void CWE427_Uncontrolled_Search_Path_Element__char_file_03_bad() { char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; if(5==5) { { /* Read input from a file */ size_t dataLen = strlen(data); FILE * pFile; /* if there is room in data, attempt to read the input from a file */ if (250-dataLen > 1) { pFile = fopen(FILENAME, "r"); if (pFile != NULL) { /* POTENTIAL FLAW: Read data from a file */ if (fgets(data+dataLen, (int)(250-dataLen), pFile) == NULL) { printLine("fgets() failed"); /* Restore NUL terminator if fgets fails */ data[dataLen] = '\0'; } fclose(pFile); } } } } /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void badSink(vector<char *> dataVector) { /* copy data out of dataVector */ char * data = dataVector[2]; /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void badSink(map<int, wchar_t *> dataMap) { /* copy data out of dataMap */ wchar_t * data = dataMap[2]; /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void badSink(list<wchar_t *> dataList) { /* copy data out of dataList */ wchar_t * data = dataList.back(); /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void CWE427_Uncontrolled_Search_Path_Element__char_connect_socket_66b_badSink(char * dataArray[]) { /* copy data out of dataArray */ char * data = dataArray[2]; /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void ProcessEnv::resetEnv(const char* envName) { if (!envName) return; Int32 i; size_t nameLen=strlen(envName); CollHeap *stmtHeap = CmpCommon::statementHeap(); NAList<Int32> deleteArray(stmtHeap, 16); // 16 should be more than enough // find the env in existing env array for (i=0; i < envs_.getSize(); i++) { if (envs_.used(i)) { char* pTemp = strchr(envs_[i], '='); if (pTemp) // found '=' { Int32 envLen = (Int32)(pTemp - envs_[i]); if (envLen == nameLen && strncmp(envName, envs_[i], nameLen) == 0 ) { // found matching env var name *(pTemp) = '\0'; PUTENV(envs_[i]); NADELETEBASIC(envs_[i], heap_); deleteArray.insert(i); } } } } // remove from the env array for (Int32 j = 0; j < deleteArray.entries(); j++) { envs_.remove(deleteArray[j]); } }
/* goodG2B uses the GoodSource with the BadSink */ static void goodG2B() { wchar_t * data; wchar_t dataBuffer[250] = L"PATH="; data = dataBuffer; data = goodG2BSource(data); /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
/* goodG2B uses the GoodSource with the BadSink */ void CWE427_Uncontrolled_Search_Path_Element__wchar_t_listen_socket_64b_goodG2BSink(void * dataVoidPtr) { /* cast void pointer to a pointer of the appropriate type */ wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; /* dereference dataPtr into data */ wchar_t * data = (*dataPtr); /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void CWE427_Uncontrolled_Search_Path_Element__wchar_t_environment_42_bad() { wchar_t * data; wchar_t dataBuffer[250] = L"PATH="; data = dataBuffer; data = badSource(data); /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
static void goodG2B() { char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; data = CWE427_Uncontrolled_Search_Path_Element__char_listen_socket_61b_goodG2BSource(data); /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void ProcessEnv::addOrChangeEnv(char **newenvs, Lng32 nEnvs) { Lng32 i,j; for (i=0; i < nEnvs; i++) { char* pTemp = strchr(newenvs[i], '='); if (pTemp) { NABoolean sameValue = FALSE; Int32 envNameLen = pTemp - (newenvs[i]) + 1; // including '=' char* envName = new char[envNameLen+1]; strncpy(envName, newenvs[i], envNameLen); envName[envNameLen] = '\0'; NABoolean envChanged = FALSE; CollIndex entriesChecked = 0; for (j=0; entriesChecked < envs_.entries(); j++) { if ( envs_.used(j) ) { if (strcmp(newenvs[i], envs_[j]) == 0) { sameValue = TRUE; break; } else if (strncmp(envName, envs_[j], envNameLen) == 0) { envChanged = TRUE; break; } entriesChecked++; } } if (!sameValue) { CollIndex index = j; // Put to the same location if value changed if ( envChanged ) { NADELETEBASIC(envs_[j], heap_); envs_.remove(j); } else index = envs_.unusedIndex(); // Insert a new env string UInt32 len = strlen(newenvs[i]); char *copyEnv = new (heap_) char[len + 1]; strcpy(copyEnv, newenvs[i]); copyEnv[len] = 0; PUTENV(copyEnv); envs_.insertAt(index, copyEnv); } delete[] envName; } } }
