-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest.cpp
99 lines (78 loc) · 1.57 KB
/
test.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#include <stdio.h>
#include <stdlib.h>
#include <string>
char* tainted_str() {
char *buf = (char*)malloc(32);
// gets(buf);
return buf;
}
int tainted_int() {
return strtoul(tainted_str(), NULL, 10);
}
void int_overflow() {
int a = tainted_int();
int b = 0;
int c = a + b;
a = 0;
b = tainted_int();
int d = a + b;
}
void int_truncation() {
int a = tainted_int();
short b = a;
int c = tainted_int();
int d = 0;
short e = c + d;
}
void int_overflow_loop() {
int a = 1;
int i = 40;
while (i--) {
a += a;
}
}
char* stack_return() {
char foo[10];
return foo;
}
void uncontrolled_malloc() {
malloc(tainted_int());
}
void format_string() {
char* format = "%x";
printf(format);
}
void sprintf_return_val() {
char buf[10];
snprintf(buf, 5, "%s", "ABCDEFG");
sprintf(buf, "%s", "ABCDEFG");
}
void my_system(std::string cmd) {
system(cmd.c_str());
}
void my_system_char(const char* cmd) {
system(cmd);
}
std::string get_user_input() {
return "world'; ls -la; echo 'goodbye";
}
const char* get_user_input_char() {
return "world'; ls -la; echo 'goodbye";
}
template<typename T>
void my_prop(T cmd) {
my_system(cmd);
}
void my_prop_char(const char* cmd) {
my_system_char(cmd);
}
int main() {
// Not sure if this actually needs to be called to be detected?
stack_return()[0];
auto cmd = get_user_input();
my_prop(cmd);
auto cmd_char = get_user_input_char();
my_prop(cmd_char);
my_prop_char(cmd_char);
// my_system_char(cmd_char);
}