wangwei
/
cwetest
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
3.2 MB
55 Download
Tree: e3d2ebff10
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e3d2ebff10'
${ noResults }
cwetest/CWE606_Unchecked_Loop_Condi...

CWE606_Unchecked_Loop_Condition__char_connect_socket_02.c 14 kB
Raw Normal View History

1
3 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447 
  1. /* TEMPLATE GENERATED TESTCASE FILE

  2. Filename: CWE606_Unchecked_Loop_Condition__char_connect_socket_02.c

  3. Label Definition File: CWE606_Unchecked_Loop_Condition.label.xml

  4. Template File: sources-sinks-02.tmpl.c

  5. */

  6. /*

  7.  * @description

  8.  * CWE: 606 Unchecked Input For Loop Condition

  9.  * BadSource: connect_socket Read data using a connect socket (client side)

  10.  * GoodSource: Input a number less than MAX_LOOP

  11.  * Sinks:

  12.  *    GoodSink: Use data as the for loop variant after checking to see if it is less than MAX_LOOP

  13.  *    BadSink : Use data as the for loop variant without checking its size

  14.  * Flow Variant: 02 Control flow: if(1) and if(0)

  15.  *

  16.  * */

  17. 

  18. #include "std_testcase.h"

  19. 

  20. #define MAX_LOOP 10000

  21. 

  22. #ifndef _WIN32

  23. #include <wchar.h>

  24. #endif

  25. 

  26. #ifdef _WIN32

  27. #include <winsock2.h>

  28. #include <windows.h>

  29. #include <direct.h>

  30. #pragma comment(lib, "ws2_32") /* include ws2_32.lib when linking */

  31. #define CLOSE_SOCKET closesocket

  32. #else /* NOT _WIN32 */

  33. #include <sys/types.h>

  34. #include <sys/socket.h>

  35. #include <netinet/in.h>

  36. #include <arpa/inet.h>

  37. #include <unistd.h>

  38. #define INVALID_SOCKET -1

  39. #define SOCKET_ERROR -1

  40. #define CLOSE_SOCKET close

  41. #define SOCKET int

  42. #endif

  43. 

  44. #define TCP_PORT 27015

  45. #define IP_ADDRESS "127.0.0.1"

  46. 

  47. #ifndef OMITBAD

  48. 

  49. void CWE606_Unchecked_Loop_Condition__char_connect_socket_02_bad()

  50. {

  51.     char * data;

  52.     char dataBuffer[100] = "";

  53.     data = dataBuffer;

  54.     if(1)

  55.     {

  56.         {

  57. #ifdef _WIN32

  58.             WSADATA wsaData;

  59.             int wsaDataInit = 0;

  60. #endif

  61.             int recvResult;

  62.             struct sockaddr_in service;

  63.             char *replace;

  64.             SOCKET connectSocket = INVALID_SOCKET;

  65.             size_t dataLen = strlen(data);

  66.             do

  67.             {

  68. #ifdef _WIN32

  69.                 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)

  70.                 {

  71.                     break;

  72.                 }

  73.                 wsaDataInit = 1;

  74. #endif

  75.                 /* POTENTIAL FLAW: Read data using a connect socket */

  76.                 connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

  77.                 if (connectSocket == INVALID_SOCKET)

  78.                 {

  79.                     break;

  80.                 }

  81.                 memset(&service, 0, sizeof(service));

  82.                 service.sin_family = AF_INET;

  83.                 service.sin_addr.s_addr = inet_addr(IP_ADDRESS);

  84.                 service.sin_port = htons(TCP_PORT);

  85.                 if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)

  86.                 {

  87.                     break;

  88.                 }

  89.                 /* Abort on error or the connection was closed, make sure to recv one

  90.                  * less char than is in the recv_buf in order to append a terminator */

  91.                 /* Abort on error or the connection was closed */

  92.                 recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0);

  93.                 if (recvResult == SOCKET_ERROR || recvResult == 0)

  94.                 {

  95.                     break;

  96.                 }

  97.                 /* Append null terminator */

  98.                 data[dataLen + recvResult / sizeof(char)] = '\0';

  99.                 /* Eliminate CRLF */

  100.                 replace = strchr(data, '\r');

  101.                 if (replace)

  102.                 {

  103.                     *replace = '\0';

  104.                 }

  105.                 replace = strchr(data, '\n');

  106.                 if (replace)

  107.                 {

  108.                     *replace = '\0';

  109.                 }

  110.             }

  111.             while (0);

  112.             if (connectSocket != INVALID_SOCKET)

  113.             {

  114.                 CLOSE_SOCKET(connectSocket);

  115.             }

  116. #ifdef _WIN32

  117.             if (wsaDataInit)

  118.             {

  119.                 WSACleanup();

  120.             }

  121. #endif

  122.         }

  123.     }

  124.     if(1)

  125.     {

  126.         {

  127.             int i, n, intVariable;

  128.             if (sscanf(data, "%d", &n) == 1)

  129.             {

  130.                 /* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */

  131.                 intVariable = 0;

  132.                 for (i = 0; i < n; i++)

  133.                 {

  134.                     /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */

  135.                     intVariable++; /* avoid a dead/empty code block issue */

  136.                 }

  137.                 printIntLine(intVariable);

  138.             }

  139.         }

  140.     }

  141. }

  142. 

