aboutsummaryrefslogtreecommitdiff
path: root/slides/2018-software-security/sample
diff options
context:
space:
mode:
Diffstat (limited to 'slides/2018-software-security/sample')
-rw-r--r--slides/2018-software-security/sample/._bo-stack.c.swpbin0 -> 12288 bytes
-rw-r--r--slides/2018-software-security/sample/_bo-heap.c19
-rw-r--r--slides/2018-software-security/sample/_bo-stack.c21
-rw-r--r--slides/2018-software-security/sample/_stack-frame.c26
-rw-r--r--slides/2018-software-security/sample/assignment-buffer-overflow.c15
-rw-r--r--slides/2018-software-security/sample/assignment-integer-overflow.c15
-rw-r--r--slides/2018-software-security/sample/bad-add.c10
-rw-r--r--slides/2018-software-security/sample/bad-call.c10
-rw-r--r--slides/2018-software-security/sample/bad-index.c4
-rw-r--r--slides/2018-software-security/sample/bad-index2.c4
-rw-r--r--slides/2018-software-security/sample/bad-printf.c4
-rw-r--r--slides/2018-software-security/sample/bo-heap.c13
-rw-r--r--slides/2018-software-security/sample/bo-stack.c12
-rwxr-xr-xslides/2018-software-security/sample/build10
-rw-r--r--slides/2018-software-security/sample/ldd7
-rw-r--r--slides/2018-software-security/sample/ldd28
-rw-r--r--slides/2018-software-security/sample/main.c4
-rw-r--r--slides/2018-software-security/sample/splint17
-rw-r--r--slides/2018-software-security/sample/stack-frame.c18
-rw-r--r--slides/2018-software-security/sample/static-analysis.c10
20 files changed, 227 insertions, 0 deletions
diff --git a/slides/2018-software-security/sample/._bo-stack.c.swp b/slides/2018-software-security/sample/._bo-stack.c.swp
new file mode 100644
index 0000000..376288d
--- /dev/null
+++ b/slides/2018-software-security/sample/._bo-stack.c.swp
Binary files differ
diff --git a/slides/2018-software-security/sample/_bo-heap.c b/slides/2018-software-security/sample/_bo-heap.c
new file mode 100644
index 0000000..a89959c
--- /dev/null
+++ b/slides/2018-software-security/sample/_bo-heap.c
@@ -0,0 +1,19 @@
+void verify_heap()
+{
+ char *buf = malloc(8*sizeof(char));
+ char *verified = malloc(sizeof(int));
+ *verified = 0;
+ gets(buf);
+ /* <verification goes here> */
+ if (*verified) {
+ printf("accept\n");
+ } else {
+ printf("reject\n");
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ verify_heap();
+ return 0;
+}
diff --git a/slides/2018-software-security/sample/_bo-stack.c b/slides/2018-software-security/sample/_bo-stack.c
new file mode 100644
index 0000000..167496e
--- /dev/null
+++ b/slides/2018-software-security/sample/_bo-stack.c
@@ -0,0 +1,21 @@
+#include <stdio.h>
+
+void verify_stack()
+{
+ int verified = 0;
+ char buf[8] = {4,4,4,4,8,8,8,8};
+ gets(buf);
+ /* <verification goes here> */
+ if (verified) {
+ printf("accept\n");
+ } else {
+ printf("reject\n");
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ printf("Lucky number: %d\n", 1337);
+ verify_stack();
+ return 0;
+}
diff --git a/slides/2018-software-security/sample/_stack-frame.c b/slides/2018-software-security/sample/_stack-frame.c
new file mode 100644
index 0000000..32f4fe2
--- /dev/null
+++ b/slides/2018-software-security/sample/_stack-frame.c
@@ -0,0 +1,26 @@
