自学教程：C++ wcsncat函数代码示例

void bad(){    wchar_t * data;    /* define a function pointer */    void (*funcPtr) (wchar_t *) = badSink;    wchar_t dataBuffer[FILENAME_MAX] = BASEPATH;    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, FILENAME_MAX-dataLen-1);        }    }    /* use the function pointer */    funcPtr(data);}

void CWE134_Uncontrolled_Format_String__wchar_t_environment_snprintf_66_bad(){    wchar_t * data;    wchar_t * dataArray[5];    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    /* put data in array */    dataArray[2] = data;    CWE134_Uncontrolled_Format_String__wchar_t_environment_snprintf_66b_badSink(dataArray);}

void CWE78_OS_Command_Injection__wchar_t_environment_execlp_66_bad(){    wchar_t * data;    wchar_t * dataArray[5];    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    /* put data in array */    dataArray[2] = data;    CWE78_OS_Command_Injection__wchar_t_environment_execlp_66b_badSink(dataArray);}

void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_03_bad(){    wchar_t * data;    wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t));    wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t));    if(5==5)    {        /* FLAW: Set a pointer to a "small" buffer. This buffer will be used in the sinks as a destination         * buffer in various memory copying functions using a "large" source buffer. */        data = dataBadBuffer;        data[0] = L'/0'; /* null terminate */    }    {        wchar_t source[100];        wmemset(source, L'C', 100-1); /* fill with L'C's */        source[100-1] = L'/0'; /* null terminate */        /* POTENTIAL FLAW: Possible buffer overflow if the sizeof(data)-strlen(data) is less than the length of source */        wcsncat(data, source, 100);        printWLine(data);    }}

/* goodG2B() uses the GoodSource with the BadSink */static void goodG2B(){    wchar_t * data;    data = NULL;    /* FIX: Allocate using new[] and point data to a large buffer that is at least as large as the large buffer used in the sink */    data = new wchar_t[100];    data[0] = L'/0'; /* null terminate */    {        wchar_t * dataCopy = data;        wchar_t * data = dataCopy;        {            wchar_t source[100];            wmemset(source, L'C', 100-1); /* fill with L'C's */            source[100-1] = L'/0'; /* null terminate */            /* POTENTIAL FLAW: Possible buffer overflow if source is larger than sizeof(data)-strlen(data) */            wcsncat(data, source, 100);            printWLine(data);            delete [] data;        }    }}

void CWE134_Uncontrolled_Format_String__wchar_t_environment_printf_65_bad(){    wchar_t * data;    /* define a function pointer */    void (*funcPtr) (wchar_t *) = CWE134_Uncontrolled_Format_String__wchar_t_environment_printf_65b_badSink;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    /* use the function pointer */    funcPtr(data);}

int main(int argc, char *argv[]){	const char *usage =	    "usage: git credential-wincred <get|store|erase>/n";	if (!argv[1])		die(usage);	/* git use binary pipes to avoid CRLF-issues */	_setmode(_fileno(stdin), _O_BINARY);	_setmode(_fileno(stdout), _O_BINARY);	read_credential();	load_cred_funcs();	if (!protocol || !(host || path))		return 0;	/* prepare 'target', the unique key for the credential */	wcscpy(target, L"git:");	wcsncat(target, protocol, ARRAY_SIZE(target));	wcsncat(target, L"://", ARRAY_SIZE(target));	if (wusername) {		wcsncat(target, wusername, ARRAY_SIZE(target));		wcsncat(target, L"@", ARRAY_SIZE(target));	}	if (host)		wcsncat(target, host, ARRAY_SIZE(target));	if (path) {		wcsncat(target, L"/", ARRAY_SIZE(target));		wcsncat(target, path, ARRAY_SIZE(target));	}	if (!strcmp(argv[1], "get"))		get_credential();	else if (!strcmp(argv[1], "store"))		store_credential();	else if (!strcmp(argv[1], "erase"))		erase_credential();	/* otherwise, ignore unknown action */	return 0;}

void CWE78_OS_Command_Injection__wchar_t_environment_popen_65_bad(){    wchar_t * data;    /* define a function pointer */    void (*funcPtr) (wchar_t *) = CWE78_OS_Command_Injection__wchar_t_environment_popen_65b_badSink;    wchar_t data_buf[100] = FULL_COMMAND;    data = data_buf;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    /* use the function pointer */    funcPtr(data);}

