Creating test case using base program.
Added an environment variable read to get a filename to read in the file contents using an fread operation within the function
Completed injection.
UNSPECIFIED
UNSPECIFIED
$SS_TC_ROOT/$SS_TC_INSTALL/bin/openssl
CFLAG="-O $CFLAGS" EX_LIBS="$LDFLAGS $LIBS" ./config --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" shared
make CC="$SS_CC" CCLD="$SS_LNK" EX_LIBS="$LDFLAGS $LIBS"
make install_sw CC="$SS_CC" CCLD="$SS_LNK" EX_LIBS="$LDFLAGS $SS_LDFLAGS $LIBS"
Generate an RSA private key
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/good01.txt
This file is not empty.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
genpkey -out $SS_TC_ROOT/testOutput/good-01/key.pem -algorithm RSA
GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
../testOutput/good-01/key.pem
-----END PRIVATE KEY-----
DOES_NOT_RETURN
CONTROLLED_EXIT
Create a password hash using crypt, and salt of "xx"
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/good02.txt
abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuv
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
passwd -crypt -salt xx password
GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
xxj31ZMTZzkVA
DOES_NOT_RETURN
CONTROLLED_EXIT
Encrypt a file with DES3 using salt and key of "stonesoup"
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/badfilename.txt
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
des3 -salt -in good-03/file.txt -out $SS_TC_ROOT/testOutput/good-03/file.des3 -k "stonesoup"
GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
../testOutput/good-03/file.des3
Salted__
DOES_NOT_RETURN
CONTROLLED_EXIT
parse ASN1 structure
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/good01.txt
This file is not empty.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
asn1parse -genstr 'UTF8:Hello World'
GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
0:d=0 hl=2 l= 11 prim: UTF8STRING :Hello World
DOES_NOT_RETURN
CONTROLLED_EXIT
create Netscape certficiate from PEM
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/good02.txt
abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuv
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
nseq -in good-05/cert.pem -toseq -out $SS_TC_ROOT/testOutput/good-05/nseq.pem
GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
../testOutput/good-05/nseq.pem
-----END CERTIFICATE-----
DOES_NOT_RETURN
CONTROLLED_EXIT
generate MIME content from text file, encrypting with x509 cert
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/badfilename.txt
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
smime -in good-06/secretemail.txt -encrypt good-06/x509.pem
GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-06/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
check primality of number
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/good01.txt
This file is not empty.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
prime 15648972863
GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
3A4C0603F is prime
DOES_NOT_RETURN
CONTROLLED_EXIT
encrypt textfile with AES 256 and salt, base64 encoded result
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/good02.txt
abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuv
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
enc -in good-08/secret.txt -aes256 -k password -S abacabb -base64
GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
U2FsdGVkX1+rrKuwAAAAACgoU5YHltmsjJifyZi0xJA=
DOES_NOT_RETURN
CONTROLLED_EXIT
SHA1 with hmac of text file
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/badfilename.txt
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
dgst -sha1 -c -hmac "secret-key" good-09/message.txt
GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
HMAC-SHA1(good-09/message.txt)= 3a:da:b3:ba:5a:59:a9:56:8d:76:3a:d4:20:f6:13:cd:aa:49:41:a6
DOES_NOT_RETURN
CONTROLLED_EXIT
Generate SSL certificate and private key