+#include <stdio.h>
+
+int add(int a, int b)
+{
+ int result;
+ result = a+b;
+ return result;
+}
+
+int sub(int a, int b)
+{
+ int result;
+ result = add(a,-b);
+ return result;
+}
+
+int algorithm()
+{
+ printf("result: %d\n", sub(2,1));
+}
+
+int main(int argc, char *argv[])
+{
+ algorithm();
+ return 0;
+}
diff --git a/slides/2018-software-security/sample/assignment-buffer-overflow.c b/slides/2018-software-security/sample/assignment-buffer-overflow.c
new file mode 100644
index 0000000..2fb0d58
--- /dev/null
+++ b/slides/2018-software-security/sample/assignment-buffer-overflow.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+#define SECRET UINT_MAX
+
+void gotcha() { printf("Gotcha!\n"); }
+
+int main() {
+ unsigned secret = 0;
+ char buf[8];
+ scanf("%s", buf);
+ if (secret == SECRET) {
+ gotcha();
+ }
+ return 0;
+}
diff --git a/slides/2018-software-security/sample/assignment-integer-overflow.c b/slides/2018-software-security/sample/assignment-integer-overflow.c
new file mode 100644
index 0000000..58c59b1
--- /dev/null
+++ b/slides/2018-software-security/sample/assignment-integer-overflow.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+
+int get_int() {
+ int v; printf("Enter an integer: ");
+ scanf("%d", &v);
+ return v;
+}
+
+int main() {
+ int a=get_int(), b=get_int(), max=10;
+ if (a+b > max)
+ printf("%d+%d > %d\n", a, b, max);
+ else
+ printf("%d+%d <= %d\n", a, b, max);
+}
diff --git a/slides/2018-software-security/sample/bad-add.c b/slides/2018-software-security/sample/bad-add.c
new file mode 100644
index 0000000..42424de
--- /dev/null
+++ b/slides/2018-software-security/sample/bad-add.c
@@ -0,0 +1,10 @@
+void cat(char *dst, size_t n,
+ char *src1, size_t n1,
+ char *src2, size_t n2)
+{
+ if (n1+n2 <= n) {
+ strncpy(dst, src1, n);
+ strncat(dst, src2, n-n1);
+ }
+}
+...
diff --git a/slides/2018-software-security/sample/bad-call.c b/slides/2018-software-security/sample/bad-call.c
new file mode 100644
index 0000000..9d6d57b
--- /dev/null
+++ b/slides/2018-software-security/sample/bad-call.c
@@ -0,0 +1,10 @@
+void init(char v, char *buf, int n)
+{
+ char *b = buf;
+ while (b < buf+n) {
+ *b++ = val;
+ }
+}
+...
+char *buf = malloc(2);
+init('A', buf, sizeof(buf));
diff --git a/slides/2018-software-security/sample/bad-index.c b/slides/2018-software-security/sample/bad-index.c
new file mode 100644
index 0000000..37d94b3
--- /dev/null
+++ b/slides/2018-software-security/sample/bad-index.c
@@ -0,0 +1,4 @@
+char b[4] = "abc";
+b[3] = 'd';
+printf("b: %s\n", b);
+...
diff --git a/slides/2018-software-security/sample/bad-index2.c b/slides/2018-software-security/sample/bad-index2.c
new file mode 100644
index 0000000..b9f5be6
--- /dev/null
+++ b/slides/2018-software-security/sample/bad-index2.c
@@ -0,0 +1,4 @@
+char b[4] = "abc";
+b[4] = 'd';
+printf("b: %s\n", s);
+...
diff --git a/slides/2018-software-security/sample/bad-printf.c b/slides/2018-software-security/sample/bad-printf.c
new file mode 100644
index 0000000..7026600
--- /dev/null
+++ b/slides/2018-software-security/sample/bad-printf.c
@@ -0,0 +1,4 @@
+char b[4];
+fgets(b, 4, stdin);
+printf(b);
+...