void bad(){    wchar_t * data;    wchar_t dataBuffer[FILENAME_MAX] = BASEPATH;    data = dataBuffer;    if(globalReturnsTrueOrFalse())    {        {            /* Append input from an environment variable to data */            size_t dataLen = wcslen(data);            wchar_t * environment = GETENV(ENV_VARIABLE);            /* If there is data in the environment variable */            if (environment != NULL)            {                /* POTENTIAL FLAW: Read data from an environment variable */                wcsncat(data+dataLen, environment, FILENAME_MAX-dataLen-1);            }        }    }    else    {        /* FIX: Use a fixed file name */        wcscat(data, L"file.txt");    }    {        HANDLE hFile;        /* POTENTIAL FLAW: Possibly creating and opening a file without validating the file name or path */        hFile = CreateFileW(data,                            (GENERIC_WRITE|GENERIC_READ),                            0,                            NULL,                            OPEN_ALWAYS,                            FILE_ATTRIBUTE_NORMAL,                            NULL);        if (hFile != INVALID_HANDLE_VALUE)        {            CloseHandle(hFile);        }    }}

/* goodB2G2() - use badsource and goodsink by reversing the blocks in the second if */static void goodB2G2(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    if(staticReturnsTrue())    {        {            /* Append input from an environment variable to data */            size_t dataLen = wcslen(data);            wchar_t * environment = GETENV(ENV_VARIABLE);            /* If there is data in the environment variable */            if (environment != NULL)            {                /* POTENTIAL FLAW: Read data from an environment variable */                wcsncat(data+dataLen, environment, 100-dataLen-1);            }        }    }    if(staticReturnsTrue())    {        {            int i, n, intVariable;            if (swscanf(data, L"%d", &n) == 1)            {                /* FIX: limit loop iteration counts */                if (n < MAX_LOOP)                {                    intVariable = 0;                    for (i = 0; i < n; i++)                    {                        /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */                        intVariable++; /* avoid a dead/empty code block issue */                    }                    printIntLine(intVariable);                }            }        }    }}

void bad(){    wchar_t * data;    wchar_t * &dataRef = data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    {        wchar_t * data = dataRef;        badVaSink(data, data);    }}

void bad(){    wchar_t * data;    wchar_t * &dataRef = data;    wchar_t dataBuffer[100];    data = dataBuffer;    /* FLAW: Do not initialize data */    ; /* empty statement needed for some flow variants */    {        wchar_t * data = dataRef;        {            size_t sourceLen;            wchar_t source[100];            wmemset(source, L'C', 100-1); /* fill with L'C's */            source[100-1] = L'/0'; /* null terminate */            sourceLen = wcslen(source);            /* POTENTIAL FLAW: If data is not initialized properly, wcsncat() may not function correctly */            wcsncat(data, source, sourceLen);            printWLine(data);        }    }}

static void goodB2G(){    wchar_t * data;    vector<wchar_t *> dataVector;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    dataVector.insert(dataVector.end(), 1, data);    dataVector.insert(dataVector.end(), 1, data);    dataVector.insert(dataVector.end(), 1, data);    goodB2GSink(dataVector);}

BOOL PrintfDosPath(__in LPCTSTR lpwzNtFullPath,__out LPCTSTR lpwzDosFullPath){	char cDrive = 'A';	for (int i=0;i<26;i++)  	{		memset((WCHAR *)lpwzDosFullPath,0,sizeof(lpwzDosFullPath));		swprintf(			(WCHAR *)lpwzDosFullPath,			L"%c:%s",			cDrive+i,			lpwzNtFullPath			);		if (GetFileAttributesW((WCHAR *)lpwzDosFullPath) != INVALID_FILE_ATTRIBUTES)		{			return TRUE;		}	}	memset((WCHAR *)lpwzDosFullPath,0,sizeof(lpwzDosFullPath));	wcsncat((WCHAR *)lpwzDosFullPath,lpwzNtFullPath,wcslen(lpwzNtFullPath));	return FALSE;}

