Creating test case using base program. Added an environment variable read to the function definition. Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/wireshark $SS_TC_ROOT/testData/input.pcap ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --enable-wireshark --with-gtk3=yes --without-lua --without-qt --with-gcrypt --with-gnutls --with-libsmi --with-pcap --with-zlib --without-portaudio --without-libcap --without-krb5 --with-cres --with-adns --with-geoip make V=1 CC="$SS_CC" make install V=1 Open saved .pcap file Has a fixed heap buffer of size 64. (char [64]) NONE AAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT export first 50 packets from saved pcap, run md5sum on newly created pcap Has a fixed heap buffer of size 64. (char [64]) NONE Hellow world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT jump to packet 10 Has a fixed heap buffer of size 64. (char [64]) NONE Good-bye cruel world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open statistical summary Has a fixed heap buffer of size 64. (char [64]) NONE AAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open protocol hierarchy Has a fixed heap buffer of size 64. (char [64]) NONE Hellow world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output.txt DOES_NOT_RETURN CONTROLLED_EXIT follow a tcp stream Has a fixed heap buffer of size 64. (char [64]) NONE Good-bye cruel world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT run a display filter for http Has a fixed heap buffer of size 64. (char [64]) NONE AAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/output.txt DOES_NOT_RETURN CONTROLLED_EXIT export a .png from captured http traffic, run an md5, compare with known good Has a fixed heap buffer of size 64. (char [64]) NONE Hellow world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/output.txt DOES_NOT_RETURN CONTROLLED_EXIT search for a string Has a fixed heap buffer of size 64. (char [64]) NONE Good-bye cruel world! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open io graph Has a fixed heap buffer of size 64. (char [64]) NONE AAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Has a fixed heap buffer of size 64. (char [64]) DOS_UNCONTROLLED_EXIT READ_APPLICATION_DATA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 weakness_started_HoF7iT8GxxEY4Nw66yU5 AND ((NOT PERFORMER AND (segfault_glibc_0gPjBP1uU3 OR print_overflowed_buffer_FON7Bho5Ll OR (segfault_code_ePE9q6hl1I OR segfault_code_u1qb3Uz25v OR segfault_code_398vsgzp48 OR segfault_code_MTE0neoSoN OR segfault_code_oHDvyyxnGG OR segfault_msg_e3TD14pDnN OR illegal_inst_msg_DyfePj7xST)) AND NOT timeout_09tKf5f5Ws) or (PERFORMER AND NOT ((segfault_glibc_0gPjBP1uU3 OR print_overflowed_buffer_FON7Bho5Ll OR (segfault_code_ePE9q6hl1I OR segfault_code_u1qb3Uz25v OR segfault_code_398vsgzp48 OR segfault_code_MTE0neoSoN OR segfault_code_oHDvyyxnGG OR segfault_msg_e3TD14pDnN OR illegal_inst_msg_DyfePj7xST)) OR timeout_09tKf5f5Ws))) (NOT PERFORMER AND (segfault_glibc_0gPjBP1uU3 OR print_overflowed_buffer_FON7Bho5Ll OR (segfault_code_ePE9q6hl1I OR segfault_code_u1qb3Uz25v OR segfault_code_398vsgzp48 OR segfault_code_MTE0neoSoN OR segfault_code_oHDvyyxnGG OR segfault_msg_e3TD14pDnN OR illegal_inst_msg_DyfePj7xST)) AND NOT timeout_09tKf5f5Ws) or (PERFORMER AND NOT ((segfault_glibc_0gPjBP1uU3 OR print_overflowed_buffer_FON7Bho5Ll OR (segfault_code_ePE9q6hl1I OR segfault_code_u1qb3Uz25v OR segfault_code_398vsgzp48 OR segfault_code_MTE0neoSoN OR segfault_code_oHDvyyxnGG OR segfault_msg_e3TD14pDnN OR illegal_inst_msg_DyfePj7xST)) OR timeout_09tKf5f5Ws)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None free(): invalid pointer logfile.txt [a-zA-Z0-9,. ']{64,} None stonesoup_trace:weakness_start Has a fixed heap buffer of size 64. (char [64]) DOS_UNCONTROLLED_EXIT READ_APPLICATION_DATA This is probably going to overflow a buffer of some sort. Let's run it anyway and see what happens. I hope that everything turns out ok, because I would love to see what this looks like in all CAPS. Converting ASCII characters to upper case is easy, you can either call a system function, or just add the standard difference between the start of the two character sets. But, I am sure there is a reason that system functions exist for this sort of functionality. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 1 weakness_started_cSjMMcdqeZvj2l8PhwCM AND ((NOT PERFORMER AND (segfault_glibc_o0hY4Vz6Zf OR print_overflowed_buffer_TbeL2JoVN4 OR (segfault_code_skgHcia1u5 OR segfault_code_8jGosNKI3h OR segfault_code_f8WlccI0Of OR segfault_code_G3MqirmF45 OR segfault_code_jm0tnBNjS7 OR segfault_msg_vXsvbOQ0XX OR illegal_inst_msg_PaIut1Cvcy)) AND NOT timeout_cfMo6gnvOC) or (PERFORMER AND NOT ((segfault_glibc_o0hY4Vz6Zf OR print_overflowed_buffer_TbeL2JoVN4 OR (segfault_code_skgHcia1u5 OR segfault_code_8jGosNKI3h OR segfault_code_f8WlccI0Of OR segfault_code_G3MqirmF45 OR segfault_code_jm0tnBNjS7 OR segfault_msg_vXsvbOQ0XX OR illegal_inst_msg_PaIut1Cvcy)) OR timeout_cfMo6gnvOC))) (NOT PERFORMER AND (segfault_glibc_o0hY4Vz6Zf OR print_overflowed_buffer_TbeL2JoVN4 OR (segfault_code_skgHcia1u5 OR segfault_code_8jGosNKI3h OR segfault_code_f8WlccI0Of OR segfault_code_G3MqirmF45 OR segfault_code_jm0tnBNjS7 OR segfault_msg_vXsvbOQ0XX OR illegal_inst_msg_PaIut1Cvcy)) AND NOT timeout_cfMo6gnvOC) or (PERFORMER AND NOT ((segfault_glibc_o0hY4Vz6Zf OR print_overflowed_buffer_TbeL2JoVN4 OR (segfault_code_skgHcia1u5 OR segfault_code_8jGosNKI3h OR segfault_code_f8WlccI0Of OR segfault_code_G3MqirmF45 OR segfault_code_jm0tnBNjS7 OR segfault_msg_vXsvbOQ0XX OR illegal_inst_msg_PaIut1Cvcy)) OR timeout_cfMo6gnvOC)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction None free(): invalid pointer logfile.txt [a-zA-Z0-9,. ']{64,} None stonesoup_trace:weakness_start