The SAMATE Project Department of Homeland Security
Downloads:  Selected

Back to the previous page...Back to the previous page

Test Case IDCandidate1492
Bad / GoodBadBad test case
AuthorRobert C. Seacord
Associated test caseN/A
ContributorRomain Gaucher
LanguageC
Type of test caseSource Code
Input stringN/A
Expected OutputN/A
InstructionsN/A
Submission date2006-05-19
DescriptioniconDefective string manipulation code. If the first argument exceeds 128 characters (including the null one) the program will write outside of the bounds of the fixed size array. From "Secure Coding in C and C++" by Robert C. Seacord. Page 32, Figure 2-8
Filename
Flaw
  • (?) CWE-170: Improper Null Termination 

There is 1 comment :: Submit a comment :: RSS

See the comments

Comment #1 :: Weakness Name Change
CWE has deprecated “Miscalculated Null Termination”; due to it was a duplicate of “Improper Null Termination”. Accordingly, the original weakness name of this test case is changed to new name.
Posted by Michael Koo :: 2009-01-02 11:20:09

>./Figure2-8-windows.cpp
  1. /*
  2. *
  3. * Copyright (c) 2005 Carnegie Mellon University.
  4. * All rights reserved.
  5. * Permission to use this software and its documentation for any purpose is hereby granted,
  6. * provided that the above copyright notice appear and that both that copyright notice and
  7. * this permission notice appear in supporting documentation, and that the name of CMU not
  8. * be used in advertising or publicity pertaining to distribution of the software without
  9. * specific, written prior permission.
  10. *
  11. * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
  12. * OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR
  13. * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
  14. * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, RISING OUT OF OR IN
  15. * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16. */
  17.  
  18. #include <stdio.h>
  19.  
  20.  
  21. int main(int argc, char *argv[])
  22. {
  23.         int i = 0;
  24.         char buff[128];
  25.         char *arg1 = argv[1];
  26.  
  27.         while (arg1[i] != '\0' )
  28.         {
  29.                 buff[i] = arg1[i];
  30.                 i++;
  31.         }
  32.         buff[i] = '\0';
  33.  
  34.         printf("buff = %s\n", buff);
  35. }