CWE Rule 782

Exposed IOCTL with Insufficient Access Control

Since R2026a

expand all in page

Description

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL..

Polyspace Implementation

The rule checker checks for the issue Use of I/O control functions.

Examples

expand all

Issue

This issue occurs if you use handlers of low-level I/O control functions:

  • Structures such as file_operations and block_operations that can hold I/O control handlers such as ioctl, unlocked_ioctl or compat_ioctl (Linux®)

  • DeviceIoControl() function (Windows®)

Risk

If you assume that low-level I/O control functions are accessed only by trusted processes, you might not perform enough validation of the incoming data to these functions. The checker flags all handlers of I/O control functions so that you can review their usage.

Fix

Review the usage of I/O control handlers to make sure you have performed enough validation of the incoming data to these I/O control functions.

Check Information

Category: Others
PQL Name: std.cwe_native.R780

Version History

Introduced in R2026a

See Also

Topics

External Websites