  143. #endif /* OMITBAD */

  144. 

  145. #ifndef OMITGOOD

  146. 

  147. /* goodB2G1() - use badsource and goodsink by changing the second 1 to 0 */

  148. static void goodB2G1()

  149. {

  150.     char * data;

  151.     char dataBuffer[100] = "";

  152.     data = dataBuffer;

  153.     if(1)

  154.     {

  155.         {

  156. #ifdef _WIN32

  157.             WSADATA wsaData;

  158.             int wsaDataInit = 0;

  159. #endif

  160.             int recvResult;

  161.             struct sockaddr_in service;

  162.             char *replace;

  163.             SOCKET connectSocket = INVALID_SOCKET;

  164.             size_t dataLen = strlen(data);

  165.             do

  166.             {

  167. #ifdef _WIN32

  168.                 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)

  169.                 {

  170.                     break;

  171.                 }

  172.                 wsaDataInit = 1;

  173. #endif

  174.                 /* POTENTIAL FLAW: Read data using a connect socket */

  175.                 connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

  176.                 if (connectSocket == INVALID_SOCKET)

  177.                 {

  178.                     break;

  179.                 }

  180.                 memset(&service, 0, sizeof(service));

  181.                 service.sin_family = AF_INET;

  182.                 service.sin_addr.s_addr = inet_addr(IP_ADDRESS);

  183.                 service.sin_port = htons(TCP_PORT);

  184.                 if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)

  185.                 {

  186.                     break;

  187.                 }

  188.                 /* Abort on error or the connection was closed, make sure to recv one

  189.                  * less char than is in the recv_buf in order to append a terminator */

  190.                 /* Abort on error or the connection was closed */

  191.                 recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0);

  192.                 if (recvResult == SOCKET_ERROR || recvResult == 0)

  193.                 {

  194.                     break;

  195.                 }

  196.                 /* Append null terminator */

  197.                 data[dataLen + recvResult / sizeof(char)] = '\0';

  198.                 /* Eliminate CRLF */

  199.                 replace = strchr(data, '\r');

  200.                 if (replace)

  201.                 {

  202.                     *replace = '\0';

  203.                 }

  204.                 replace = strchr(data, '\n');

  205.                 if (replace)

  206.                 {

  207.                     *replace = '\0';

  208.                 }

  209.             }

  210.             while (0);

  211.             if (connectSocket != INVALID_SOCKET)

  212.             {

  213.                 CLOSE_SOCKET(connectSocket);

  214.             }

  215. #ifdef _WIN32

  216.             if (wsaDataInit)

  217.             {

  218.                 WSACleanup();

  219.             }

  220. #endif

  221.         }

  222.     }

  223.     if(0)

  224.     {

  225.         /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

  226.         printLine("Benign, fixed string");

  227.     }

  228.     else

  229.     {

  230.         {

  231.             int i, n, intVariable;

  232.             if (sscanf(data, "%d", &n) == 1)

  233.             {

  234.                 /* FIX: limit loop iteration counts */

  235.                 if (n < MAX_LOOP)

  236.                 {

  237.                     intVariable = 0;

  238.                     for (i = 0; i < n; i++)

  239.                     {

  240.                         /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */

  241.                         intVariable++; /* avoid a dead/empty code block issue */

  242.                     }

  243.                     printIntLine(intVariable);

  244.                 }

  245.             }

  246.         }

  247.     }

  248. }

  249. 

  250. /* goodB2G2() - use badsource and goodsink by reversing the blocks in the second if */

  251. static void goodB2G2()

  252. {

  253.     char * data;

  254.     char dataBuffer[100] = "";

  255.     data = dataBuffer;

  256.     if(1)

  257.     {

  258.         {

  259. #ifdef _WIN32

  260.             WSADATA wsaData;

  261.             int wsaDataInit = 0;

  262. #endif

  263.             int recvResult;

  264.             struct sockaddr_in service;

  265.             char *replace;

  266.             SOCKET connectSocket = INVALID_SOCKET;

  267.             size_t dataLen = strlen(data);

  268.             do

  269.             {

  270. #ifdef _WIN32

  271.                 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)

  272.                 {

  273.                     break;

  274.                 }

  275.                 wsaDataInit = 1;

  276. #endif

  277.                 /* POTENTIAL FLAW: Read data using a connect socket */

  278.                 connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

  279.                 if (connectSocket == INVALID_SOCKET)

  280.                 {

  281.                     break;

  282.                 }

  283.                 memset(&service, 0, sizeof(service));

  284.                 service.sin_family = AF_INET;

  285.                 service.sin_addr.s_addr = inet_addr(IP_ADDRESS);

  286.                 service.sin_port = htons(TCP_PORT);

  287.                 if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)

  288.                 {

  289.                     break;

  290.                 }

  291.                 /* Abort on error or the connection was closed, make sure to recv one