diff --git a/slides/2018-software-security/sample/bo-heap.c b/slides/2018-software-security/sample/bo-heap.c
new file mode 100644
index 0000000..60fd29e
--- /dev/null
+++ b/slides/2018-software-security/sample/bo-heap.c
@@ -0,0 +1,13 @@
+void verify_heap()
+{
+ char *buf = malloc(8*sizeof(char));
+ int *verified = malloc(sizeof(int));
+ *verified = 0;
+ gets(buf);
+ /* <verification goes here> */
+ if (*verified) {
+ printf("accept\n");
+ } else {
+ printf("reject\n");
+ }
+}
diff --git a/slides/2018-software-security/sample/bo-stack.c b/slides/2018-software-security/sample/bo-stack.c
new file mode 100644
index 0000000..f8bcb55
--- /dev/null
+++ b/slides/2018-software-security/sample/bo-stack.c
@@ -0,0 +1,12 @@
+void verify_stack()
+{
+ int verified = 0;
+ char buf[8];
+ gets(buf);
+ /* <verification goes here> */
+ if (verified) {
+ printf("accept\n");
+ } else {
+ printf("reject\n");
+ }
+}
diff --git a/slides/2018-software-security/sample/build b/slides/2018-software-security/sample/build
new file mode 100755
index 0000000..123db54
--- /dev/null
+++ b/slides/2018-software-security/sample/build
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+echo "[Compile] bo-stack"
+gcc -g -O0 -fno-stack-protector -o bo-stack _bo-stack.c &> /dev/null
+
+echo "[Compile] bo-heap"
+gcc -g -O0 -fno-stack-protector -o bo-heap _bo-heap.c &> /dev/null
+
+echo "[Compile] stack-frame"
+gcc -g -O0 -fno-stack-protector -o stack-frame _stack-frame.c
diff --git a/slides/2018-software-security/sample/ldd b/slides/2018-software-security/sample/ldd
new file mode 100644
index 0000000..dc2cc99
--- /dev/null
+++ b/slides/2018-software-security/sample/ldd
@@ -0,0 +1,7 @@
+$ cat main.c
+int main() { return 0; }
+$ gcc main.c
+$ ldd ./a.out
+ linux-vdso.so.1 (0x00007fff3a9e4000)
+ libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa5bfeda000)
+ /lib64/ld-linux-x86-64.so.2 (0x00007fa5c04cd000)
diff --git a/slides/2018-software-security/sample/ldd2 b/slides/2018-software-security/sample/ldd2
new file mode 100644
index 0000000..ff87494
--- /dev/null
+++ b/slides/2018-software-security/sample/ldd2
@@ -0,0 +1,8 @@
+$ ldd ./a.out
+ linux-vdso.so.1 (0x00007ffdda7ce000)
+ libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f7f307ba000)
+ /lib64/ld-linux-x86-64.so.2 (0x00007f7f30dad000)
+$ ldd ./a.out
+ linux-vdso.so.1 (0x00007ffe387d4000)
+ libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdd793ef000)
+ /lib64/ld-linux-x86-64.so.2 (0x00007fdd799e2000)
diff --git a/slides/2018-software-security/sample/main.c b/slides/2018-software-security/sample/main.c
new file mode 100644
index 0000000..f8b643a
--- /dev/null
+++ b/slides/2018-software-security/sample/main.c
@@ -0,0 +1,4 @@
+int main()
+{
+ return 0;
+}
diff --git a/slides/2018-software-security/sample/splint b/slides/2018-software-security/sample/splint
new file mode 100644
index 0000000..af8501e
--- /dev/null
+++ b/slides/2018-software-security/sample/splint
@@ -0,0 +1,17 @@
+static-analysis.c: (in function main)
+static-analysis.c:7:9: Possibly null storage buf passed as non-null param:
+ fgets (buf, ...)
+ A possibly null pointer is passed as a parameter corresponding to a formal
+ parameter with no /*@null@*/ annotation. If NULL may be used for this
+ parameter, add a /*@null@*/ annotation to the function parameter declaration.
+ (Use -nullpass to inhibit warning)
+ static-analysis.c:6:15: Storage buf may become null
+static-analysis.c:7:3: Return value (type char *) ignored: fgets(buf, 8, stdin)
+ Result returned by function call is not used. If this is intended, can cast
+ result to (void) to eliminate message. (Use -retvalother to inhibit warning)
+static-analysis.c:9:12: Fresh storage buf not released before return
+ A memory leak has been detected. Storage allocated locally is not released
+ before the last reference to it is lost. (Use -mustfreefresh to inhibit
+ warning)
+ static-analysis.c:6:25: Fresh storage buf created
+
diff --git a/slides/2018-software-security/sample/stack-frame.c b/slides/2018-software-security/sample/stack-frame.c
new file mode 100644
index 0000000..b5c962f
--- /dev/null
+++ b/slides/2018-software-security/sample/stack-frame.c
@@ -0,0 +1,18 @@
+int add(int a, int b)
+{
+ int result;
+ result = a+b;
+ return result;
+}
+
+int sub(int a, int b)
+{
+ int result;
+ result = add(a,-b);
+ return result;
+}
+
+int algorithm()
+{
+ printf("result: %d\n", sub(2,1));
+}
diff --git a/slides/2018-software-security/sample/static-analysis.c b/slides/2018-software-security/sample/static-analysis.c
new file mode 100644
index 0000000..3d89478
--- /dev/null
+++ b/slides/2018-software-security/sample/static-analysis.c
@@ -0,0 +1,10 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+int main()
+{
+ char *buf = malloc(8);
+ fgets(buf, 8, stdin);
+ printf("%s\n", buf);
+ return 0;
+}