Creating test case using base program. Added an environment variable read to get a filename to read in the file contents using an fread operation within the function Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/wireshark $SS_TC_ROOT/testData/input.pcap ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --enable-wireshark --with-gtk3=yes --without-lua --without-qt --with-gcrypt --with-gnutls --with-libsmi --with-pcap --with-zlib --without-portaudio --without-libcap --without-krb5 --with-cres --with-adns --with-geoip make V=1 CC="$SS_CC" make install V=1 Open saved .pcap file Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT export first 50 packets from saved pcap, run md5sum on newly created pcap Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt This is probably not going to overflow a buffer of some sort. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT jump to packet 10 Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt This statement has less than 64 characters, then nothing bad. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open statistical summary Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open protocol hierarchy Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt This is probably not going to overflow a buffer of some sort. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output.txt DOES_NOT_RETURN CONTROLLED_EXIT follow a tcp stream Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt This statement has less than 64 characters, then nothing bad. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT run a display filter for http Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/output.txt DOES_NOT_RETURN CONTROLLED_EXIT export a .png from captured http traffic, run an md5, compare with known good Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt This is probably not going to overflow a buffer of some sort. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/output.txt DOES_NOT_RETURN CONTROLLED_EXIT search for a string Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt This statement has less than 64 characters, then nothing bad. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/output.txt DOES_NOT_RETURN CONTROLLED_EXIT open io graph Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. NONE /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 weakness_started_2Za8oSoWrzsDn9JVgpkq AND ((NOT PERFORMER AND (print_buffer_c4R0v2UesV OR (segfault_code_X27VknrvXr OR segfault_code_mZ1GbVg3WS OR segfault_code_WIXYMAD1gr OR segfault_code_BnPKHeXOPG OR segfault_code_7kdWHHvhzh OR segfault_msg_aNjtn42bDA OR illegal_inst_msg_ymOkivROey)) AND NOT timeout_PcU40wYlVh) or (PERFORMER AND NOT ((print_buffer_c4R0v2UesV OR (segfault_code_X27VknrvXr OR segfault_code_mZ1GbVg3WS OR segfault_code_WIXYMAD1gr OR segfault_code_BnPKHeXOPG OR segfault_code_7kdWHHvhzh OR segfault_msg_aNjtn42bDA OR illegal_inst_msg_ymOkivROey)) OR timeout_PcU40wYlVh))) (NOT PERFORMER AND (print_buffer_c4R0v2UesV OR (segfault_code_X27VknrvXr OR segfault_code_mZ1GbVg3WS OR segfault_code_WIXYMAD1gr OR segfault_code_BnPKHeXOPG OR segfault_code_7kdWHHvhzh OR segfault_msg_aNjtn42bDA OR illegal_inst_msg_ymOkivROey)) AND NOT timeout_PcU40wYlVh) or (PERFORMER AND NOT ((print_buffer_c4R0v2UesV OR (segfault_code_X27VknrvXr OR segfault_code_mZ1GbVg3WS OR segfault_code_WIXYMAD1gr OR segfault_code_BnPKHeXOPG OR segfault_code_7kdWHHvhzh OR segfault_msg_aNjtn42bDA OR illegal_inst_msg_ymOkivROey)) OR timeout_PcU40wYlVh)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction logfile.txt [a-zA-Z0-9]{65,} None stonesoup_trace:weakness_start Has a heap buffer of size 64. Reads in an ascii string from an environment variable and copies the final 63 characters into the heap buffer. Then reads the variable back from the heap buffer in reverse order, but incorrectly uses the size of the original string. If the original string is longer than 63characters, this will result in an underread. READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT /opt/stonesoup/workspace/testData/professorling_joel/tingliest_anguillulidae.txt The quick brown fox jumps over the lazy dog. Why? I don't know, because he was in a rush and trying to get somewhere. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 weakness_started_268m6TL3GVpzrHgQMSzl AND ((NOT PERFORMER AND (print_buffer_WP7L0mMQHP OR (segfault_code_cbKf990g9s OR segfault_code_P6HjbHeFYF OR segfault_code_ouAPbmWpls OR segfault_code_y21qVvnFWc OR segfault_code_GCEkZ8MWRY OR segfault_msg_So9L1XR8pc OR illegal_inst_msg_neZY1PPGPp)) AND NOT timeout_y9yeBRpDTt) or (PERFORMER AND NOT ((print_buffer_WP7L0mMQHP OR (segfault_code_cbKf990g9s OR segfault_code_P6HjbHeFYF OR segfault_code_ouAPbmWpls OR segfault_code_y21qVvnFWc OR segfault_code_GCEkZ8MWRY OR segfault_msg_So9L1XR8pc OR illegal_inst_msg_neZY1PPGPp)) OR timeout_y9yeBRpDTt))) (NOT PERFORMER AND (print_buffer_WP7L0mMQHP OR (segfault_code_cbKf990g9s OR segfault_code_P6HjbHeFYF OR segfault_code_ouAPbmWpls OR segfault_code_y21qVvnFWc OR segfault_code_GCEkZ8MWRY OR segfault_msg_So9L1XR8pc OR illegal_inst_msg_neZY1PPGPp)) AND NOT timeout_y9yeBRpDTt) or (PERFORMER AND NOT ((print_buffer_WP7L0mMQHP OR (segfault_code_cbKf990g9s OR segfault_code_P6HjbHeFYF OR segfault_code_ouAPbmWpls OR segfault_code_y21qVvnFWc OR segfault_code_GCEkZ8MWRY OR segfault_msg_So9L1XR8pc OR illegal_inst_msg_neZY1PPGPp)) OR timeout_y9yeBRpDTt)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction logfile.txt [a-zA-Z0-9]{65,} None stonesoup_trace:weakness_start