Downloads:
Back to the previous page
| Test Case ID |  153330 |
| Bad / Good / Mixed | Bad |
| Author | IARPA STONESOUP Test and Evaluation team |
| Associations | Test suite: 102 Application: 6 |
| Added by | Charles Oliveira |
| Language | C |
| Type of test case | Source Code |
| Input string | |
| Expected Output | |
| Instructions | See src/INSTALL file for instructions on how to install. |
| Submission date | 2015-10-06 |
| Description | This test case creates a buffer on the stack of 1024 bytes and buffer on the heap of 64 bytes. It copies the taint source into the 1024-char buffer. It checks if the length of the taint source is less than the length of the 64-byte buffer. If it is, it uses strncpy to copy the taint source into the 64-byte buffer, with a maximum value of 1024 bytes. However, strncpy always writes the maximum number of bytes, and so writes 1024 bytes. This overflows the other data in the heap, including memory reserved for use by the memory manager. When the test case attempts to free the heap-allocated buffer, a glibc error occurs. Metadata - Base program: Tree - Source Taint: ENVIRONMENT_VARIABLE - Data Type: SIMPLE - Data Flow: BASIC - Control Flow: SEQUENCE |
| File(s) |
|
| Flaw |
There are no comments
Have any comments on this test case? Please,
.
- color.c
- C-C806B-CTRE-01-ST01-DT02-DF11-CF20-01.xml
- service_mon.sh
- C-C806B-CTRE-01-ST01-DT02-DF11-CF20-01.yaml
- runFifos.py
File Contains:
CWE-806: Buffer Access Using Size of Source Buffer on line(s): 559, 560, 561, 562, 563
CWE-806: Buffer Access Using Size of Source Buffer on line(s): 559, 560, 561, 562, 563