CWE-252: Unchecked Return Value
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
扩展描述
Two common programmer assumptions are "this function call can never fail" and "it doesn't matter if this function call fails". If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the product is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges.
常见后果
影响范围: Availability Integrity
技术影响: Unexpected State DoS: Crash, Exit, or Restart
说明: An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors.
潜在缓解措施
阶段: Implementation
描述: Check the results of all functions that return a value and verify that the value is expected.
有效性: High
阶段: Implementation
描述: For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
阶段: Implementation
描述: Ensure that you account for all possible return values from the function.
阶段: Implementation
描述: When designing a function, make sure you return a value or throw an exception in case of an error.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-2020-17533
Chain: unchecked return value (CWE-252) of some functions for policy enforcement leads to authorization bypass (CWE-862)
参考: CVE-2020-6078
Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)
参考: CVE-2019-15900
Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).
参考: CVE-2007-3798
Unchecked return value leads to resultant integer overflow and code execution.
参考: CVE-2006-4447
Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.
参考: CVE-2006-2916
Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.
参考: CVE-2008-5183
chain: unchecked return value can lead to NULL dereference
参考: CVE-2010-0211
chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824).
参考: CVE-2017-6964
Linux-based device mapper encryption program does not check the return value of setuid and setgid allowing attackers to execute code with unintended privileges.
参考: CVE-2002-1372
Chain: Return values of file/socket operations are not checked (CWE-252), allowing resultant consumption of file descriptors (CWE-772).
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| 7 Pernicious Kingdoms | - | Unchecked Return Value | - |
| CLASP | - | Ignored function return value | - |
| OWASP Top Ten 2004 | A7 | Improper Error Handling | CWE More Specific |
| CERT C Secure Coding | ERR33-C | Detect and handle standard library errors | Imprecise |
| CERT C Secure Coding | POS54-C | Detect and handle POSIX library errors | Imprecise |
| The CERT Oracle Secure Coding Standard for Java (2011) | EXP00-J | Do not ignore values returned by methods | - |
| SEI CERT Perl Coding Standard | EXP32-PL | Do not ignore function return values | Exact |
| Software Fault Patterns | SFP4 | Unchecked Status Condition | - |
| OMG ASCSM | ASCSM-CWE-252-resource | - | |
| OMG ASCRM | ASCRM-CWE-252-data | - | |
| OMG ASCRM | ASCRM-CWE-252-resource | - |