The SAMATE Project Department of Homeland Security
Downloads:  Selected

Back to the previous page...Back to the previous page

Test Case IDCandidate1493
Bad / GoodBadBad test case
AuthorRobert C. Seacord
Associated test caseN/A
ContributorRomain Gaucher
LanguageC
Type of test caseSource Code
Input stringN/A
Expected OutputN/A
InstructionsN/A
Submission date2006-05-19
DescriptioniconGet password program. The security flaw is due to the gets() on line 25. If the entry contains more than 11 characters (remember the null terminating character) the gets() function performs a buffer overflow. From "Secure Coding in C and C++" by Robert C. Seacord. Page 33, Figure 2-9
Filename
Flaw
  • (?) CWE-120: Buffer Copy without Checking Size of Input  at line 25

There are 2 comments :: Submit a comment :: RSS

See the comments

Comment #1 :: Weakness Name Change
CWE has deprecated “Miscalculated Null Termination”; due to it was a duplicate of “Improper Null Termination”. Accordingly, the original weakness name of this test case is changed to new name.
Posted by Michael Koo :: 2009-01-02 11:20:58
Comment #2 :: Change Weakness
The weakness of this test case should be CWE-120 (Classic Buffer Overflow).
Posted by Michael Koo :: 2009-01-21 15:34:14

>./Figure2-9-windows.cpp
  1. /*
  2. *
  3. * Copyright (c) 2005 Carnegie Mellon University.
  4. * All rights reserved.
  5. * Permission to use this software and its documentation for any purpose is hereby granted,
  6. * provided that the above copyright notice appear and that both that copyright notice and
  7. * this permission notice appear in supporting documentation, and that the name of CMU not
  8. * be used in advertising or publicity pertaining to distribution of the software without
  9. * specific, written prior permission.
  10. *
  11. * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
  12. * OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR
  13. * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
  14. * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, RISING OUT OF OR IN
  15. * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16. */
  17.  
  18. #include <iostream>
  19.  
  20.  
  21. bool IsPasswordOkay(void)
  22. {
  23.         char Password[12];
  24.  
  25.         gets(Password);
  26.         if (!strcmp(Password, "goodpass"))
  27.                 return(true);
  28.         else return(false);
  29. }
  30.  
  31. void main()
  32. {
  33.     bool PwStatus;
  34.  
  35.         puts("Enter password:");
  36.         PwStatus = IsPasswordOkay();
  37.         if (PwStatus == false){
  38.                 puts("Access denied");
  39.                 exit(-1);
  40.         }
  41.         else puts("Access granted");
  42. }