Test case 149870

Type: source code
State: bad
Author: IARPA STONESOUP Test and Evaluation team
Status: candidate
Language: C
Application: cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
Submission Date: 06 Oct 2015

Description

This test case reads the taint source. If it contains a non-alphanumeric value, the source taint buffer is set to NULL. Subsequently, strcpy is called with the source taint buffer as this source. This causes a null pointer dereference.
Metadata
- Base program: Subversion
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: ARRAY
- Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE
- Control Flow: SEQUENCE

Flaws

CWE-476 NULL Pointer Dereference

Test Suites

Apache Subversion 1.8.3
IARPA STONESOUP Phase 3 - Test Cases

Documentation

Overview.pdf
Test Case Creation Guide.pdf
Weaknesses Documentation.pdf
TEXAS User Guide.pdf
Communication API Guide.pdf
System Design Document.pdf
Test and Evaluation Phase 3 Final Report.pdf
Test Generation Report
Grammatech Report.pdf
MINESTRONE Report.pdf

Have any comments on this test case? Please, send us an email.