Creating test case using base program. Added an environment variable read to the function definition. Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/openssl CFLAG="-O $CFLAGS" EX_LIBS="$LDFLAGS $LIBS" ./config --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" shared make CC="$SS_CC" CCLD="$SS_LNK" EX_LIBS="$LDFLAGS $LIBS" make install_sw CC="$SS_CC" CCLD="$SS_LNK" EX_LIBS="$LDFLAGS $SS_LDFLAGS $LIBS" Generate an RSA private key Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 genpkey -out $SS_TC_ROOT/testOutput/good-01/key.pem -algorithm RSA GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testOutput/good-01/key.pem -----END PRIVATE KEY----- DOES_NOT_RETURN CONTROLLED_EXIT Create a password hash using crypt, and salt of "xx" Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens. AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 passwd -crypt -salt xx password GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT xxj31ZMTZzkVA DOES_NOT_RETURN CONTROLLED_EXIT Encrypt a file with DES3 using salt and key of "stonesoup" Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE As long as this statement has more than 64 characters, then nothing bad should happen AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 des3 -salt -in good-03/file.txt -out $SS_TC_ROOT/testOutput/good-03/file.des3 -k "stonesoup" GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testOutput/good-03/file.des3 Salted__ DOES_NOT_RETURN CONTROLLED_EXIT parse ASN1 structure Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 asn1parse -genstr 'UTF8:Hello World' GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 0:d=0 hl=2 l= 11 prim: UTF8STRING :Hello World DOES_NOT_RETURN CONTROLLED_EXIT create Netscape certficiate from PEM Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens. AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 nseq -in good-05/cert.pem -toseq -out $SS_TC_ROOT/testOutput/good-05/nseq.pem GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testOutput/good-05/nseq.pem -----END CERTIFICATE----- DOES_NOT_RETURN CONTROLLED_EXIT generate MIME content from text file, encrypting with x509 cert Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE As long as this statement has more than 64 characters, then nothing bad should happen AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 smime -in good-06/secretemail.txt -encrypt good-06/x509.pem GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT check primality of number Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 prime 15648972863 GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT 3A4C0603F is prime DOES_NOT_RETURN CONTROLLED_EXIT encrypt textfile with AES 256 and salt, base64 encoded result Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE This is probably not going to overflow a buffer of some sort. Let's run it anyway and see what happens. AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 enc -in good-08/secret.txt -aes256 -k password -S abacabb -base64 GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT U2FsdGVkX1+rrKuwAAAAACgoU5YHltmsjJifyZi0xJA= DOES_NOT_RETURN CONTROLLED_EXIT SHA1 with hmac of text file Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE As long as this statement has more than 64 characters, then nothing bad should happen AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 dgst -sha1 -c -hmac "secret-key" good-09/message.txt GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT HMAC-SHA1(good-09/message.txt)= 3a:da:b3:ba:5a:59:a9:56:8d:76:3a:d4:20:f6:13:cd:aa:49:41:a6 DOES_NOT_RETURN CONTROLLED_EXIT Generate SSL certificate and private key Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout good-10/server.key -out good-10/server.crt -subj "/C=SP/ST=The Moon/L=TheDarkSide/O=KSP/OU=Moon Department/CN=ksp.moon" GOOD-10-1 AND GOOD-10-2 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/good-10/server.crt -----END CERTIFICATE----- ../testData/good-10/server.key -----END PRIVATE KEY----- DOES_NOT_RETURN CONTROLLED_EXIT Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read READ_APPLICATION_DATA QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUGugIE= AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 passwd -crypt -salt xx password weakness_started_luX3yEsYEUp7K45akQTI AND ((NOT PERFORMER AND (output_excess_non_null_JcxBm6ZnLy) AND NOT timeout_keYy1D1PtI) or (PERFORMER AND NOT ((output_excess_non_null_JcxBm6ZnLy) OR timeout_keYy1D1PtI))) (NOT PERFORMER AND (output_excess_non_null_JcxBm6ZnLy) AND NOT timeout_keYy1D1PtI) or (PERFORMER AND NOT ((output_excess_non_null_JcxBm6ZnLy) OR timeout_keYy1D1PtI)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi; None stonesoup_trace:weakness_start Has a stack buffer of size 128. reads in an ascii string from an environmentvariable and increments the corresponding values in the stack buffer. Then reads in an input and prints out the count of the characters from the stack buff of those in the input. If input contains extended ascii characters, they will be wrapped around to negative values and the buffer will be under read READ_APPLICATION_DATA SGVsbKUgV6lybGSI AAAABVVCUYEOAISDHGUEHGU:WOJOQIUFGUYGBJdjsafihuegakdlfm9238946665232kmemiucyds78fy2 $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 des3 -salt -in good-03/file.txt -out $SS_TC_ROOT/testOutput/good-03/file.des3 -k "stonesoup" weakness_started_KE4KqUrKw3u6xMPNjzhm AND ((NOT PERFORMER AND (output_excess_non_null_FCS0JxNtzD) AND NOT timeout_nbcjZa7Heh) or (PERFORMER AND NOT ((output_excess_non_null_FCS0JxNtzD) OR timeout_nbcjZa7Heh))) (NOT PERFORMER AND (output_excess_non_null_FCS0JxNtzD) AND NOT timeout_nbcjZa7Heh) or (PERFORMER AND NOT ((output_excess_non_null_FCS0JxNtzD) OR timeout_nbcjZa7Heh)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION if (( $(/bin/grep -P "value [\x80-\xFF] appears: 5555 times" "logfile.txt" | wc -l) > 0)); then true; else false; fi; None stonesoup_trace:weakness_start