/* goodG2B() uses the GoodSource with the BadSink */static void goodG2B(){    wchar_t * data;    CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34_unionType myUnion;    data = NULL;    /* FIX: Allocate and point data to a large buffer that is at least as large as the large buffer used in the sink */    data = (wchar_t *)malloc(100*sizeof(wchar_t));    data[0] = L'/0'; /* null terminate */    myUnion.unionFirst = data;    {        wchar_t * data = myUnion.unionSecond;        {            wchar_t source[100];            wmemset(source, L'C', 100-1); /* fill with L'C's */            source[100-1] = L'/0'; /* null terminate */            /* POTENTIAL FLAW: Possible buffer overflow if source is larger than sizeof(data)-strlen(data) */            wcsncat(data, source, 100);            printWLine(data);            free(data);        }    }}

/* goodG2B() uses the GoodSource with the BadSink */static void goodG2B(){    wchar_t * data;    wchar_t * &dataRef = data;    wchar_t dataBuffer[100];    data = dataBuffer;    /* FIX: Properly initialize data */    data[0] = L'/0'; /* null terminate */    {        wchar_t * data = dataRef;        {            size_t sourceLen;            wchar_t source[100];            wmemset(source, L'C', 100-1); /* fill with L'C's */            source[100-1] = L'/0'; /* null terminate */            sourceLen = wcslen(source);            /* POTENTIAL FLAW: If data is not initialized properly, wcsncat() may not function correctly */            wcsncat(data, source, sourceLen);            printWLine(data);        }    }}

static void goodB2G(){    wchar_t * data;    map<int, wchar_t *> dataMap;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    dataMap[0] = data;    dataMap[1] = data;    dataMap[2] = data;    goodB2GSink(dataMap);}

/* goodB2G1() - use badsource and goodsink by changing globalTrue to globalFalse */static void goodB2G1(){    wchar_t * data;    data = (wchar_t *)malloc(100*sizeof(wchar_t));    data[0] = L'/0';    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    if(globalFalse)    {        /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */        printLine("Benign, fixed string");    }    else    {        {            size_t i;            /* FIX: Use a loop variable to traverse through the string pointed to by data */            for (i=0; i < wcslen(data); i++)            {                if (data[i] == SEARCH_CHAR)                {                    printLine("We have a match!");                    break;                }            }            free(data);        }    }}

void bad(){    wchar_t * data;    vector<wchar_t *> dataVector;    wchar_t dataBuffer[FILENAME_MAX] = BASEPATH;    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, FILENAME_MAX-dataLen-1);        }    }    /* Put data in a vector */    dataVector.insert(dataVector.end(), 1, data);    dataVector.insert(dataVector.end(), 1, data);    dataVector.insert(dataVector.end(), 1, data);    badSink(dataVector);}

void bad(){    wchar_t * data;    map<int, wchar_t *> dataMap;    wchar_t dataBuffer[FILENAME_MAX] = BASEPATH;    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, FILENAME_MAX-dataLen-1);        }    }    /* Put data in a map */    dataMap[0] = data;    dataMap[1] = data;    dataMap[2] = data;    badSink(dataMap);}

void CWE78_OS_Command_Injection__wchar_t_environment_w32_spawnlp_18_bad(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    goto source;source:    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    /* wspawnlp - searches for the location of the command among     * the directories specified by the PATH environment variable */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    _wspawnlp(_P_WAIT, COMMAND_INT, COMMAND_INT, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE134_Uncontrolled_Format_String__wchar_t_environment_printf_18_bad(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    goto source;source:    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    goto sink;sink:    /* POTENTIAL FLAW: Do not specify the format allowing a possible format string vulnerability */    wprintf(data);}

void bad(){    wchar_t * data;    list<wchar_t *> dataList;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    /* Put data in a list */    dataList.push_back(data);    dataList.push_back(data);    dataList.push_back(data);    badSink(dataList);}

void CWE78_OS_Command_Injection__wchar_t_environment_execl_08_bad(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    if(staticReturnsTrue())    {        {            /* Append input from an environment variable to data */            size_t dataLen = wcslen(data);            wchar_t * environment = GETENV(ENV_VARIABLE);            /* If there is data in the environment variable */            if (environment != NULL)            {                /* POTENTIAL FLAW: Read data from an environment variable */                wcsncat(data+dataLen, environment, 100-dataLen-1);            }        }    }    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodB2G() - use badsource and goodsink by reversing the blocks on the second goto statement */static void goodB2G(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    goto source;source:    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, 100-dataLen-1);        }    }    goto sink;sink:    /* FIX: Specify the format disallowing a format string vulnerability */    wprintf(L"%s/n", data);}

