Name Postfix, Null Terminate, and Backslash
Summary If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an attacker to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.
Prerequisites Null terminators are not properly handled by the filter.
Solutions Properly handle Null characters. Make sure canonicalization is properly applied. Do not pass Null characters to the underlying APIs. Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system.
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-697 Insufficient Comparison
CWE-707 Improper Enforcement of Message or Data Structure
Back to Top