void CWE427_Uncontrolled_Search_Path_Element__char_listen_socket_22_bad() { char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; CWE427_Uncontrolled_Search_Path_Element__char_listen_socket_22_badGlobal = 1; /* true */ data = CWE427_Uncontrolled_Search_Path_Element__char_listen_socket_22_badSource(data); /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
static void goodG2B1() { char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; goodG2B1Static = 0; /* false */ data = goodG2B1Source(data); /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
static void goodG2B2() { char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; CWE427_Uncontrolled_Search_Path_Element__char_console_22_goodG2B2Global = 1; /* true */ data = CWE427_Uncontrolled_Search_Path_Element__char_console_22_goodG2B2Source(data); /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
/* goodG2B() - use goodsource and badsink by reversing the blocks on the goto statement */ static void goodG2B() { char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; goto source; source: /* FIX: Set the path as the "system" path */ strcat(data, NEW_PATH); /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the if statement */ static void goodG2B2() { wchar_t * data; wchar_t dataBuffer[250] = L"PATH="; data = dataBuffer; if(staticTrue) { /* FIX: Set the path as the "system" path */ wcscat(data, NEW_PATH); } /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the if statement */ static void goodG2B2() { char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) { /* FIX: Set the path as the "system" path */ strcat(data, NEW_PATH); } /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
/* goodG2B() - use goodsource and badsink by changing the conditions on the for statements */ static void goodG2B() { int h; char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; for(h = 0; h < 1; h++) { /* FIX: Set the path as the "system" path */ strcat(data, NEW_PATH); } /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
/* goodG2B() uses the GoodSource with the BadSink */ static void goodG2B() { char * data; CWE427_Uncontrolled_Search_Path_Element__char_listen_socket_34_unionType myUnion; char dataBuffer[250] = "PATH="; data = dataBuffer; /* FIX: Set the path as the "system" path */ strcat(data, NEW_PATH); myUnion.unionFirst = data; { char * data = myUnion.unionSecond; /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); } }
Int32 Envvar::reset() { if ((!getenv(name)) || (!env_str)) // this should be true, return -1; // otherwise its an internal error. // VO, Plan versioning support: The code below '#else' will not // reset the env var properly on NT, a subsequent 'sh env;' command // will still display it with its original value. char * ptr = strchr (env_str, '='); ptr[1] = 0; Int32 i = PUTENV(env_str); if (i) cerr << "*** ERROR " << i << " from putenv." << endl; invalidateEnvVarDependentCaches(name); return 0; }
/* goodG2B1() - use goodsource and badsink by changing the staticTrue to staticFalse */ static void goodG2B1() { wchar_t * data; wchar_t dataBuffer[250] = L"PATH="; data = dataBuffer; if(staticFalse) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); } else { /* FIX: Set the path as the "system" path */ wcscat(data, NEW_PATH); } /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void init_callin_functable(void) { unsigned char *env_top, *address_top; uint4 address_len; int save_errno; address_top = GTM64_ONLY(i2ascl)NON_GTM64_ONLY(i2asc)(gtmvectortable_address, (UINTPTR_T)(&callintogtm_vectortable[0])); *address_top = '\0'; address_len = (uint4)(address_top - >mvectortable_address[0]); env_top = >mvectortable_env[0]; MEMCPY_LIT(env_top, GTM_CALLIN_START_ENV); memcpy((env_top + strlen(GTM_CALLIN_START_ENV)), gtmvectortable_address, address_len); *(env_top + strlen(GTM_CALLIN_START_ENV) + address_len) = '\0'; if (PUTENV((char *)gtmvectortable_env)) { save_errno = errno; rts_error(VARLSTCNT(8) ERR_SYSCALL, 5, LEN_AND_LIT("putenv"), CALLFROM, save_errno); } }
Int32 Envvar::set() { // Envvars are added by creating a string "envvar_name=envvar_value" // and then adding it ("putting" it) to environment. delete [] env_str; env_str = new char[strlen(name) + 1/*for = */ + strlen(value) +1/*for null*/]; strcpy(env_str, name); strcat(env_str, "="); strcat(env_str, value); Int32 i = PUTENV(env_str); if (i) cerr << "*** ERROR " << i << " from putenv." << endl; invalidateEnvVarDependentCaches(name); return i; }
