National Institute of Standards and Technology
Package illustrating a test case

Test case 149267

Description

This test case looks for the substring 'aba' within the taint source. If it finds the substring, it sets a pointer called stonesoup_second_buff to the beginning of the 'aba' substring, and the weakness continues without incident. If it does not find the substring, stonesoup_second_buff retains its initial value of NULL. The weakness subsequently calculates the length of stonesoup_second_buff, using strlen. If stonesoup_second_buff is NULL, this causes a segmentation fault.
Metadata
- Base program: Wireshark
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: VOID_POINTER
- Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE
- Control Flow: MACROS

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.