Back to the previous page

Test Case ID	91
Bad / Good	Bad
Author	N/A
Associated test case	N/A
Contributor	Fortify
Language	C
Type of test case	Source Code

Input string	N/A
Expected Output	N/A
Instructions	N/A
Submission date	2006-01-04
Description	A chroot() is performed without a chdir(). PLOVER:CP.UPATH.ELEMENT
Filename	./chroot-bad1.c (521 bytes)

There is no comments :: Submit a comment ::

>./chroot-bad1.c

/*PLOVER:CP.UPATH.ELEMENT*/
 
/*
Description: A chroot() is performed without a chdir().
Keywords: Size0 Complex0 Api Chroot
*/
 
#include <fcntl.h>
#include <unistd.h>
 
#define DIR     "/tmp"
#define FILE    "/etc/passwd"
 
 
 
void test(char *str)
{
        int fd;
        if(chroot(DIR) < 0)
                return;
        fd = open(FILE, O_RDONLY);            /* BAD */
        if(fd >= 0) {
                if(close(fd) < 0)
                        ;
        }
}
 
int main(int argc, char **argv)
{
        char *userstr;
        if(argc > 1) {
                userstr = argv[1];
                test(userstr);
        }
        return 0;
}
 