Back to the previous page

Test Case ID	13
Bad / Good	Bad
Author	N/A
Associated test case	N/A
Contributor	SecureSoftware
Language	C
Type of test case	Source Code

Input string	N/A
Expected Output	N/A
Instructions	N/A
Submission date	2005-10-21
Description	Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. (from TCCLASP-5_2_2_10)
Filename	./Write-what-where_condition.c (178 bytes)
Flaw	CWE-123: Write-what-where Condition at line 5 + Root CWE-019: Data Handling CWE-118: Improper Access of Indexable Resource (Range Error) CWE-119: Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer CWE-123: Write-what-where Condition

There is no comments :: Submit a comment ::

>./Write-what-where_condition.c

#define BUFSIZE 256
int main(int argc, char **argv) {
char *buf1 = (char *) malloc(BUFSIZE);
char *buf2 = (char *) malloc(BUFSIZE);
strcpy(buf1, argv[1]);
free(buf2);
}
 
 