IARPA STONESOUP Phase 3 - Test Cases Test suite #102
DownloadDescription
A collection of C and Java test cases based on 16 widely-used open-source software in which vulnerabilities have been seeded. It comes bundled in a virtual machine for ease of use. This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Displaying test cases 4026 - 4050 of 7770 in total
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size member of a struct that is allocated on the stack. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows...
-
This test case allocates a struct on the stack, with a 20-character buffer and a pointer following that buffer. It checks if the taint source is less than 20 characters. If so, it sets the 20-charcter buffer to all 0's then sets the pointer following the buffer to point to the beginning of the bu...
-
This test case implements an file read of 16 characters which does not properly null terminate the copied string if the original string is 16 characters in length or greater. The test case takes the name of a file, opens the file, and reads up to the first 16 characters into an internal buffer of...
-
This test case implements an unchecked read from a buffer. The buffer is allocated as a fixed size buffer on the heap. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows input greater than 63 charact...
-
This test case creates a struct that has a message_type field and a message_data field. The message_type field should be 1 if the message_data field contains a char*, and 0 if it contains an int. The message_data field is set to be the taint source, and the message_type field is set to 1. If the ...
-
This test case implements an incorrectly checked write into a heap allocated buffer. The buffer is malloc()'d with a fixed size and pointed to by a local variable. Untrusted input is not properly sanitized or restricted before being copied into the buffer, from the last character to the first. Th...
-
This test case allocates a struct on the stack, with a 20-character buffer and a pointer following that buffer. It checks if the taint source is less than 20 characters. If so, it sets the 20-charcter buffer to all 0's then sets the pointer following the buffer to point to the beginning of the bu...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size buffer on the stack. Untrusted input is not properly sanitized or restricted before being used as an index of the buffer to read. This allows inputs containing non-ascii characters to wrap around to ...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size member of a struct that is allocated on the stack. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows...
-
This test case implements an incorrectly checked write into a stack allocated buffer. The buffer is declared as a fixed size local variable within a function. Untrusted input is not properly sanitized or restricted before being copied into the buffer, from the last character to the first. This al...
-
This test case implements an unchecked read from a buffer. The buffer is allocated as a fixed size buffer on the heap. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows input greater than 63 charact...
-
This test case implements a buffer that is used after it has been free()'d and it's memory allocated to another task. The test case takes a string as input and copies this string into an internal buffer allocated on the heap. For certain inputs (any string starting with an ASCII character with va...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size buffer on the stack. Untrusted input is not properly sanitized or restricted before being used as an index of the buffer to read. This allows inputs containing non-ascii characters to wrap around to ...
-
This test case creates a struct on the stack that contains a function pointer and a char*. It examines the length of the taint source. If the length is not equal to 10, it sets the function pointer and char* within the struct to benign values. If the length is equal to 10, it does not set the fun...
-
This test case implements an unchecked write into a buffer is contained within a heap-allocated struct. The struct contains a function pointer, a fixed-size buffer, and another function pointer. Untrusted input is not properly sanitized or restricted before being copied into the target buffer, re...
-
This test case allocates a buffer on the heap, copies the input string into it, and then capitalizes each letter in the buffer. It searches that buffer to see if it contains the letter 'E', using a while loop that increments the pointer to the buffer each time through the loop. When it finds a le...
-
This test case creates a struct on the stack that contains a function pointer and a char*. It examines the length of the taint source. If the length is not equal to 10, it sets the function pointer and char* within the struct to benign values. If the length is equal to 10, it does not set the fun...
-
This test case implements an incorrect size check when reading from a buffer that can cause a buffer under read. The buffer is declared as a character buffer of size 64 on the heap. 64 bytes of input are copied into the buffer but the test case incorrectly uses the original size of the input stri...
-
This test case implements an incorrect size check when reading from a buffer that can cause a buffer under read. The buffer is declared as a character buffer of size 64 on the heap. 64 bytes of input are copied into the buffer but the test case incorrectly uses the original size of the input stri...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size member of a struct that is allocated on the heap. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows ...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size member of a struct that is allocated on the stack. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows...
-
This test case creates a buffer on the stack of 1024 bytes and a struct on the heap containing a 64-byte buffer and a pointer to the beginning of that buffer. It copies the taint source into the 1024-char buffer. It checks if the length of the taint source is less than the length of the 64-byte b...
-
This test case implements an incorrectly checked write into a buffer that is contained within a stack allocated struct. The buffer is declared as a struct member with a fixed size. Untrusted input is not properly sanitized or restricted before being copied into the buffer, from the last character...
-
This test case implements an unchecked write into a buffer that is contained within stack-allocated struct. The struct contains a function pointer, a fixed-size buffer, and another function pointer. Untrusted input is not properly sanitized or restricted before being copied into the target buffer...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size buffer as part of a struct on the heap. Untrusted input is not properly sanitized or restricted before being used as an index of the buffer to read. This allows inputs containing non-ascii characters...