Creating test case using base program.
Added an environment variable read to the function definition.
Completed injection.
UNSPECIFIED
UNSPECIFIED
$SS_TC_ROOT/$SS_TC_INSTALL/bin/grep
./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --exec-prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-included-regex
make V=1 CC="$SS_CC" CCLD="$SS_LNK"
make V=1 install CC="$SS_CC" CCLD="$SS_LNK"
all words beginning with e or x, case sensitive
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
AAAAAAAAAAAAAAAAAAAAAAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
^[ex] input/dict.txt
STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-01/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
find BIRMINGHAM, ignore case, recursive
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
Hello World!
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-r -i BIRMINGHAM input/zip/
STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
read extented regular expressions from file
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
Short is good
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-E -f input/grep-good-03-expr.txt input/mktsymbols.txt
STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-03/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
search for entire words matching a specific pattern
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
AAAAAAAAAAAAAAAAAAAAAAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-w -f input/grep-good-04-expr.txt input/mktsymbols.txt
STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-04/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
use mmap(), find NASDAQ in file
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
Hello World!
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
--mmap NASDAQ input/mktsymbols.txt
STDOUT-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
match lines not containing NASDAQ, ignore case, count
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
Short is good
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-v -i -c NASDAQ input/mktsymbols.txt
STDOUT-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-06/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
grep stdin (a device), match words beginning w/ D, P, or Z, redirect file into stdin
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
AAAAAAAAAAAAAAAAAAAAAAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-D read -e ^[DPZ] /dev/stdin < input/mktsymbols.txt
STDOUT-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-07/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
extended grep, print number of lines of context
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
Hello World!
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-E -C 15 ^[BRT] input/mktsymbols.txt
STDOUT-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-08/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
lines not beginning w/ B, R or T
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
Short is good
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-v ^[BRT] input/mktsymbols.txt
STDOUT-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-09/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
count lines not beginning w/ B, R or T
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
NONE
AAAAAAAAAAAAAAAAAAAAAAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-c -v ^[BRT] input/mktsymbols.txt
STDOUT-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-10/std-out.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
READ_APPLICATION_DATA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
-D read -e ^[DPZ] /dev/stdin < input/mktsymbols.txt
weakness_started_TRLg8ypnC88T78ats1On AND ((NOT PERFORMER AND (output_exceeds_63_bytes_rhmZq4BmGd AND output_excess_non_null_jJyOvlyR3Y) AND NOT timeout_rNoXOZXtmx) or (PERFORMER AND NOT ((output_exceeds_63_bytes_rhmZq4BmGd AND output_excess_non_null_jJyOvlyR3Y) OR timeout_rNoXOZXtmx)))
(NOT PERFORMER AND (output_exceeds_63_bytes_rhmZq4BmGd AND output_excess_non_null_jJyOvlyR3Y) AND NOT timeout_rNoXOZXtmx) or (PERFORMER AND NOT ((output_exceeds_63_bytes_rhmZq4BmGd AND output_excess_non_null_jJyOvlyR3Y) OR timeout_rNoXOZXtmx))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
if (( $(wc -c "logfile.txt" | cut -d " " -f 1) > 126 )); then true; else false; fi;
if (( $(head -c -126 "logfile.txt" | tr -d '0\n' | wc -c) > 0 )); then true; else false; fi;
None
stonesoup_trace:weakness_start
Has a fixed heap buffer of size 64, allocated within a struct When input has a larger size, the heap buffer will be over read
READ_APPLICATION_DATA
This is probably going to overflow a buffer of some sort. Let's run it anyway and see what happens. I hope that everything turns out ok, because I would love to see what this looks like in all CAPS. Converting ASCII characters to upper case is easy, you can either call a system function, or just add the standard difference between the start of the two character sets. But, I am sure there is a reason that system functions exist for this sort of functionality.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
--mmap NASDAQ input/mktsymbols.txt
weakness_started_6CidBYeGlf5EB41xVhWY AND ((NOT PERFORMER AND (output_exceeds_63_bytes_ashPdqHDA0 AND output_excess_non_null_ZCm0J2iOeC) AND NOT timeout_uU4ymz76RD) or (PERFORMER AND NOT ((output_exceeds_63_bytes_ashPdqHDA0 AND output_excess_non_null_ZCm0J2iOeC) OR timeout_uU4ymz76RD)))
(NOT PERFORMER AND (output_exceeds_63_bytes_ashPdqHDA0 AND output_excess_non_null_ZCm0J2iOeC) AND NOT timeout_uU4ymz76RD) or (PERFORMER AND NOT ((output_exceeds_63_bytes_ashPdqHDA0 AND output_excess_non_null_ZCm0J2iOeC) OR timeout_uU4ymz76RD))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
if (( $(wc -c "logfile.txt" | cut -d " " -f 1) > 126 )); then true; else false; fi;
if (( $(head -c -126 "logfile.txt" | tr -d '0\n' | wc -c) > 0 )); then true; else false; fi;
None
stonesoup_trace:weakness_start