Test case 1507

Type: source code
State: bad
Author: Robert C. Seacord
Status: candidate
Language: C
Submission Date: 19 May 2006

Description

Vulnerability to an exploit using the frontlink technique. Similar to unlink(), the frontlink() code segment can be exploited to write data supplied by the attacker to an address also supplied by the attacker. The attacker supplies the address of a memory chunk. The attacker arranges for the first four bytes of this memory chunk to contain executable code.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 116, Figure 4-17

Flaws

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Have any comments on this test case? Please, send us an email.