Test case 1307

Cves: CVE-2001-0653
Type: source code
Pairs: 1308-v1.0.0
State: bad
Author: MIT
Status: candidate
Language: C
Submission Date: 09 Feb 2006

Description

tTflag Buffer Underrun: CVE-2001-0653.
From MIT benchmarks (models/sendmail/s6)
Due to a type casting side effect (assigning unsigned int to signed int), it is possible to write data to a negative index of a buffer.
Bad file: tTflag-bad.c
Bad line number: 170
To fix, declare indexes as unsigned int on line 122.
Taxonomy Classification: 0163400200210133011411
WRITE/READ = write
WHICH BOUND = lower
DATA TYPE = unsigned char
MEMORY LOCATION = bss
SCOPE = inter-file/global
CONTAINER = no
POINTER = no
INDEX COMPLEXITY = linear expr
ADDRESS COMPLEXITY = constant
LENGTH COMPLEXITY = N/A
ADDRESS ALIAS = yes, two levels
INDEX ALIAS = yes, one level
LOCAL CONTROL FLOW = none
SECONDARY CONTROL FLOW = if
LOOP STRUCTURE = while
LOOP COMPLEXITY = two
ASYNCHRONY = no
TAINT = argc/argv
RUNTIME ENV. DEPENDENCE = yes
MAGNITUDE = varies
CONTINUOUS/DISCRETE = continuous
SIGNEDNESS = yes

Flaws

CWE-124 Buffer Underwrite ('Buffer Underflow')

Test Suites

Testing Exploitable Buffer Overflows From Open Source Code

Have any comments on this test case? Please, send us an email.