diff options
Diffstat (limited to 'slides/2018-software-security/sample')
20 files changed, 227 insertions, 0 deletions
diff --git a/slides/2018-software-security/sample/._bo-stack.c.swp b/slides/2018-software-security/sample/._bo-stack.c.swp Binary files differnew file mode 100644 index 0000000..376288d --- /dev/null +++ b/slides/2018-software-security/sample/._bo-stack.c.swp diff --git a/slides/2018-software-security/sample/_bo-heap.c b/slides/2018-software-security/sample/_bo-heap.c new file mode 100644 index 0000000..a89959c --- /dev/null +++ b/slides/2018-software-security/sample/_bo-heap.c @@ -0,0 +1,19 @@ +void verify_heap() +{ + char *buf = malloc(8*sizeof(char)); + char *verified = malloc(sizeof(int)); + *verified = 0; + gets(buf); + /* <verification goes here> */ + if (*verified) { + printf("accept\n"); + } else { + printf("reject\n"); + } +} + +int main(int argc, char *argv[]) +{ + verify_heap(); + return 0; +} diff --git a/slides/2018-software-security/sample/_bo-stack.c b/slides/2018-software-security/sample/_bo-stack.c new file mode 100644 index 0000000..167496e --- /dev/null +++ b/slides/2018-software-security/sample/_bo-stack.c @@ -0,0 +1,21 @@ +#include <stdio.h> + +void verify_stack() +{ + int verified = 0; + char buf[8] = {4,4,4,4,8,8,8,8}; + gets(buf); + /* <verification goes here> */ + if (verified) { + printf("accept\n"); + } else { + printf("reject\n"); + } +} + +int main(int argc, char *argv[]) +{ + printf("Lucky number: %d\n", 1337); + verify_stack(); + return 0; +} diff --git a/slides/2018-software-security/sample/_stack-frame.c b/slides/2018-software-security/sample/_stack-frame.c new file mode 100644 index 0000000..32f4fe2 --- /dev/null +++ b/slides/2018-software-security/sample/_stack-frame.c @@ -0,0 +1,26 @@ +#include <stdio.h> + +int add(int a, int b) +{ + int result; + result = a+b; + return result; +} + +int sub(int a, int b) +{ + int result; + result = add(a,-b); + return result; +} + +int algorithm() +{ + printf("result: %d\n", sub(2,1)); +} + +int main(int argc, char *argv[]) +{ + algorithm(); + return 0; +} diff --git a/slides/2018-software-security/sample/assignment-buffer-overflow.c b/slides/2018-software-security/sample/assignment-buffer-overflow.c new file mode 100644 index 0000000..2fb0d58 --- /dev/null +++ b/slides/2018-software-security/sample/assignment-buffer-overflow.c @@ -0,0 +1,15 @@ +#include <stdio.h> +#include <limits.h> +#define SECRET UINT_MAX + +void gotcha() { printf("Gotcha!\n"); } + +int main() { + unsigned secret = 0; + char buf[8]; + scanf("%s", buf); + if (secret == SECRET) { + gotcha(); + } + return 0; +} diff --git a/slides/2018-software-security/sample/assignment-integer-overflow.c b/slides/2018-software-security/sample/assignment-integer-overflow.c new file mode 100644 index 0000000..58c59b1 --- /dev/null +++ b/slides/2018-software-security/sample/assignment-integer-overflow.c @@ -0,0 +1,15 @@ +#include <stdio.h> + +int get_int() { + int v; printf("Enter an integer: "); + scanf("%d", &v); + return v; +} + +int main() { + int a=get_int(), b=get_int(), max=10; + if (a+b > max) + printf("%d+%d > %d\n", a, b, max); + else + printf("%d+%d <= %d\n", a, b, max); +} diff --git a/slides/2018-software-security/sample/bad-add.c b/slides/2018-software-security/sample/bad-add.c new file mode 100644 index 0000000..42424de --- /dev/null +++ b/slides/2018-software-security/sample/bad-add.c @@ -0,0 +1,10 @@ +void cat(char *dst, size_t n, + char *src1, size_t n1, + char *src2, size_t n2) +{ + if (n1+n2 <= n) { + strncpy(dst, src1, n); + strncat(dst, src2, n-n1); + } +} +... diff --git a/slides/2018-software-security/sample/bad-call.c b/slides/2018-software-security/sample/bad-call.c new file mode 100644 index 0000000..9d6d57b --- /dev/null +++ b/slides/2018-software-security/sample/bad-call.c @@ -0,0 +1,10 @@ +void init(char v, char *buf, int n) +{ + char *b = buf; + while (b < buf+n) { + *b++ = val; + } +} +... +char *buf = malloc(2); +init('A', buf, sizeof(buf)); diff --git a/slides/2018-software-security/sample/bad-index.c b/slides/2018-software-security/sample/bad-index.c new file mode 100644 index 0000000..37d94b3 --- /dev/null +++ b/slides/2018-software-security/sample/bad-index.c @@ -0,0 +1,4 @@ +char b[4] = "abc"; +b[3] = 'd'; +printf("b: %s\n", b); +... diff --git a/slides/2018-software-security/sample/bad-index2.c b/slides/2018-software-security/sample/bad-index2.c new file mode 100644 index 0000000..b9f5be6 --- /dev/null +++ b/slides/2018-software-security/sample/bad-index2.c @@ -0,0 +1,4 @@ +char b[4] = "abc"; +b[4] = 'd'; +printf("b: %s\n", s); +... diff --git a/slides/2018-software-security/sample/bad-printf.c b/slides/2018-software-security/sample/bad-printf.c new file mode 100644 index 0000000..7026600 --- /dev/null +++ b/slides/2018-software-security/sample/bad-printf.c @@ -0,0 +1,4 @@ +char b[4]; +fgets(b, 4, stdin); +printf(b); +... diff --git a/slides/2018-software-security/sample/bo-heap.c b/slides/2018-software-security/sample/bo-heap.c new file mode 100644 index 0000000..60fd29e --- /dev/null +++ b/slides/2018-software-security/sample/bo-heap.c @@ -0,0 +1,13 @@ +void verify_heap() +{ + char *buf = malloc(8*sizeof(char)); + int *verified = malloc(sizeof(int)); + *verified = 0; + gets(buf); + /* <verification goes here> */ + if (*verified) { + printf("accept\n"); + } else { + printf("reject\n"); + } +} diff --git a/slides/2018-software-security/sample/bo-stack.c b/slides/2018-software-security/sample/bo-stack.c new file mode 100644 index 0000000..f8bcb55 --- /dev/null +++ b/slides/2018-software-security/sample/bo-stack.c @@ -0,0 +1,12 @@ +void verify_stack() +{ + int verified = 0; + char buf[8]; + gets(buf); + /* <verification goes here> */ + if (verified) { + printf("accept\n"); + } else { + printf("reject\n"); + } +} diff --git a/slides/2018-software-security/sample/build b/slides/2018-software-security/sample/build new file mode 100755 index 0000000..123db54 --- /dev/null +++ b/slides/2018-software-security/sample/build @@ -0,0 +1,10 @@ +#!/bin/bash + +echo "[Compile] bo-stack" +gcc -g -O0 -fno-stack-protector -o bo-stack _bo-stack.c &> /dev/null + +echo "[Compile] bo-heap" +gcc -g -O0 -fno-stack-protector -o bo-heap _bo-heap.c &> /dev/null + +echo "[Compile] stack-frame" +gcc -g -O0 -fno-stack-protector -o stack-frame _stack-frame.c diff --git a/slides/2018-software-security/sample/ldd b/slides/2018-software-security/sample/ldd new file mode 100644 index 0000000..dc2cc99 --- /dev/null +++ b/slides/2018-software-security/sample/ldd @@ -0,0 +1,7 @@ +$ cat main.c +int main() { return 0; } +$ gcc main.c +$ ldd ./a.out + linux-vdso.so.1 (0x00007fff3a9e4000) + libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa5bfeda000) + /lib64/ld-linux-x86-64.so.2 (0x00007fa5c04cd000) diff --git a/slides/2018-software-security/sample/ldd2 b/slides/2018-software-security/sample/ldd2 new file mode 100644 index 0000000..ff87494 --- /dev/null +++ b/slides/2018-software-security/sample/ldd2 @@ -0,0 +1,8 @@ +$ ldd ./a.out + linux-vdso.so.1 (0x00007ffdda7ce000) + libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f7f307ba000) + /lib64/ld-linux-x86-64.so.2 (0x00007f7f30dad000) +$ ldd ./a.out + linux-vdso.so.1 (0x00007ffe387d4000) + libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdd793ef000) + /lib64/ld-linux-x86-64.so.2 (0x00007fdd799e2000) diff --git a/slides/2018-software-security/sample/main.c b/slides/2018-software-security/sample/main.c new file mode 100644 index 0000000..f8b643a --- /dev/null +++ b/slides/2018-software-security/sample/main.c @@ -0,0 +1,4 @@ +int main() +{ + return 0; +} diff --git a/slides/2018-software-security/sample/splint b/slides/2018-software-security/sample/splint new file mode 100644 index 0000000..af8501e --- /dev/null +++ b/slides/2018-software-security/sample/splint @@ -0,0 +1,17 @@ +static-analysis.c: (in function main) +static-analysis.c:7:9: Possibly null storage buf passed as non-null param: + fgets (buf, ...) + A possibly null pointer is passed as a parameter corresponding to a formal + parameter with no /*@null@*/ annotation. If NULL may be used for this + parameter, add a /*@null@*/ annotation to the function parameter declaration. + (Use -nullpass to inhibit warning) + static-analysis.c:6:15: Storage buf may become null +static-analysis.c:7:3: Return value (type char *) ignored: fgets(buf, 8, stdin) + Result returned by function call is not used. If this is intended, can cast + result to (void) to eliminate message. (Use -retvalother to inhibit warning) +static-analysis.c:9:12: Fresh storage buf not released before return + A memory leak has been detected. Storage allocated locally is not released + before the last reference to it is lost. (Use -mustfreefresh to inhibit + warning) + static-analysis.c:6:25: Fresh storage buf created + diff --git a/slides/2018-software-security/sample/stack-frame.c b/slides/2018-software-security/sample/stack-frame.c new file mode 100644 index 0000000..b5c962f --- /dev/null +++ b/slides/2018-software-security/sample/stack-frame.c @@ -0,0 +1,18 @@ +int add(int a, int b) +{ + int result; + result = a+b; + return result; +} + +int sub(int a, int b) +{ + int result; + result = add(a,-b); + return result; +} + +int algorithm() +{ + printf("result: %d\n", sub(2,1)); +} diff --git a/slides/2018-software-security/sample/static-analysis.c b/slides/2018-software-security/sample/static-analysis.c new file mode 100644 index 0000000..3d89478 --- /dev/null +++ b/slides/2018-software-security/sample/static-analysis.c @@ -0,0 +1,10 @@ +#include <stdio.h> +#include <stdlib.h> + +int main() +{ + char *buf = malloc(8); + fgets(buf, 8, stdin); + printf("%s\n", buf); + return 0; +} |