IARPA STONESOUP Phase 3 - Test Cases Test suite #102
DownloadDescription
A collection of C and Java test cases based on 16 widely-used open-source software in which vulnerabilities have been seeded. It comes bundled in a virtual machine for ease of use. This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Displaying test cases 4276 - 4300 of 7770 in total
-
This test case implements an unchecked read from a buffer. The buffer is allocated as a fixed size buffer on the heap. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows input greater than 63 charact...
-
This test case implements an improper array index validation that can cause a function pointer to get overwritten leading to a segfault. The test case takes untrusted user input and uses it to calculate array indexes which then get modified. If the untrusted input contains certain ASCII character...
-
This test case implements an unchecked write into a buffer is contained within a heap-allocated struct. The struct contains a function pointer, a fixed-size buffer, and another function pointer. Untrusted input is not properly sanitized or restricted before being copied into the target buffer, re...
-
This test case implements an improper array index validation that can cause a function pointer to get overwritten leading to a segfault. The test case takes untrusted user input and uses it to calculate array indexes which then get modified. If the untrusted input contains certain ASCII character...
-
This test case allocates a struct on the heap that contains an 8-character buffer, followed by a pointer. The pointer is set to point to the beginning of the 8-character buffer. The taint source is copied into the 8-character buffer, using strncpy, but the length is incorrectly capped at the leng...
-
This test case allocates a struct on the heap that contains an 8-character buffer, followed by a pointer. The pointer is set to point to the beginning of the 8-character buffer. The taint source is copied into the 8-character buffer, using strncpy, but the length is incorrectly capped at the leng...
-
This test case creates a buffer on the stack of 1024 bytes and buffer on the heap of 64 bytes. It copies the taint source into the 1024-char buffer. It checks if the length of the taint source is less than the length of the 64-byte buffer. If it is, it uses strncpy to copy the taint source into t...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size buffer on the stack. Untrusted input is not properly sanitized or restricted before being used as an index of the buffer to read. This allows inputs containing non-ascii characters to wrap around to ...
-
This test case implements an unchecked write into a stack allocated buffer. The buffer is declared as a fixed size local variable within a function. Untrusted input is not properly sanitized or restricted before being copied into the target buffer, resulting in a buffer overflow. The overflow pot...
-
This test case allocates a struct on the heap that contains an 8-character buffer, followed by a pointer. The pointer is set to point to the beginning of the 8-character buffer. The taint source is copied into the 8-character buffer, using strncpy, but the length is incorrectly capped at the leng...
-
This test case implements a heap allocated buffer that erroneously gets double free()'d causing a segfault. The test case takes an input string and copies it into a heap allocated buffer. It then checks to see if the first character is an 'a' or greater and if so, calls a function that finishes b...
-
This test case implements an unchecked write into a buffer that is contained within stack-allocated struct. The struct contains a function pointer, a fixed-size buffer, and another function pointer. Untrusted input is not properly sanitized or restricted before being copied into the target buffer...
-
This test case implements an unchecked write into a heap allocated buffer. The buffer is malloc'ed with a fixed size. Untrusted input is not properly sanitized or restricted before being copied into the target buffer, resulting in a buffer overflow. The overflow potentially modifies other variabl...
-
This test case implements a buffer that is used after it has been free()'d and it's memory allocated to another task. The test case takes a string as input and copies this string into an internal buffer allocated on the heap. For certain inputs (any string starting with an ASCII character with va...
-
This test case implements an incorrectly checked write into a stack allocated buffer. The buffer is declared as a fixed size local variable within a function. Untrusted input is not properly sanitized or restricted before being copied into the buffer, from the last character to the first. This al...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size buffer on the stack. Untrusted input is not properly sanitized or restricted before being used as an index of the buffer to read. This allows inputs containing non-ascii characters to wrap around to ...
-
This test case takes a buffer as input and copies it into another buffer. It then converts the new buffer to uppercase and prints it out. If the provided input is larger than the buffer it is being copied into, then this will result in a buffer overwrite due to access with an incorrect length. Th...
-
This test case implements an incorrectly checked write into a stack allocated buffer. The buffer is declared as a fixed size local variable within a function. Untrusted input is not properly sanitized or restricted before being copied into the buffer, from the last character to the first. This al...
-
This test case implements stack allocated buffer which, under certain inputs, gets erroneously free()'d. The test case takes a string as input and copies it to an internal array of size 64 allocated on the stack. This string is the converted to all caps and, if the resulting string's first letter...
-
This test case allocates a struct on the heap that contains an 8-character buffer, followed by a pointer. The pointer is set to point to the beginning of the 8-character buffer. The taint source is copied into the 8-character buffer, using strncpy, but the length is incorrectly capped at the leng...
-
This test case checks if the taint source is less than 20 characters, and if so, allocates a buffer on the heap with 20 characters. It sets the buffer to all 0's, then calls realpath on the taint source, with the destination being the 20-character heap buffer. If realpath evaluates to more than 2...
-
This test case checks if the taint source is less than 20 characters, and if so, allocates a buffer on the heap with 20 characters. It sets the buffer to all 0's, then calls realpath on the taint source, with the destination being the 20-character heap buffer. If realpath evaluates to more than 2...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size buffer on the stack. Untrusted input is not properly sanitized or restricted before being used as an index of the buffer to read. This allows inputs containing non-ascii characters to wrap around to ...
-
This test case implements an file read of 128 characters which does not properly null terminate the copied string if the original string is 128 characters in length or greater. The test case takes the name of a file, opens the file, and reads up to the first 128 characters into an internal buffer...
-
This test case implements an file read of 128 characters which does not properly null terminate the copied string if the original string is 128 characters in length or greater. The test case takes the name of a file, opens the file, and reads up to the first 128 characters into an internal buffer...