Creating test case using base program. Added a Socket Server to accept communication from untrusted source. Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/wireshark $SS_TC_ROOT/testData/input.pcap ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --enable-wireshark --with-gtk3=yes --without-lua --without-qt --with-gcrypt --with-gnutls --with-libsmi --with-pcap --with-zlib --without-portaudio --without-libcap --without-krb5 --with-cres --with-adns --with-geoip make V=1 CC="$SS_CC" make install V=1 Open saved .pcap file Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT export first 50 packets from saved pcap, run md5sum on newly created pcap Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT jump to packet 10 Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open statistical summary Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open protocol hierarchy Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output.txt DOES_NOT_RETURN CONTROLLED_EXIT follow a tcp stream Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT run a display filter for http Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/output.txt DOES_NOT_RETURN CONTROLLED_EXIT export a .png from captured http traffic, run an md5, compare with known good Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/output.txt DOES_NOT_RETURN CONTROLLED_EXIT search for a string Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open io graph Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. DOS_UNCONTROLLED_EXIT $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 weakness_started_DqBZ0JKLilBpmqfTO4G8 AND ((NOT PERFORMER AND (segfault_code_C0yaX7XjKM OR segfault_code_2nLYSqEvRq OR segfault_code_blsIrN43my OR segfault_code_LfMApw92LT OR segfault_code_GQKaTB54LD OR segfault_msg_j2JCUt14FT OR illegal_inst_msg_Wwx87GliQs OR segfault_glibc_X6hAVsoVtf) AND NOT timeout_gb2T8AppDz) or (PERFORMER AND NOT ((segfault_code_C0yaX7XjKM OR segfault_code_2nLYSqEvRq OR segfault_code_blsIrN43my OR segfault_code_LfMApw92LT OR segfault_code_GQKaTB54LD OR segfault_msg_j2JCUt14FT OR illegal_inst_msg_Wwx87GliQs OR segfault_glibc_X6hAVsoVtf) OR timeout_gb2T8AppDz OR controlled_exit_va8SG3CqQW))) (NOT PERFORMER AND (segfault_code_C0yaX7XjKM OR segfault_code_2nLYSqEvRq OR segfault_code_blsIrN43my OR segfault_code_LfMApw92LT OR segfault_code_GQKaTB54LD OR segfault_msg_j2JCUt14FT OR illegal_inst_msg_Wwx87GliQs OR segfault_glibc_X6hAVsoVtf) AND NOT timeout_gb2T8AppDz) or (PERFORMER AND NOT ((segfault_code_C0yaX7XjKM OR segfault_code_2nLYSqEvRq OR segfault_code_blsIrN43my OR segfault_code_LfMApw92LT OR segfault_code_GQKaTB54LD OR segfault_msg_j2JCUt14FT OR illegal_inst_msg_Wwx87GliQs OR segfault_glibc_X6hAVsoVtf) OR timeout_gb2T8AppDz OR controlled_exit_va8SG3CqQW)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None glibc detected None stonesoup_trace:weakness_start Malloc a buffer. Copy the input string to the buffer. Search for 'e' in the string. Upon finding 'e', free the buffer, using a pointer that points to that 'e'. If 'e' is the first character in the buffer, everything is OK. However, if e is not the first character in the buffer, this will seg fault. DOS_UNCONTROLLED_EXIT $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 weakness_started_EzP1JiHPoJGKth5FU5Vh AND ((NOT PERFORMER AND (segfault_code_RsFBecsMQE OR segfault_code_iClYuwWDlB OR segfault_code_vVsM0198iT OR segfault_code_Tign8CCVmA OR segfault_code_RnY0F4J4t6 OR segfault_msg_gV3lTcownk OR illegal_inst_msg_FiyxD0nnLA OR segfault_glibc_MujzKGlStG) AND NOT timeout_t8kNldDyiC) or (PERFORMER AND NOT ((segfault_code_RsFBecsMQE OR segfault_code_iClYuwWDlB OR segfault_code_vVsM0198iT OR segfault_code_Tign8CCVmA OR segfault_code_RnY0F4J4t6 OR segfault_msg_gV3lTcownk OR illegal_inst_msg_FiyxD0nnLA OR segfault_glibc_MujzKGlStG) OR timeout_t8kNldDyiC OR controlled_exit_goRBnC7sR8))) (NOT PERFORMER AND (segfault_code_RsFBecsMQE OR segfault_code_iClYuwWDlB OR segfault_code_vVsM0198iT OR segfault_code_Tign8CCVmA OR segfault_code_RnY0F4J4t6 OR segfault_msg_gV3lTcownk OR illegal_inst_msg_FiyxD0nnLA OR segfault_glibc_MujzKGlStG) AND NOT timeout_t8kNldDyiC) or (PERFORMER AND NOT ((segfault_code_RsFBecsMQE OR segfault_code_iClYuwWDlB OR segfault_code_vVsM0198iT OR segfault_code_Tign8CCVmA OR segfault_code_RnY0F4J4t6 OR segfault_msg_gV3lTcownk OR illegal_inst_msg_FiyxD0nnLA OR segfault_glibc_MujzKGlStG) OR timeout_t8kNldDyiC OR controlled_exit_goRBnC7sR8)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None glibc detected None stonesoup_trace:weakness_start