CWE-495 "Private Array-Typed Field Returned From A Public Method" - C++ Example: Array vs non-Array

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CWE-495 "Private Array-Typed Field Returned From A Public Method" - C++ Example: Array vs non-Array

Fulvio Baccaglini
In this C++ example a class returns non-const references to a private
member of array type and a private member of non-array (e.g. integer)
type, which are then arbitrarily altered from outside the class'
control.

~~~~~~~~>
namespace CWE_495
{
  typedef int A [2];

  class C
  {
   public:

               C ();
    const A &  fc () const;
    A &        fm ();
    int &      fx ();

   private:

    A    a;
    int  x;
  };

  C::C () : a { 1, 2 }, x (3) { }

  const A & C::fc () const { return a; }

  A & C::fm () { return a; }

  int & C::fx () { return x; }

  C c;

  void g (void)
  {
    // illegal C++: cannot modify const
    // c.fc () [1]  = 42;

    c.fm () [1]     = 42;  // modify array element
    c.fx ()         = 42;  // modify int
  }
}
<~~~~~~~~

It can be argued that in C++ private members of any type, and not just
arrays, could be modified in unexpected ways, when made accessible via
a non-const reference.

Should CWE-495 be extended to all types in the case of C++, or is there
a case for keeping it restricted to arrays only?

Fulvio



Reply | Threaded
Open this post in threaded view
|

RE: CWE-495 "Private Array-Typed Field Returned From A Public Method" - C++ Example: Array vs non-Array

Andrew Buttner
Administrator
I agree that this CWE is currently too specific and should be made a bit more
general by changing the title to "Private Data Structure Returned From A
Public Method".  Adding your example for C++ will also help.  These changes
will be available in the next release.

Thanks
Drew


-----Original Message-----
From: Fulvio Baccaglini <[hidden email]>
Sent: Thursday, August 16, 2018 10:05 AM
To: CWE Research Discussion <[hidden email]>
Subject: CWE-495 "Private Array-Typed Field Returned From A Public Method" -
C++ Example: Array vs non-Array

In this C++ example a class returns non-const references to a private member
of array type and a private member of non-array (e.g. integer) type, which are
then arbitrarily altered from outside the class'
control.

~~~~~~~~>
namespace CWE_495
{
  typedef int A [2];

  class C
  {
   public:

               C ();
    const A &  fc () const;
    A &        fm ();
    int &      fx ();

   private:

    A    a;
    int  x;
  };

  C::C () : a { 1, 2 }, x (3) { }

  const A & C::fc () const { return a; }

  A & C::fm () { return a; }

  int & C::fx () { return x; }

  C c;

  void g (void)
  {
    // illegal C++: cannot modify const
    // c.fc () [1]  = 42;

    c.fm () [1]     = 42;  // modify array element
    c.fx ()         = 42;  // modify int
  }
}
<~~~~~~~~

It can be argued that in C++ private members of any type, and not just arrays,
could be modified in unexpected ways, when made accessible via a non-const
reference.

Should CWE-495 be extended to all types in the case of C++, or is there a case
for keeping it restricted to arrays only?

Fulvio




smime.p7s (6K) Download Attachment