Range checking

Range checking, also known as parameter validation, is a technique that prevents functions from operating on invalid parameters. When parameter validation is not performed by a function, it may be possible for a (possibly remote, possibly anonymous) user to invoke the function with invalid parameters, causing denial of service, loss of data, or possibly even more serious breaches in security. The GetAdmin exploit for Windows NT is a good example of an exploit that breaches authentication by using a flaw in the Win32 API parameter validation (specifically, a lack of validation).

A range error can result from numerical overflow, from exceeding an array index bound or memory address, or when you type a constant that is not a member of any type. Some languages, however, do not treat overflows as an error. In many implementations of C, mathematical overflows cause the result to ôwrap aroundö to lower valuesùfor example, if m is the largest integer value, and s is the smallest, then m + 1 => s.

A range error can also occur in more complicated systems when the privileges of a user are not considered before performing a requested operation. Thus, an FTP server that does not check for write permissions before allowing a user to rename (such as the FTP RNFR vulnerability in wu-ftpd) is, in a sense, a range checking error. A function in Win32 that does not check the callerÆs privilege level before allowing them to write to any memory location in the system (the GetAdmin vulnerability) is another example.

Buffer overflows are also related to range checking.