  292.                  * less char than is in the recv_buf in order to append a terminator */

  293.                 /* Abort on error or the connection was closed */

  294.                 recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0);

  295.                 if (recvResult == SOCKET_ERROR || recvResult == 0)

  296.                 {

  297.                     break;

  298.                 }

  299.                 /* Append null terminator */

  300.                 data[dataLen + recvResult / sizeof(char)] = '\0';

  301.                 /* Eliminate CRLF */

  302.                 replace = strchr(data, '\r');

  303.                 if (replace)

  304.                 {

  305.                     *replace = '\0';

  306.                 }

  307.                 replace = strchr(data, '\n');

  308.                 if (replace)

  309.                 {

  310.                     *replace = '\0';

  311.                 }

  312.             }

  313.             while (0);

  314.             if (connectSocket != INVALID_SOCKET)

  315.             {

  316.                 CLOSE_SOCKET(connectSocket);

  317.             }

  318. #ifdef _WIN32

  319.             if (wsaDataInit)

  320.             {

  321.                 WSACleanup();

  322.             }

  323. #endif

  324.         }

  325.     }

  326.     if(1)

  327.     {

  328.         {

  329.             int i, n, intVariable;

  330.             if (sscanf(data, "%d", &n) == 1)

  331.             {

  332.                 /* FIX: limit loop iteration counts */

  333.                 if (n < MAX_LOOP)

  334.                 {

  335.                     intVariable = 0;

  336.                     for (i = 0; i < n; i++)

  337.                     {

  338.                         /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */

  339.                         intVariable++; /* avoid a dead/empty code block issue */

  340.                     }

  341.                     printIntLine(intVariable);

  342.                 }

  343.             }

  344.         }

  345.     }

  346. }

  347. 

  348. /* goodG2B1() - use goodsource and badsink by changing the first 1 to 0 */

  349. static void goodG2B1()

  350. {

  351.     char * data;

  352.     char dataBuffer[100] = "";

  353.     data = dataBuffer;

  354.     if(0)

  355.     {

  356.         /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

  357.         printLine("Benign, fixed string");

  358.     }

  359.     else

  360.     {

  361.         /* FIX: Set data to a number less than MAX_LOOP */

  362.         strcpy(data, "15");

  363.     }

  364.     if(1)

  365.     {

  366.         {

  367.             int i, n, intVariable;

  368.             if (sscanf(data, "%d", &n) == 1)

  369.             {

  370.                 /* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */

  371.                 intVariable = 0;

  372.                 for (i = 0; i < n; i++)

  373.                 {

  374.                     /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */

  375.                     intVariable++; /* avoid a dead/empty code block issue */

  376.                 }

  377.                 printIntLine(intVariable);

  378.             }

  379.         }

  380.     }

  381. }

  382. 

  383. /* goodG2B2() - use goodsource and badsink by reversing the blocks in the first if */

  384. static void goodG2B2()

  385. {

  386.     char * data;

  387.     char dataBuffer[100] = "";

  388.     data = dataBuffer;

  389.     if(1)

  390.     {

  391.         /* FIX: Set data to a number less than MAX_LOOP */

  392.         strcpy(data, "15");

  393.     }

  394.     if(1)

  395.     {

  396.         {

  397.             int i, n, intVariable;

  398.             if (sscanf(data, "%d", &n) == 1)

  399.             {

  400.                 /* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */

  401.                 intVariable = 0;

  402.                 for (i = 0; i < n; i++)

  403.                 {

  404.                     /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */

  405.                     intVariable++; /* avoid a dead/empty code block issue */

  406.                 }

  407.                 printIntLine(intVariable);

  408.             }

  409.         }

  410.     }

  411. }

  412. 

  413. void CWE606_Unchecked_Loop_Condition__char_connect_socket_02_good()

  414. {

  415.     goodB2G1();

  416.     goodB2G2();

  417.     goodG2B1();

  418.     goodG2B2();

  419. }

  420. 

  421. #endif /* OMITGOOD */

  422. 

  423. /* Below is the main(). It is only used when building this testcase on

  424.    its own for testing or for building a binary to use in testing binary

  425.    analysis tools. It is not used when compiling all the testcases as one

  426.    application, which is how source code analysis tools are tested. */

  427. 

  428. #ifdef INCLUDEMAIN

  429. 

  430. int main(int argc, char * argv[])

  431. {

  432.     /* seed randomness */

  433.     srand( (unsigned)time(NULL) );

  434. #ifndef OMITGOOD

  435.     printLine("Calling good()...");

  436.     CWE606_Unchecked_Loop_Condition__char_connect_socket_02_good();

  437.     printLine("Finished good()");

  438. #endif /* OMITGOOD */

  439. #ifndef OMITBAD

  440.     printLine("Calling bad()...");

  441.     CWE606_Unchecked_Loop_Condition__char_connect_socket_02_bad();

  442.     printLine("Finished bad()");

  443. #endif /* OMITBAD */

  444.     return 0;

  445. }

  446. 

  447. #endif

No Description

Contributors (1)
All