![logo of PostgreSQL](/SARD/downloads/assets/e355d960-8cf2-4076-ad1c-0509b6a0759e.png)
PostgreSQL 9.2.4
DownloadDescription
PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. This distribution also contains C language bindings.
This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page.NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Documentation
-
Metadata - Base program: PostgreSQL - Source Taint: FILE_CONTENTS - Data Type: VOID_POINTER - Data Flow: ADDRESS_AS_VARIABLE - Control Flow: INDIRECTLY_RECURSIVE
-
Metadata - Base program: PostgreSQL - Source Taint: FILE_CONTENTS - Data Type: HEAP_POINTER - Data Flow: BUFFER_ADDRESS_ARRAY_INDEX - Control Flow: INFINITE_LOOP
-
Metadata - Base program: PostgreSQL - Source Taint: SHARED_MEMORY - Data Type: SIMPLE - Data Flow: ADDRESS_AS_CONSTANT - Control Flow: POINTER_TO_FUNCTION
-
Metadata - Base program: PostgreSQL - Source Taint: SHARED_MEMORY - Data Type: UNION - Data Flow: BASIC - Control Flow: SEQUENCE
-
Metadata - Base program: PostgreSQL - Source Taint: SOCKET - Data Type: TYPEDEF - Data Flow: INDEX_ALIAS_10 - Control Flow: UNCONDITIONAL_JUMP
-
Metadata - Base program: PostgreSQL - Source Taint: FILE_CONTENTS - Data Type: STRUCT - Data Flow: BUFFER_ADDRESS_ARRAY_INDEX - Control Flow: CALLBACK
-
This test case implements an incorrectly checked write into a buffer that is contained within a stack allocated struct. The buffer is declared as a struct member with a fixed size. Untrusted input is not properly sanitized or restricted before being copied into the buffer, from the last character...
-
This test case implements a heap allocated buffer that erroneously gets double free()'d causing a segfault. The test case takes an input string and copies it into a heap allocated buffer. It then checks to see if the first character is an 'a' or greater and if so, calls a function that finishes b...
-
This test case checks if the taint source is less than 20 characters, and if so, allocates a buffer on the heap with 20 characters. It sets the buffer to all 0's, then calls realpath on the taint source, with the destination being the 20-character heap buffer. If realpath evaluates to more than 2...
-
This test case creates a function pointer that takes 2 const char * as input and returns an int. If the length of the taint source is 0 mod 3, the test case sets the function pointer to be strcmp. If the length of the taint source is 1 mod 3, the test case sets the function pointer to strcoll. Ot...
-
This test case creates a struct on the stack that contains a function pointer and a char*. It examines the length of the taint source. If the length is not equal to 10, it sets the function pointer and char* within the struct to benign values. If the length is equal to 10, it does not set the fun...
-
This test case implements an unchecked write into a buffer is contained within a heap-allocated struct. The struct contains a function pointer, a fixed-size buffer, and another function pointer. Untrusted input is not properly sanitized or restricted before being copied into the target buffer, re...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size member of a struct that is allocated on the heap. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows ...
-
This test case allocates a struct on the heap that contains an 8-character buffer, followed by a pointer. The pointer is set to point to the beginning of the 8-character buffer. The taint source is copied into the 8-character buffer, using strncpy, but the length is incorrectly capped at the leng...
-
This test case allocates a buffer on the stack, with a canary function pointer immediately after it. It checks if the taint source is less than 20 characters, and if so, it sets the canary function pointer to strlen and call realpath on the taint source, putting the result into the stack buffer. ...
-
This test case allocates a struct on the stack, with a 20-character buffer and a pointer following that buffer. It checks if the taint source is less than 20 characters. If so, it sets the 20-charcter buffer to all 0's then sets the pointer following the buffer to point to the beginning of the bu...
-
This test case implements an unchecked write into a stack allocated buffer. The buffer is declared as a fixed size local variable within a function. Untrusted input is not properly sanitized or restricted before being copied into the target buffer, resulting in a buffer overflow. The overflow pot...
-
This test case implements an improper array index validation that can cause a function pointer to get overwritten leading to a segfault. The test case takes untrusted user input and uses it to calculate array indexes which then get modified. If the untrusted input contains certain ASCII character...
-
This test case creates two buffers on the stack, one of 64 bytes and one of 1024 bytes. It copies the taint source into the larger buffer. It checks if the length of the taint source is less than the length of the shorter buffer. If it is, it uses strncpy to copy the taint source into the shorter...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size buffer on the stack. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows input greater than 63 charact...
-
This test case implements an unchecked read from a buffer. The buffer is allocated as a fixed size buffer on the heap. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows input greater than 63 charact...
-
This test case implements an unchecked read from a buffer. The buffer is declared as a fixed size member of a struct that is allocated on the stack. Untrusted input is not properly sanitized or restricted before being used to determine the number of characters to read from the buffer. This allows...
-
This test case creates a struct on the stack that contains a function pointer and a char*. It examines the length of the taint source. If the length is not equal to 10, it sets the function pointer and char* within the struct to benign values. If the length is equal to 10, it does not set the fun...
-
This test case implements an incorrectly checked write into a buffer that is contained within a stack allocated struct. The buffer is declared as a struct member with a fixed size. Untrusted input is not properly sanitized or restricted before being copied into the buffer, from the last character...
-
This test case creates a struct on the stack that contains a function pointer and a char*. It examines the length of the taint source. If the length is not equal to 10, it sets the function pointer and char* within the struct to benign values. If the length is equal to 10, it does not set the fun...