Variable used in boolean expression is correctly initialized before use.

Memory pointer is returned in function return value, and therefore can be freed at another point in the program.

No memory leak because of proper use of the delete() function.

Memory allocated via new() constructor is deallocated via delete() call.

fixed strncpy

Fixed strcpy

Fixed version of memccpy.

TXT Record Overflow: CVE-2002-0906. Patched version. From MIT benchmarks (models/sendmail/s7) A buffer overflow poses the risk of a denial of service attack or possibly execution of arbitrary code via a malicious DNS server. Patched file: txt-dns-file-ok.c Patched line number: 315, 317

tTflag Buffer Underrun: CVE-2001-0653. Patched version. From MIT benchmarks (models/sendmail/s6) Due to a type casting side effect (assigning unsigned int to signed int), it is possible to write data to a negative index of a buffer. Patched file: tTflag-ok.c Patched line number: 169

prescan() overflow: CA-2003-12 Patched version. From MIT benchmarks (models/sendmail/s5) The buffer overflow results from an unintended type cast from a signed character to a signed integer. Patched file: prescan-overflow-ok.c Patched line number: 404, 431, 535

Sendmail 8.8.3/8.8.4 MIME Overflow CVE-1999-0047. Patched version. From MIT benchmarks (models/sendmail/s4) A remote attacker can send a cleverly crafted e-mail message and trigger a buffer overflow, gaining root access on the server running Sendmail. Patched file: mime2-ok.c Patched line numbe...

Sendmail 8.8.0/8.8.1 MIME Overflow CVE-1999-0206. Patched version. From MIT benchmarks (models/sendmail/s3) A remote attacker can send a cleverly crafted e-mail message and trigger a buffer overflow, gaining root access on the server running Sendmail. Patched file: mime1-ok.c Patched line numbe...

Gecos Overflow: CVE-1999-0131. Patched version. From MIT benchmarks (models/sendmail/s2) A buffer overflow in the code that handles user"s gecos field (real name field) which is found in the password file. Patched file: recipient-ok.c Patched line numbers: 184, 308 Patched file: util-ok.c Pat...

Remote Sendmail Header Processing Vulnerability: CA-2003-07 Patched version. From MIT benchmarks (models/sendmail/s1) Buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending e-mails with cleverly formatted address fields related to the sender and recipient ...

IQUERY-BUG CA-98.05, CVE-1999-0009. Patched version. From MIT benchmarks (models/bind/b3) A buffer overflow resulting from improperly bounds checking a memcpy call when responding to inverse query requests. Patched file: iquery-ok.c Patched line number: 142

NXT-BUG: CA-1999-14. Patched version. From MIT benchmarks (models/bind/b1) A buffer overflow in memcpy function in the code handling NXT resource records. Patched file: nxt-ok.c Patched line number: 455

SIG-BUG: CA-1999-14. Patched version. From MIT benchmarks (models/bind/b2) A buffer overflow caused by improper handling of SIG records Patched file: sig-ok.c Patched line number: 538

nslookupComplain vulnerability: CA-2001-02. Patched version. From MIT benchmarks (models/bind/b4) Unchecked sprintf call. An attacker may be able to construct a long query that overflows the stack buffer and overwrites the return address of nslookupComplain with the address of the attacker"s she...

Mapped CHDIR overflow CA-1999-13, CVE-1999-0878. Patched version. From MIT benchmarks (models/wu-ftpd/f1) Unchecked strcpy and strcat calls that copy tainted pathnames into a buffer. Patched file: mapped-path-ok.c Patched line number: 102, 144, 148, 167

Realpath() overflow CERT advisory: CA-1999-03/CVE-1999-0368. PATCHED version. From MIT benchmarks (models/wu-ftpd/f3). A path overflow inside realpath() function that canonicalizes a pathname. To exploit this vulnerability, an attacker would first have to create a deep directory structure. Patc...

Off-by-one overflow in fb_realpath() CAN-2003-0466. PATCHED version. From MIT benchmarks (models/wu-ftpd/f2) An off-by-one overflow inside the fb_realpath() function that expands a condensed pathname into a fully qualified pathname. To exploit this vulnerability, an attacker would first have to ...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = inter-file/inter-procedural, Container = no, Pointer = no, Index complexity = N/A, Addres...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = inter-file/inter-procedural, Container = no, Pointer = no, Index complexity = N/A, Addres...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = inter-file/inter-procedural, Container = no, Pointer = no, Index complexity = N/A, Addres...

Buffer Overflow. This code has been donated by MIT. This test case has the following characteristics : write/read = Write, Which bound = Upper, Data type = character, Memory location = stack, Scope = inter-file/inter-procedural, Container = no, Pointer = no, Index complexity = N/A, Addres...