/* goodG2B uses the GoodSource with the BadSink */ void CWE15_External_Control_of_System_or_Configuration_Setting__w32_51b_goodG2BSink(char * data) { /* POTENTIAL FLAW: set the hostname to data obtained from a potentially external source */ if (!SetComputerNameA(data)) { printLine("Failure setting computer name"); exit(1); } }
/* goodG2B uses the GoodSource with the BadSink */ void goodG2BSink(list<char *> dataList) { char * data = dataList.back(); /* POTENTIAL FLAW: set the hostname to data obtained from a potentially external source */ if (!SetComputerNameA(data)) { printLine("Failure setting computer name"); exit(1); } }
/****************************************************************************** * SetComputerNameExA [KERNEL32.@] * */ BOOL WINAPI SetComputerNameExA( COMPUTER_NAME_FORMAT type, LPCSTR lpComputerName ) { TRACE( "%d, %s\n", type, debugstr_a (lpComputerName) ); switch( type ) { case ComputerNameNetBIOS: case ComputerNamePhysicalNetBIOS: return SetComputerNameA( lpComputerName ); default: SetLastError( ERROR_ACCESS_DENIED ); return FALSE; } }
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the if statement */ static void goodG2B2() { char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) { /* FIX: get the hostname from a string literal */ strcpy(data, "hostname"); } /* POTENTIAL FLAW: set the hostname to data obtained from a potentially external source */ if (!SetComputerNameA(data)) { printLine("Failure setting computer name"); exit(1); } }
static int Win32_SetComputerName(Jim_Interp *interp, int objc, Jim_Obj * const *objv) { int r = JIM_OK; const char *name; if (objc != 2) { Jim_WrongNumArgs(interp, 1, objv, "computername"); return JIM_ERR; } name = Jim_String(objv[1]); if (!SetComputerNameA(name)) { Jim_SetResult(interp, Win32ErrorObj(interp, "SetComputerName", GetLastError())); r = JIM_ERR; } return r; }
/* goodG2B1() - use goodsource and badsink by changing the staticReturnsTrue() to staticReturnsFalse() */ static void goodG2B1() { char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsFalse()) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); } else { /* FIX: get the hostname from a string literal */ strcpy(data, "hostname"); } /* POTENTIAL FLAW: set the hostname to data obtained from a potentially external source */ if (!SetComputerNameA(data)) { printLine("Failure setting computer name"); exit(1); } }
void CWE15_External_Control_of_System_or_Configuration_Setting__w32_08_bad() { char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) { { WSADATA wsaData; BOOL wsaDataInit = FALSE; SOCKET listenSocket = INVALID_SOCKET; SOCKET acceptSocket = INVALID_SOCKET; struct sockaddr_in service; int recvResult; do { if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; listenSocket = socket(PF_INET, SOCK_STREAM, 0); if (listenSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(LISTEN_PORT); if (SOCKET_ERROR == bind(listenSocket, (struct sockaddr*)&service, sizeof(service))) { break; } if (SOCKET_ERROR == listen(listenSocket, LISTEN_BACKLOG)) { break; } acceptSocket = accept(listenSocket, NULL, NULL); if (acceptSocket == INVALID_SOCKET) { break; } /* INCIDENTAL CWE 188 - reliance on data memory layout * recv and friends return "number of bytes" received * char's on our system, however, may not be "octets" (8-bit * bytes) but could be just about anything. Also, * even if the external environment is ASCII or UTF8, * the ANSI/ISO C standard does not dictate that the * character set used by the actual language or character * constants matches. * * In practice none of these are usually issues... */ /* FLAW: read the new hostname from a network socket */ recvResult = recv(acceptSocket, data, 100 - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } data[recvResult] = '\0'; } while (0); if (acceptSocket != INVALID_SOCKET) { closesocket(acceptSocket); } if (listenSocket != INVALID_SOCKET) { closesocket(listenSocket); } if (wsaDataInit) { WSACleanup(); } } } /* POTENTIAL FLAW: set the hostname to data obtained from a potentially external source */ if (!SetComputerNameA(data)) { printLine("Failure setting computer name"); exit(1); } }