CWE-72: Improper Handling of Apple HFS+ Alternate Data Stream Path
The product does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.
Last updated
Overview
If the product chooses actions to take based on the file name, then if an attacker provides the data or resource fork, the product may take unexpected actions. Further, if the product intends to restrict access to a file, then an attacker might still be able to bypass intended access restrictions by requesting the data or resource fork for that file.
Background
The Apple HFS+ file system permits files to have multiple data input streams, accessible through special paths. The Mac OS X operating system provides a way to access the different data input streams through special paths and as an extended attribute: - Resource fork: file/..namedfork/rsrc, file/rsrc (deprecated), xattr:com.apple.ResourceFork - Data fork: file/..namedfork/data (only versions prior to Mac OS X v10.5) Additionally, on filesystems that lack native support for multiple streams, the resource fork and file metadata may be stored in a file with "._" prepended to the name. Forks can also be accessed through non-portable APIs. Forks inherit the file system access controls of the file they belong to. Programs need to control access to these paths, if the processing of a file system object is dependent on the structure of its path.
Common consequences
What can happen when CWE-72 is exploited.
Read Files or Directories, Modify Files or Directories
Affects: Confidentiality, Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Operating systems