Test case 1506

Type: source code
State: bad
Author: Robert C. Seacord
Status: candidate
Language: C
Submission Date: 19 May 2006

Description

Vulnerability to an exploit using the unlink technique. The programs allocates trhee chucks of memory (lines 29-31). The unbounded strcpy() operation is susceptible to a buffer overflow. The boundary tag can be overwritten by a string argument exceeding the length of first because the boundary tag for the second chunk is located directly following the first buffer.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 112, Figure 4-12

Flaws

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Have any comments on this test case? Please, send us an email.