void ProcessEnv::dumpEnvs() { // To test the PUTENV still works const char* aString = "DUMPENV=ddd"; PUTENV((char *)aString); ofstream outStream("DUMPENVS"); Int32 i=0; outStream << "ProcessEnv::dumpEnvs() " << endl << flush; while (ENVIRON[i]) { char tempstr[2048]; strncpy( tempstr, ENVIRON[i], sizeof(tempstr)); char* p = strchr(tempstr, '='); if ( p ) *p = 0; char *s; if (s = getenv(tempstr)) outStream << "environ[" << i << "] ---- " << tempstr << " ---> " << s << endl; i++; } }
void CWE427_Uncontrolled_Search_Path_Element__char_environment_18_bad() { char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; goto source; source: { /* Append input from an environment variable to data */ size_t dataLen = strlen(data); char * environment = GETENV(ENV_VARIABLE); /* If there is data in the environment variable */ if (environment != NULL) { /* POTENTIAL FLAW: Read data from an environment variable */ strncat(data+dataLen, environment, 250-dataLen-1); } } /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void ProcessEnv::removeEnv(char **newenvs, Lng32 nEnvs) { Lng32 i,j; CollHeap *stmtHeap = CmpCommon::statementHeap(); NAList<Lng32> deleteArray(stmtHeap, 16); #pragma warning (disable : 4018) //warning elimination for (j=0; j < envs_.getSize(); j++) #pragma warning (default : 4018) //warning elimination { if (envs_.used(j)) { for (i=0; i < nEnvs; i++) if (strcmp(newenvs[i], envs_[j]) ==0 ) break; if ( i >= nEnvs ) { // can't find it in newenvs, envs_[j] must have been deleted char* pTemp = strchr(envs_[j], '='); if (pTemp) { *(pTemp+1) = '\0'; PUTENV(envs_[j]); NADELETEBASIC(envs_[j], heap_); deleteArray.insert(j); } } } } #pragma warning (disable : 4018) //warning elimination for (j=0; j < deleteArray.entries(); j++) { #pragma warning (default : 4018) //warning elimination envs_.remove(deleteArray[j]); } }
void CWE427_Uncontrolled_Search_Path_Element__wchar_t_environment_17_bad() { int i; wchar_t * data; wchar_t dataBuffer[250] = L"PATH="; data = dataBuffer; for(i = 0; i < 1; i++) { { /* Append input from an environment variable to data */ size_t dataLen = wcslen(data); wchar_t * environment = GETENV(ENV_VARIABLE); /* If there is data in the environment variable */ if (environment != NULL) { /* POTENTIAL FLAW: Read data from an environment variable */ wcsncat(data+dataLen, environment, 250-dataLen-1); } } } /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
void init_callin_functable(void) { unsigned char *env_top, *address_top; uint4 address_len; /* The address of the vector table containing pointers * to gt_timers functions is of type unsigned int which * is o.k in current GT.M implementations, however when * GT.M migrates to a fully 64 port this part of the code * might have be re-visited. */ assert ( 64 > sizeof(gtmvectortable_address)); address_top = i2asc(gtmvectortable_address, (uint4 )&callintogtm_vectortable[0]); *address_top = '\0'; address_len = (uint4 )(address_top - >mvectortable_address[0]); env_top = >mvectortable_env[0]; memcpy(env_top, GTM_CALLIN_START_ENV, strlen(GTM_CALLIN_START_ENV)); memcpy((env_top + strlen(GTM_CALLIN_START_ENV)), gtmvectortable_address, address_len); *(env_top + strlen(GTM_CALLIN_START_ENV) + address_len) = '\0'; if (PUTENV((char *)gtmvectortable_env)) { rts_error(VARLSTCNT(1) errno); } }
void CWE427_Uncontrolled_Search_Path_Element__char_console_02_bad() { char * data; char dataBuffer[250] = "PATH="; data = dataBuffer; if(1) { { /* Read input from the console */ size_t dataLen = strlen(data); /* if there is room in data, read into it from the console */ if (250-dataLen > 1) { /* POTENTIAL FLAW: Read data from the console */ if (fgets(data+dataLen, (int)(250-dataLen), stdin) != NULL) { /* The next few lines remove the carriage return from the string that is * inserted by fgets() */ dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') { data[dataLen-1] = '\0'; } } else { printLine("fgets() failed"); /* Restore NUL terminator if fgets fails */ data[dataLen] = '\0'; } } } } /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }
CWE427_Uncontrolled_Search_Path_Element__wchar_t_environment_83_bad::~CWE427_Uncontrolled_Search_Path_Element__wchar_t_environment_83_bad() { /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */ PUTENV(data); }