National Institute of Standards and Technology
Package illustrating a test case

Test case 153707

Description

This test case implements an unchecked write into a heap allocated buffer. The buffer is malloc'ed with a fixed size. Untrusted input is not properly sanitized or restricted before being copied into the target buffer, resulting in a buffer overflow. The overflow potentially modifies other variables in the heap, including special values used by the memory manager to keep track of which memory is allocated and which has been freed. Depending upon the layout of the heap, the overflow will eventually overwrite one of these special values, resulting in a crash from the memory manager.
Metadata
- Base program: OpenSSL
- Source Taint: SOCKET
- Data Type: TYPEDEF
- Data Flow: ADDRESS_AS_VARIABLE
- Control Flow: MACROS

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.