ABM 1.0.1 Test suite #35

A snprintf with an improper bound is protected with a guard that prevents an overflow condition from occuring.

Snprintf is called with an improper bound. A guard in the caller attempts to prevent an overflow condition but is done incorrectly.

Snprintf is called with an improper bound. A guard in the caller prevents an overflow condition from occuring.

Snprintf is called with a bad bound. An attempt is made to protect against buffer overflows with a lenght specifier in the format string but this is done incorrectly.

Snprintf is called with a bad bound but is protected with a length specifier in the format string.

snprintf with incorrect bounds allows a heap buffer to be overrun.

snprintf with correct bounds safely copies a string into a heap buffer.

snprintf is used repeatedly while keeping track of the residual buffer length, however an accounting error allows a heap buffer to be overrun.

snprintf is used repeatedly while keeping track of the residual buffer length.

Snprintf is called with an improper bound. A guard in the caller attempts to prevent an overflow condition but is done incorrectly.

Snprintf is called with an improper bound. A guard in the caller prevents an overflow condition from occuring.

sprintf allows a stack buffer to be overrun.

Sprintf is used to copy a string to a stack buffer. The length is guarded with a length specifier in the format string but the wrong length is given.

Sprintf is used to copy a string to a stack buffer. The length is guarded with a length specifier in the format string preventing a buffer overflow from occuring.

Sprintf is used to copy a string to a stack buffer. A guard is used to prevent a buffer overflow condition but the guard is incorrect and a buffer overflow can still occur.

Sprintf is used to copy a string to a stack buffer. A guard is used to prevent a buffer overflow condition.

Sprintf is used to copy a string to a stack buffer. A guard in the caller is used to prevent an overflow from occuring but the guard is incorrect and an overflow can still occur.

Sprintf is used to copy a string to a stack buffer. A guard in the caller prevents an overflow from occuring

Tainted data spliced into a SQL query leads to a SQL injection issue.

Tainted data spliced into a SQL query leads to a SQL injection issue. (fixed version)

System() is called with user-provided data.

Execl() is called with user-provided data.

Execl() is called with user-provided data but only if it matches an item in a safe list.

Sensitive data from getpass is output with printf.

Sensitive data from getpass is output with syslog.