ABM 1.0.1 Test suite #35

A strncpy generates a string with a missing NUL termination. A NUL is explicitely added to ensure that the string is NUL terminated.

A read generates a string that may not have NUL termination. Copying the string can cause a stack buffer to be overrun.

A read generates a string that may not have a NUL termination. A NUL character is added to ensure termination.

Tainted input allows command execution.

Tainted input allows command execution. (fixed version)

A file is accessed multiple times by name in a publically accessible directory. A race condition exists between the accesses where an attacker can replace the file referenced by the name.

A file is accessed only once by name with all futher accesses being through the file descriptor.

An strcpy overflows a stack buffer.

An strncpy is used to copy a string but the length is given incorrectly leading to a stack buffer overflow.

A strncpy safely copies a string into a stack buffer.

A strcpy is used to copy a string into a stack buffer. The string is shortened first but a buffer overflow is still allowed.

A strcpy is used to copy a string into a stack buffer. Because the string is shortened first no buffer overflow occurs.

A strcpy is used to copy a string into a stack buffer. The caller shortens the string but an overflow condition is still allowed.

A strcpy is used to copy a string into a stack buffer. The caller shortens the string to prevent a buffer overflow from occuring.

A strcpy overflows a stack buffer. A check was made to avoid an overflow condition but the check is off by one.

A strcpy does not overflows a stack buffer because a check is made to avoid an overflow condition.

snprintf with incorrect bounds allows a stack buffer to be overrun.

snprintf with correct bounds safely copies a string into a stack buffer.

Snprintf is used to copy a large static string. Since an incorrect bound is specified the stack buffer is overrun.

Snprintf is used to copy several static strings. Although an incorrect bound is given to snprintf, neither string is large enough to cause a buffer overflow.

Sprintf with a bad bounds is allows a stack buffer to be overrun. An attempt is made to limit the string length with a length qualifier in the format but is done incorrectly.

Snprintf with a bad bounds is used to copy a string. The buffer is protected from overflowing by a length qualifier in the format.

snprintf is used repeatedly while keeping track of the residual buffer length, however an accounting error allows a stack buffer to be overrun.

snprintf is used repeatedly while keeping track of the residual buffer length.

A snprintf with incorrect bound is used to copy a string. An attempt to prevent an overflow condition is made but the guard is incorrect.