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
NONE
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/good01.txt
This file is not empty.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout good-10/server.key -out good-10/server.crt -subj "/C=SP/ST=The Moon/L=TheDarkSide/O=KSP/OU=Moon Department/CN=ksp.moon"
GOOD-10-1 AND GOOD-10-2 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
../testData/good-10/server.crt
-----END CERTIFICATE-----
../testData/good-10/server.key
-----END PRIVATE KEY-----
DOES_NOT_RETURN
CONTROLLED_EXIT
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
DOS_UNCONTROLLED_EXIT
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/bad01.txt
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
passwd -crypt -salt xx password
weakness_started_K7QbqaCdmBha3stMt8wY AND ((NOT PERFORMER AND (segfault_code_2jloDV9ojX OR segfault_code_aVnCEXn0t1 OR segfault_code_QjzDBGV7qd OR segfault_code_L4QOv8XJm8 OR segfault_code_H4ytlhXhnH OR segfault_msg_QnxGNUNwfX OR illegal_inst_msg_PYQFm5FyFw) AND NOT timeout_R1cdqLrNoB) or (PERFORMER AND NOT ((segfault_code_2jloDV9ojX OR segfault_code_aVnCEXn0t1 OR segfault_code_QjzDBGV7qd OR segfault_code_L4QOv8XJm8 OR segfault_code_H4ytlhXhnH OR segfault_msg_QnxGNUNwfX OR illegal_inst_msg_PYQFm5FyFw) OR timeout_R1cdqLrNoB)))
(NOT PERFORMER AND (segfault_code_2jloDV9ojX OR segfault_code_aVnCEXn0t1 OR segfault_code_QjzDBGV7qd OR segfault_code_L4QOv8XJm8 OR segfault_code_H4ytlhXhnH OR segfault_msg_QnxGNUNwfX OR illegal_inst_msg_PYQFm5FyFw) AND NOT timeout_R1cdqLrNoB) or (PERFORMER AND NOT ((segfault_code_2jloDV9ojX OR segfault_code_aVnCEXn0t1 OR segfault_code_QjzDBGV7qd OR segfault_code_L4QOv8XJm8 OR segfault_code_H4ytlhXhnH OR segfault_msg_QnxGNUNwfX OR illegal_inst_msg_PYQFm5FyFw) OR timeout_R1cdqLrNoB))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
None
132
None
134
None
135
None
136
None
139
None
Segmentation fault
None
Illegal instruction
None
stonesoup_trace:weakness_start
read cmd doesn't null terminate input so strcpy reads past end of buffer until NULL char found Good inputs: 1) environment variable is not set. 2) environment variable is set to a filename that exists and whose contents contain a null character in first 32 bytes3) environment variable is set to a filename that does not exist.Bad input: 1) environment variable is set to a filename that exists and whose contents do not contain a null charater in first 32 bytes
DOS_UNCONTROLLED_EXIT
/opt/stonesoup/workspace/testData/keratoid_rambunctious/staurolite_pisum.txt
/opt/stonesoup/workspace/testData/bad02.txt
abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwx
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
0
enc -in good-08/secret.txt -aes256 -k password -S abacabb -base64
weakness_started_qPfE3SHuMOg3hSAnV7oS AND ((NOT PERFORMER AND (segfault_code_cpwrCYywHi OR segfault_code_IjkZ7AzLgp OR segfault_code_3XpCJ432V7 OR segfault_code_ze5BvYzuuN OR segfault_code_y2A1LHbLg9 OR segfault_msg_ZOVA6oMsTB OR illegal_inst_msg_5bCnAOIJ5Q) AND NOT timeout_u32x43kNqg) or (PERFORMER AND NOT ((segfault_code_cpwrCYywHi OR segfault_code_IjkZ7AzLgp OR segfault_code_3XpCJ432V7 OR segfault_code_ze5BvYzuuN OR segfault_code_y2A1LHbLg9 OR segfault_msg_ZOVA6oMsTB OR illegal_inst_msg_5bCnAOIJ5Q) OR timeout_u32x43kNqg)))
(NOT PERFORMER AND (segfault_code_cpwrCYywHi OR segfault_code_IjkZ7AzLgp OR segfault_code_3XpCJ432V7 OR segfault_code_ze5BvYzuuN OR segfault_code_y2A1LHbLg9 OR segfault_msg_ZOVA6oMsTB OR illegal_inst_msg_5bCnAOIJ5Q) AND NOT timeout_u32x43kNqg) or (PERFORMER AND NOT ((segfault_code_cpwrCYywHi OR segfault_code_IjkZ7AzLgp OR segfault_code_3XpCJ432V7 OR segfault_code_ze5BvYzuuN OR segfault_code_y2A1LHbLg9 OR segfault_msg_ZOVA6oMsTB OR illegal_inst_msg_5bCnAOIJ5Q) OR timeout_u32x43kNqg))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
None
132
None
134
None
135
None
136
None
139
None
Segmentation fault
None
Illegal instruction
None
stonesoup_trace:weakness_start