Test case 1494

Type: source code
State: bad
Author: Robert C. Seacord
Status: candidate
Language: C++
Submission Date: 19 May 2006

Description

Program vulnerable to arc injection exploit. The buffer overflow occurs on line 25 when memcpy() will copy the first entry argument into the 3 characters array.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 49, Figure 2-27

Flaws

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Have any comments on this test case? Please, send us an email.