Creating test case using base program.
Added an environment variable read to the function definition.
Completed injection.
UNSPECIFIED
UNSPECIFIED
$SS_TC_ROOT/$SS_TC_INSTALL/bin/openssl
CFLAG="-O $CFLAGS" EX_LIBS="$LDFLAGS $LIBS" ./config --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" shared
make CC="$SS_CC" CCLD="$SS_LNK" EX_LIBS="$LDFLAGS $LIBS"
make install_sw CC="$SS_CC" CCLD="$SS_LNK" EX_LIBS="$LDFLAGS $SS_LDFLAGS $LIBS"
Generate an RSA private key
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
genpkey -out $SS_TC_ROOT/testOutput/good-01/key.pem -algorithm RSA
GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
../testOutput/good-01/key.pem
-----END PRIVATE KEY-----
DOES_NOT_RETURN
CONTROLLED_EXIT
Create a password hash using crypt, and salt of "xx"
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens.
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
passwd -crypt -salt xx password
GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
xxj31ZMTZzkVA
DOES_NOT_RETURN
CONTROLLED_EXIT
Encrypt a file with DES3 using salt and key of "stonesoup"
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
As long as this statement has more than 64 characters, then nothing bad should happen
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
des3 -salt -in good-03/file.txt -out $SS_TC_ROOT/testOutput/good-03/file.des3 -k "stonesoup"
GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
../testOutput/good-03/file.des3
Salted__
DOES_NOT_RETURN
CONTROLLED_EXIT
parse ASN1 structure
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
asn1parse -genstr 'UTF8:Hello World'
GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
0:d=0 hl=2 l= 11 prim: UTF8STRING :Hello World
DOES_NOT_RETURN
CONTROLLED_EXIT
create Netscape certficiate from PEM
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens.
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
nseq -in good-05/cert.pem -toseq -out $SS_TC_ROOT/testOutput/good-05/nseq.pem
GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
../testOutput/good-05/nseq.pem
-----END CERTIFICATE-----
DOES_NOT_RETURN
CONTROLLED_EXIT
generate MIME content from text file, encrypting with x509 cert
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
As long as this statement has more than 64 characters, then nothing bad should happen
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
smime -in good-06/secretemail.txt -encrypt good-06/x509.pem
GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-06/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
check primality of number
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
prime 15648972863
GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
3A4C0603F is prime
DOES_NOT_RETURN
CONTROLLED_EXIT
encrypt textfile with AES 256 and salt, base64 encoded result
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens.
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
enc -in good-08/secret.txt -aes256 -k password -S abacabb -base64
GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
U2FsdGVkX1+rrKuwAAAAACgoU5YHltmsjJifyZi0xJA=
DOES_NOT_RETURN
CONTROLLED_EXIT
SHA1 with hmac of text file
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
As long as this statement has more than 64 characters, then nothing bad should happen
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
dgst -sha1 -c -hmac "secret-key" good-09/message.txt
GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
HMAC-SHA1(good-09/message.txt)= 3a:da:b3:ba:5a:59:a9:56:8d:76:3a:d4:20:f6:13:cd:aa:49:41:a6
DOES_NOT_RETURN
CONTROLLED_EXIT
Generate SSL certificate and private key
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
NONE
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout good-10/server.key -out good-10/server.crt -subj "/C=SP/ST=The Moon/L=TheDarkSide/O=KSP/OU=Moon Department/CN=ksp.moon"
GOOD-10-1 AND GOOD-10-2 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
../testData/good-10/server.crt
-----END CERTIFICATE-----
../testData/good-10/server.key
-----END PRIVATE KEY-----
DOES_NOT_RETURN
CONTROLLED_EXIT
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
READ_APPLICATION_DATA
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUGugIE=
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
passwd -crypt -salt xx password
weakness_started_luX3yEsYEUp7K45akQTI AND ((NOT PERFORMER AND (output_excess_non_null_JcxBm6ZnLy) AND NOT timeout_keYy1D1PtI) or (PERFORMER AND NOT ((output_excess_non_null_JcxBm6ZnLy) OR timeout_keYy1D1PtI)))
(NOT PERFORMER AND (output_excess_non_null_JcxBm6ZnLy) AND NOT timeout_keYy1D1PtI) or (PERFORMER AND NOT ((output_excess_non_null_JcxBm6ZnLy) OR timeout_keYy1D1PtI))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi;
None
stonesoup_trace:weakness_start
Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read
READ_APPLICATION_DATA
SGVsbKUgV6lybGSI
AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
des3 -salt -in good-03/file.txt -out $SS_TC_ROOT/testOutput/good-03/file.des3 -k "stonesoup"
weakness_started_KE4KqUrKw3u6xMPNjzhm AND ((NOT PERFORMER AND (output_excess_non_null_FCS0JxNtzD) AND NOT timeout_nbcjZa7Heh) or (PERFORMER AND NOT ((output_excess_non_null_FCS0JxNtzD) OR timeout_nbcjZa7Heh)))
(NOT PERFORMER AND (output_excess_non_null_FCS0JxNtzD) AND NOT timeout_nbcjZa7Heh) or (PERFORMER AND NOT ((output_excess_non_null_FCS0JxNtzD) OR timeout_nbcjZa7Heh))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi;
None
stonesoup_trace:weakness_start