VNX-227 – Improper Fulfillment of API Contract

Overview

Security APIs have documented contracts (preconditions, return value semantics). Not checking the return value of SSL_CTX_new() or RAND_bytes() means a NULL or failure result is silently used, causing crashes or weak cryptography. This maps to CWE-227: Improper Fulfillment of API Contract.

Severity: Low | CWE: CWE-227

Remediation

Always check return values of security-critical API calls and abort or return an error if the call fails.

References

• CWE-227