  language or representation that involves a terminator could have

  this type of problem.


>> Remove this altogether.  This comment makes it sound like this CWE

   covers any kind of data structure with a terminator.



Michael Koo for Paul Black