National Institute of Standards and Technology
Package illustrating a test case

Test case 1515

Type
source code
State
bad
Author
Robert C. Seacord
Status
candidate
Language
C++
Submission Date
Operating System
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Description

Extremly insecure stdio implementation. The program reads a filename from stdin on line 26 and attemps to open the file on line 26. This program is vulnerable to buffer overflows on line 26 and format string exploit on line 30. From \"Secure Coding in C and C \" by Robert C. Seacord. Page 215, Figure 6-8

Flaws

Have any comments on this test case? Please, send us an email.