Creating test case using base program. Added a Socket Server to accept communication from untrusted source. Completed injection. TRUE UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/postgres -p 8432 ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-pgport=8432 --with-libraries="$SS_TC_DEPS/lib" --with-includes="$SS_TC_DEPS/include" --with-openssl --with-libxml --with-libxslt --without-selinux --with-readline --without-tcl --without-perl --without-python --without-gssapi --without-pam --without-krb5 --with-ldap --without-bonjour --with-zlib --disable-thread-safety make CC="$SS_CC" CCLD="$SS_LNK" make install CC="$SS_CC" CCLD="$SS_LNK" initalize a database Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 sudo -E -u postgres $SS_TC_ROOT/$SS_TC_INSTALL/bin/initdb $SS_TC_ROOT/testData/good-01/psqldb (UTF8 OR ASCII) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/good-01-UTF8.out good-01/good-01-ASCII.out DOES_NOT_RETURN CONTROLLED_EXIT perform a select Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-02/psql GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/good-02.out DOES_NOT_RETURN CONTROLLED_EXIT perform an insert Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-03/psql GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/good-03.out DOES_NOT_RETURN CONTROLLED_EXIT perform a create Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-04/psql GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/good-04.out DOES_NOT_RETURN CONTROLLED_EXIT perform a delete Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-05/psql GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/good-05.out DOES_NOT_RETURN CONTROLLED_EXIT perform a drop Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-06/psql GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/good-06.out DOES_NOT_RETURN CONTROLLED_EXIT import a .sql file Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-07/psql GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/good-07.out DOES_NOT_RETURN CONTROLLED_EXIT perform an alter Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-08/psql GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/good-08.out DOES_NOT_RETURN CONTROLLED_EXIT see who's logged in Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-09/psql GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT \s*booktown\s*\|\s*root\s*\|\s*([0-9]{1,3}\.){3}[0-9]{1,3}\s* DOES_NOT_RETURN CONTROLLED_EXIT perform a select using LIKE Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-10/psql GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/good-10.out DOES_NOT_RETURN CONTROLLED_EXIT Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-06/psql weakness_started_qpvezORAK9EJGC14jJEb AND ((NOT PERFORMER AND (print_buffer_T93V9fXuiQ OR (segfault_code_xyZl4vUgBm OR segfault_code_RIcNk9nd6Q OR segfault_code_yABLForm3o OR segfault_code_dNM4mhvtK9 OR segfault_code_1flmAJZWXq OR segfault_code_r3S6vxUEVt OR segfault_msg_0wqzFy3Hf8 OR illegal_inst_msg_aZwBzJqILb)) AND NOT timeout_n6APrZhzqp) or (PERFORMER AND NOT ((print_buffer_T93V9fXuiQ OR (segfault_code_xyZl4vUgBm OR segfault_code_RIcNk9nd6Q OR segfault_code_yABLForm3o OR segfault_code_dNM4mhvtK9 OR segfault_code_1flmAJZWXq OR segfault_code_r3S6vxUEVt OR segfault_msg_0wqzFy3Hf8 OR illegal_inst_msg_aZwBzJqILb)) OR timeout_n6APrZhzqp OR controlled_exit_henl4ho8NC))) (NOT PERFORMER AND (print_buffer_T93V9fXuiQ OR (segfault_code_xyZl4vUgBm OR segfault_code_RIcNk9nd6Q OR segfault_code_yABLForm3o OR segfault_code_dNM4mhvtK9 OR segfault_code_1flmAJZWXq OR segfault_code_r3S6vxUEVt OR segfault_msg_0wqzFy3Hf8 OR illegal_inst_msg_aZwBzJqILb)) AND NOT timeout_n6APrZhzqp) or (PERFORMER AND NOT ((print_buffer_T93V9fXuiQ OR (segfault_code_xyZl4vUgBm OR segfault_code_RIcNk9nd6Q OR segfault_code_yABLForm3o OR segfault_code_dNM4mhvtK9 OR segfault_code_1flmAJZWXq OR segfault_code_r3S6vxUEVt OR segfault_msg_0wqzFy3Hf8 OR illegal_inst_msg_aZwBzJqILb)) OR timeout_n6APrZhzqp OR controlled_exit_henl4ho8NC)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None 1 None Segmentation fault None Illegal instruction logfile.txt [a-zA-Z0-9]{65,} None stonesoup_trace:weakness_start Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D $SS_TC_ROOT/testData/good-03/psql weakness_started_apPzdxCIWwz7Q05z3ljO AND ((NOT PERFORMER AND (print_buffer_zsyriJVNTJ OR (segfault_code_mWGBjV2On0 OR segfault_code_3vz8zqyHFY OR segfault_code_nPrBNwBTBV OR segfault_code_FG3IoLuHRE OR segfault_code_BatR8nBM7O OR segfault_code_3lbTR7tMwr OR segfault_msg_g5Q4mgu0CB OR illegal_inst_msg_oVSVpEkDPO)) AND NOT timeout_oRCsUyuBJt) or (PERFORMER AND NOT ((print_buffer_zsyriJVNTJ OR (segfault_code_mWGBjV2On0 OR segfault_code_3vz8zqyHFY OR segfault_code_nPrBNwBTBV OR segfault_code_FG3IoLuHRE OR segfault_code_BatR8nBM7O OR segfault_code_3lbTR7tMwr OR segfault_msg_g5Q4mgu0CB OR illegal_inst_msg_oVSVpEkDPO)) OR timeout_oRCsUyuBJt OR controlled_exit_Xu3boBj01P))) (NOT PERFORMER AND (print_buffer_zsyriJVNTJ OR (segfault_code_mWGBjV2On0 OR segfault_code_3vz8zqyHFY OR segfault_code_nPrBNwBTBV OR segfault_code_FG3IoLuHRE OR segfault_code_BatR8nBM7O OR segfault_code_3lbTR7tMwr OR segfault_msg_g5Q4mgu0CB OR illegal_inst_msg_oVSVpEkDPO)) AND NOT timeout_oRCsUyuBJt) or (PERFORMER AND NOT ((print_buffer_zsyriJVNTJ OR (segfault_code_mWGBjV2On0 OR segfault_code_3vz8zqyHFY OR segfault_code_nPrBNwBTBV OR segfault_code_FG3IoLuHRE OR segfault_code_BatR8nBM7O OR segfault_code_3lbTR7tMwr OR segfault_msg_g5Q4mgu0CB OR illegal_inst_msg_oVSVpEkDPO)) OR timeout_oRCsUyuBJt OR controlled_exit_Xu3boBj01P)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None 1 None Segmentation fault None Illegal instruction logfile.txt [a-zA-Z0-9]{65,} None stonesoup_trace:weakness_start