The SAMATE Project Department of Homeland Security
Downloads:  Selected

Back to the previous page...Back to the previous page

Test Case IDCandidate1594
Bad / GoodBadBad test case
AuthorFortify Software
Associated test case1595
ContributorJeff Meister
LanguageC
Type of test caseSource Code
Input stringN/A
Expected OutputN/A
InstructionsN/A
Submission date2006-06-22
DescriptioniconA read generates a string that may not have NUL termination. Copying the string can cause a stack buffer to be overrun.
Filename
Flaw
  • (?) CWE-170: Improper Null Termination at line 47,48

There is 1 comment :: Submit a comment :: RSS

See the comments

Comment #1 :: Weakness Name Change
CWE has deprecated ‘Miscalculated Null Termination’; due to it was a duplicate of ’Improper Null Termination’. Accordingly, the original weakness name of this test case is changed to new name.
Posted by Michael Koo :: 2009-01-02 11:29:08

>./nonul2-bad.c
  1. /*
  2. Description: A read generates a string that may not have NUL termination.  Copying the string can cause a stack buffer to be overrun.
  3. Keywords: Unix C Size0 Complex0 BufferOverflow Stack Read NoNul
  4. ValidStream: "a"*20
  5. InvalidStream: "a"*100
  7. Copyright 2005 Fortify Software.
  9. Permission is hereby granted, without written agreement or royalty fee, to
  10. use, copy, modify, and distribute this software and its documentation for
  11. any purpose, provided that the above copyright notice and the following
  12. three paragraphs appear in all copies of this software.
  14. IN NO EVENT SHALL FORTIFY SOFTWARE BE LIABLE TO ANY PARTY FOR DIRECT,
  15. INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
  16. USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF FORTIFY SOFTWARE HAS
  17. BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMANGE.
  19. FORTIFY SOFTWARE SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT
  20. LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
  21. PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
  23. THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND FORTIFY SOFTWARE HAS NO
  24. OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR
  25. MODIFICATIONS.
  26. */
  27.  
  28. #include <stdio.h>
  29. #include <string.h>
  30. #include <unistd.h>
  31.  
  32. /*
  33. * we pick a round buffer size in hopes that the compiler lays these
  34. * out next to each other without padding.  Other layouts may
  35. * inadvertantly NUL terminate the buffer with stack garbage.
  36. */
  37. #define MAXSIZE    32
  38.  
  39. void
  40. test(void)
  41. {
  42.         char buf2[MAXSIZE];
  43.         char buf1[MAXSIZE];
  44.         int n;
  45.  
  46.         /* read does not NUL terminate */
  47.         n = read(0, buf1, sizeof buf1)/* BAD */
  48.         strcpy(buf2, buf1);                    /* BAD */
  49.         printf("result: %s\n", buf2);
  50. }
  51.  
  52. int
  53. main(int argc, char **argv)
  54. {
  55.         test();
  56.         return 0;
  57. }
  58.  
  59.