National Institute of Standards and Technology
Package illustrating a test case

Test case 1285

Description

Realpath() overflow CERT advisory: CA-1999-03/CVE-1999-0368.
From MIT benchmarks (models/wu-ftpd/f3)
A path overflow inside realpath() function that canonicalizes a pathname.
To exploit this vulnerability, an attacker would first have to create a
deep directory structure.
Bad file: realpath-2.4.2-bad.c
Bad line numbers: 192, 262, 266, 281, 286, 291, 298, 303, 322, 327, 331, 338, 343, 356, 359, 364, 376, 383, 390, 397, 402, 410, 416, 421, 425, 432, 437
Taxonomy Classification: 000 040 621 1305
WRITE/READ = write
WHICH BOUND = upper
DATA TYPE = char
MEMORY LOCATION = stack
SCOPE = inter-file/inter-procedural
CONTAINER = no
INDEX/LIMIT COMPUTATION = none
ACCESS METHOD = function
ALIAS = yes, one level
CONTROL FLOW = yes, if statement
LOOPS = yes, while loop
ASYNCHRONY = no
TAINT = process environment

Flaws

Test Suites

Have any comments on this test case? Please, send us an email.