Back to the previous page

Test Case ID	153339
Bad / Good / Mixed	Bad
Author	IARPA STONESOUP Test and Evaluation team
Associations	Test suite: 102 Application: 3
Added by	Charles Oliveira
Language	C
Type of test case	Source Code
Input string
Expected Output
Instructions	See src/INSTALL file for instructions on how to install.
Submission date	2015-10-06
Description	This test case checks if the taint source is less than 20 characters, and if so, allocates a buffer on the heap with 20 characters. It sets the buffer to all 0's, then calls realpath on the taint source, with the destination being the 20-character heap buffer. If realpath evaluates to more than 20 characters, it will over-write memory reserved for the memory manager, resulting in a glibc error when the heap buffer is freed. Metadata - Base program: GNU Grep - Source Taint: SHARED_MEMORY - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE
File(s)	dfa.c (141.7 kB) runFifos.py (2.67 kB) service_mon.sh (100 B) shm_setup.c (3.08 kB) C-C785B-GREP-01-ST04-DT02-DF11-CF20-01.xml (68.57 kB) C-C785B-GREP-01-ST04-DT02-DF11-CF20-01.yaml (2.95 kB)
Flaw	CWE-785: Use of Path Manipulation Function without Maximum-sized Buffer • 10

There are no comments

Have any comments on this test case? Please, .

dfa.c
runFifos.py
service_mon.sh
shm_setup.c
C-C785B-GREP-01-ST04-DT02-DF11-CF20-01.xml
C-C785B-GREP-01-ST04-DT02-DF11-CF20-01.yaml

File Contains:
CWE-785: Use of Path Manipulation Function without Maximum-sized Buffer on line(s): 4091, 4092, 4093, 4094, 4095, 4096, 4097, 4098, 4099, 4100