Back to the previous page

Test Case ID	2081
Bad / Good	Bad
Author	N/A
Associated test case	N/A
Contributor	Paul E. Black
Language	C
Type of test case	Source Code

Input string	./a.out a234567890 b234567890XY
Expected Output	final: XYa234567890b234567890XY>
Instructions	N/A
Submission date	2009-04-03
Description	No bounds checking on buffer during strcat(). PLOVER: BUFF.OVER This replaces case 1319
Filename	./strcat-bad1.c (664 bytes)
Flaw	CWE-121: Stack-based Buffer Overflow at line 23 + Root CWE-019: Data Handling CWE-118: Improper Access of Indexable Resource (Range Error) CWE-119: Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer CWE-120: Buffer Copy without Checking Size of Input CWE-121: Stack-based Buffer Overflow

There is no comments :: Submit a comment ::

>./strcat-bad1.c

/*
  PLOVER: BUFF.OVER
 */
 
/*
        No bounds checking of strcat()
    input: ./a.out a234567890 b234567890XY
*/
 
#include <stdio.h>
#include <string.h>
 
#define MAXSIZE 20
 
void test(char *str, char *str2){
    char pre[2] = "<";
    char buf[MAXSIZE] = "";
    char post[2] = ">";
    if(strlen(str) < MAXSIZE)
        strcpy(buf, str);
    printf(" strcpy: %s%s%s\n", pre, buf, post);
    strcat(buf, str2); // CWE-121
    printf("results: %s%s%s\n", pre, buf, post);
}
 
int main(int argc, char **argv){
    char *userstr;
    char *userstr2;
    if(argc > 2){
        userstr = argv[1];
        userstr2 = argv[2];
        test(userstr,userstr2);
    }
    printf("done\n");
    return 0;
}
 