Creating test case using base program. Added an environment variable read to the function definition. Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/wireshark $SS_TC_ROOT/testData/input.pcap ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --enable-wireshark --with-gtk3=yes --without-lua --without-qt --with-gcrypt --with-gnutls --with-libsmi --with-pcap --with-zlib --without-portaudio --without-libcap --without-krb5 --with-cres --with-adns --with-geoip make V=1 CC="$SS_CC" make install V=1 Open saved .pcap file Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT export first 50 packets from saved pcap, run md5sum on newly created pcap Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Hello World! If this statement isn't more than 64 characters, it will go badly $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT jump to packet 10 Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Short is good for buffer overflows, unless you make a mistake and get it wrong $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open statistical summary Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open protocol hierarchy Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Hello World! If this statement isn't more than 64 characters, it will go badly $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output.txt DOES_NOT_RETURN CONTROLLED_EXIT follow a tcp stream Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Short is good for buffer overflows, unless you make a mistake and get it wrong $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT run a display filter for http Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/output.txt DOES_NOT_RETURN CONTROLLED_EXIT export a .png from captured http traffic, run an md5, compare with known good Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Hello World! If this statement isn't more than 64 characters, it will go badly $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/output.txt DOES_NOT_RETURN CONTROLLED_EXIT search for a string Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE Short is good for buffer overflows, unless you make a mistake and get it wrong $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open io graph Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking NONE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking DOS_UNCONTROLLED_EXIT AAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 weakness_started_f6EgBdJRYB7qs19Fo6v3 AND ((NOT PERFORMER AND (segfault_code_ZUS2wc0wJH OR segfault_code_zIkIFXCkPx OR segfault_code_EXGbZIil2J OR segfault_code_vCAcz2fPXg OR segfault_code_ZDVpqZMbEX OR segfault_msg_d4jQ0saKun OR illegal_inst_msg_qBRO1LcuOM) AND NOT timeout_OlRUyvJsXz) or (PERFORMER AND NOT ((segfault_code_ZUS2wc0wJH OR segfault_code_zIkIFXCkPx OR segfault_code_EXGbZIil2J OR segfault_code_vCAcz2fPXg OR segfault_code_ZDVpqZMbEX OR segfault_msg_d4jQ0saKun OR illegal_inst_msg_qBRO1LcuOM) OR timeout_OlRUyvJsXz))) (NOT PERFORMER AND (segfault_code_ZUS2wc0wJH OR segfault_code_zIkIFXCkPx OR segfault_code_EXGbZIil2J OR segfault_code_vCAcz2fPXg OR segfault_code_ZDVpqZMbEX OR segfault_msg_d4jQ0saKun OR illegal_inst_msg_qBRO1LcuOM) AND NOT timeout_OlRUyvJsXz) or (PERFORMER AND NOT ((segfault_code_ZUS2wc0wJH OR segfault_code_zIkIFXCkPx OR segfault_code_EXGbZIil2J OR segfault_code_vCAcz2fPXg OR segfault_code_ZDVpqZMbEX OR segfault_msg_d4jQ0saKun OR illegal_inst_msg_qBRO1LcuOM) OR timeout_OlRUyvJsXz)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None stonesoup_trace:weakness_start Has a buffer declared on the heap. malloc(64*sizeOf(char)) If input is shorter than 64 it will overflowdue to using improper sizeof and strlen checking DOS_UNCONTROLLED_EXIT Short is now bad $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 weakness_started_TNNT8Ho5OOvaPmKYKAHj AND ((NOT PERFORMER AND (segfault_code_TQ1VbMMQQX OR segfault_code_B74lKRCAzY OR segfault_code_8IQA2uavjb OR segfault_code_nfctSK9v5A OR segfault_code_r1gN1eBAF9 OR segfault_msg_TUJu5Uy5rl OR illegal_inst_msg_bSOQZESlVJ) AND NOT timeout_bQITjqRMtU) or (PERFORMER AND NOT ((segfault_code_TQ1VbMMQQX OR segfault_code_B74lKRCAzY OR segfault_code_8IQA2uavjb OR segfault_code_nfctSK9v5A OR segfault_code_r1gN1eBAF9 OR segfault_msg_TUJu5Uy5rl OR illegal_inst_msg_bSOQZESlVJ) OR timeout_bQITjqRMtU))) (NOT PERFORMER AND (segfault_code_TQ1VbMMQQX OR segfault_code_B74lKRCAzY OR segfault_code_8IQA2uavjb OR segfault_code_nfctSK9v5A OR segfault_code_r1gN1eBAF9 OR segfault_msg_TUJu5Uy5rl OR illegal_inst_msg_bSOQZESlVJ) AND NOT timeout_bQITjqRMtU) or (PERFORMER AND NOT ((segfault_code_TQ1VbMMQQX OR segfault_code_B74lKRCAzY OR segfault_code_8IQA2uavjb OR segfault_code_nfctSK9v5A OR segfault_code_r1gN1eBAF9 OR segfault_msg_TUJu5Uy5rl OR illegal_inst_msg_bSOQZESlVJ) OR timeout_bQITjqRMtU)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None stonesoup_trace:weakness_start