SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #153688

Back to the previous page... Back to the previous page

Test Case IDCandidate153688
Bad / Good / MixedBadBad test case
AuthorIARPA STONESOUP Test and Evaluation team
Associations
Test suite: 102  
Application: 8  
Added byCharles Oliveira
LanguageC
Type of test caseSource Code
Input string
Expected Output
Instructions
See src/INSTALL file for instructions on how to install.
Submission date2015-10-06
DescriptionThis test case checks if the taint source is less than 20 characters, and if so, allocates a buffer on the heap with 20 characters. It sets the buffer to all 0's, then calls realpath on the taint source, with the destination being the 20-character heap buffer. If realpath evaluates to more than 20 characters, it will over-write memory reserved for the memory manager, resulting in a glibc error when the heap buffer is freed.
Metadata
- Base program: Wireshark
- Source Taint: FILE_CONTENTS
- Data Type: VOID_POINTER
- Data Flow: BUFFER_ADDRESS_POINTER
- Control Flow: CALLBACK
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-785: Use of Path Manipulation Function without Maximum-sized Buffer on line(s): 1291, 1292, 1293, 1294, 1295, 1296, 1297, 1298, 1299, 1300