The SAMATE Project Department of Homeland Security
Downloads:  Selected

Back to the previous page...Back to the previous page

Test Case IDCandidate1592
Bad / GoodBadBad test case
AuthorFortify Software
Associated test case1593
ContributorJeff Meister
LanguageC
Type of test caseSource Code
Input stringN/A
Expected OutputN/A
InstructionsN/A
Submission date2006-06-22
DescriptioniconA strncpy generates a string that may be missing a NUL termination. When it is copied with strcpy a stack buffer can be overrun.
Filename
Flaw
  • (?) CWE-170: Improper Null Termination at line 46,48

There is 1 comment :: Submit a comment :: RSS

See the comments

Comment #1 :: Weakness Name Change
CWE has deprecated “Miscalculated Null Termination”; due to it was a duplicate of “Improper Null Termination”. Accordingly, the original weakness name of this test case is changed to new name.
Posted by Michael Koo :: 2009-01-02 11:21:46

>./nonul1-bad.c
  1. /*
  2. Description: A strncpy generates a string that may be missing a NUL termination.  When it is copied with strcpy a stack buffer can be overrun.
  3. Keywords: Port C Size0 Complex1 BufferOverflow Stack Strcpy NoNul
  4. ValidArg: "a"*30
  5. InvalidArg: "a"*100
  7. Copyright 2005 Fortify Software.
  9. Permission is hereby granted, without written agreement or royalty fee, to
  10. use, copy, modify, and distribute this software and its documentation for
  11. any purpose, provided that the above copyright notice and the following
  12. three paragraphs appear in all copies of this software.
  14. IN NO EVENT SHALL FORTIFY SOFTWARE BE LIABLE TO ANY PARTY FOR DIRECT,
  15. INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
  16. USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF FORTIFY SOFTWARE HAS
  17. BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMANGE.
  19. FORTIFY SOFTWARE SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT
  20. LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
  21. PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
  23. THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND FORTIFY SOFTWARE HAS NO
  24. OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR
  25. MODIFICATIONS.
  26. */
  27.  
  28. #include <stdio.h>
  29. #include <string.h>
  30.  
  31. /*
  32. * we pick a round buffer size in hopes that the compiler lays these
  33. * out next to each other without padding.  Other layouts may
  34. * inadvertantly NUL terminate the buffer with stack garbage.
  35. */
  36. #define MAXSIZE    32
  37.  
  38. void
  39. test(char *str)
  40. {
  41.         char buf3[MAXSIZE];
  42.         char buf2[MAXSIZE];
  43.         char buf1[MAXSIZE];
  44.  
  45.         /* strncpy does not NUL terminate if buffer isnt large enough */
  46.         strncpy(buf1, str, sizeof buf1);        /* BAD */
  47.         strncpy(buf2, "This is a Test string", sizeof buf2);
  48.         strcpy(buf3, buf1);                         /* BAD */
  49.         printf("result: %s\n", buf3);
  50. }
  51.  
  52. int
  53. main(int argc, char **argv)
  54. {
  55.         char *userstr;
  56.  
  57.         if(argc > 1) {
  58.                 userstr = argv[1];
  59.                 test(userstr);
  60.         }
  61.         return 0;
  62. }
  63.  
  64.