void CWE427_Uncontrolled_Search_Path_Element__wchar_t_environment_17_bad(){    int i;    wchar_t * data;    wchar_t dataBuffer[250] = L"PATH=";    data = dataBuffer;    for(i = 0; i < 1; i++)    {        {            /* Append input from an environment variable to data */            size_t dataLen = wcslen(data);            wchar_t * environment = GETENV(ENV_VARIABLE);            /* If there is data in the environment variable */            if (environment != NULL)            {                /* POTENTIAL FLAW: Read data from an environment variable */                wcsncat(data+dataLen, environment, 250-dataLen-1);            }        }    }    /* POTENTIAL FLAW: Set a new environment variable with a path that is possibly insecure */    PUTENV(data);}

void bad(){    wchar_t * data;    unionType myUnion;    wchar_t dataBuffer[FILENAME_MAX] = BASEPATH;    data = dataBuffer;    {        /* Append input from an environment variable to data */        size_t dataLen = wcslen(data);        wchar_t * environment = GETENV(ENV_VARIABLE);        /* If there is data in the environment variable */        if (environment != NULL)        {            /* POTENTIAL FLAW: Read data from an environment variable */            wcsncat(data+dataLen, environment, FILENAME_MAX-dataLen-1);        }    }    myUnion.unionFirst = data;    {        wchar_t * data = myUnion.unionSecond;        {            HANDLE hFile;            /* POTENTIAL FLAW: Possibly creating and opening a file without validating the file name or path */            hFile = CreateFileW(data,                                (GENERIC_WRITE|GENERIC_READ),                                0,                                NULL,                                OPEN_ALWAYS,                                FILE_ATTRIBUTE_NORMAL,                                NULL);            if (hFile != INVALID_HANDLE_VALUE)            {                CloseHandle(hFile);            }        }    }}

void CWE606_Unchecked_Loop_Condition__wchar_t_environment_08_bad(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    if(staticReturnsTrue())    {        {            /* Append input from an environment variable to data */            size_t dataLen = wcslen(data);            wchar_t * environment = GETENV(ENV_VARIABLE);            /* If there is data in the environment variable */            if (environment != NULL)            {                /* POTENTIAL FLAW: Read data from an environment variable */                wcsncat(data+dataLen, environment, 100-dataLen-1);            }        }    }    if(staticReturnsTrue())    {        {            int i, n, intVariable;            if (swscanf(data, L"%d", &n) == 1)            {                /* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */                intVariable = 0;                for (i = 0; i < n; i++)                {                    /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */                    intVariable++; /* avoid a dead/empty code block issue */                }                printIntLine(intVariable);            }        }    }}

/* goodG2B1() - use goodsource and badsink by changing the staticReturnsTrue() to staticReturnsFalse() */static void goodG2B1(){    wchar_t * data;    wchar_t dataBuffer[100];    data = dataBuffer;    if(staticReturnsFalse())    {        /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */        printLine("Benign, fixed string");    }    else    {        /* FIX: Initialize data as a small buffer that as small or smaller than the small buffer used in the sink */        wmemset(data, L'A', 50-1); /* fill with L'A's */        data[50-1] = L'/0'; /* null terminate */    }    {        wchar_t dest[50] = L"";        /* POTENTIAL FLAW: Possible buffer overflow if data is larger than sizeof(dest)-wcslen(dest)*/        wcsncat(dest, data, wcslen(data));        dest[50-1] = L'/0'; /* Ensure the destination buffer is null terminated */        printWLine(data);    }}

void CWE78_OS_Command_Injection__wchar_t_environment_w32spawnl_17_bad(){    int i;    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    for(i = 0; i < 1; i++)    {        {            /* Append input from an environment variable to data */            size_t dataLen = wcslen(data);            wchar_t * environment = GETENV(ENV_VARIABLE);            /* If there is data in the environment variable */            if (environment != NULL)            {                /* POTENTIAL FLAW: Read data from an environment variable */                wcsncat(data+dataLen, environment, 100-dataLen-1);            }        }    }    /* wspawnl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    _wspawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}