Back to the previous page

Test Case ID	2083
Bad / Good	Good
Author	N/A
Associated test case	N/A
Contributor	Paul E. Black
Language	C
Type of test case	Source Code

Input string	./a.out a234567890 b234567890
Expected Output	results: <a234567890>
Instructions	N/A
Submission date	2009-04-03
Description	Proper bounds checking for strcat() Still theoretically vulnerable to integer overflow. This replaces cases 1322 and 1323. This is the fixed version of cases 2081 and 2082.
Filename	./strcat-fix.c (739 bytes)

There is no comments :: Submit a comment ::

>./strcat-fix.c

/*
  PLOVER: NUM.OBO, BUFF.OVER
*/
 
/*
        Proper bounds check before strcat()
    input: ./a.out a234567890 b234567890
*/
 
 
#include <stdio.h>
#include <string.h>
 
#define MAXSIZE 20
 
void test(char *str, char *str2){
    char pre[2] = "<";
    char buf[MAXSIZE] = "";
    char post[2] = ">";
    if(strlen(str) < MAXSIZE)
        strcpy(buf, str);
    printf(" strcpy: %s%s%s\n", pre, buf, post);
    if(strlen(buf) + strlen(str2) < MAXSIZE) // theoretical integer overflow
        strcat(buf, str2);
    printf("results: %s%s%s\n", pre, buf, post);
}
 
int main(int argc, char **argv){
    char *userstr;
    char *userstr2;
    if(argc > 2){
        userstr = argv[1];
        userstr2 = argv[2];
        test(userstr,userstr2);
    }
    printf("done\n");
    return 0;
}
 