自学教程：C++ EXECL函数代码示例

/* goodG2B uses the GoodSource with the BadSink */void CWE78_OS_Command_Injection__char_file_execl_63b_goodG2BSink(char * * dataPtr){    char * data = *dataPtr;    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__char_console_execl_01_bad(){    char * data;    char dataBuffer[100] = "";    data = dataBuffer;    {        /* Read input from the console */        size_t dataLen = strlen(data);        /* if there is room in data, read into it from the console */        if (100-dataLen > 1)        {            /* POTENTIAL FLAW: Read data from the console */            if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL)            {                /* The next few lines remove the carriage return from the string that is                 * inserted by fgets() */                dataLen = strlen(data);                if (dataLen > 0 && data[dataLen-1] == '/n')                {                    data[dataLen-1] = '/0';                }            }            else            {                printLine("fgets() failed");                /* Restore NUL terminator if fgets fails */                data[dataLen] = '/0';            }        }    }    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B uses the GoodSource with the BadSink */void goodG2BSink(list<char *> dataList){    char * data = dataList.back();    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B uses the GoodSource with the BadSink */void goodG2BSink(vector<wchar_t *> dataVector){    wchar_t * data = dataVector[2];    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B uses the GoodSource with the BadSink */void CWE78_OS_Command_Injection__wchar_t_console_execl_66b_goodG2BSink(wchar_t * dataArray[]){    wchar_t * data = dataArray[2];    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__wchar_t_file_execl_05_bad(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    if(staticTrue)    {        {            /* Read input from a file */            size_t dataLen = wcslen(data);            FILE * pFile;            /* if there is room in data, attempt to read the input from a file */            if (100-dataLen > 1)            {                pFile = fopen(FILENAME, "r");                if (pFile != NULL)                {                    /* POTENTIAL FLAW: Read data from a file */                    if (fgetws(data+dataLen, (int)(100-dataLen), pFile) == NULL)                    {                        printLine("fgetws() failed");                        /* Restore NUL terminator if fgetws fails */                        data[dataLen] = L'/0';                    }                    fclose(pFile);                }            }        }    }    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

static void badSink(){    char * data = CWE78_OS_Command_Injection__char_console_execl_45_badData;    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B uses the GoodSource with the BadSink */void CWE78_OS_Command_Injection__wchar_t_listen_socket_execl_68b_goodG2BSink(){    wchar_t * data = CWE78_OS_Command_Injection__wchar_t_listen_socket_execl_68_goodG2BData;    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__wchar_t_environment_execl_32_bad(){    wchar_t * data;    wchar_t * *dataPtr1 = &data;    wchar_t * *dataPtr2 = &data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    {        wchar_t * data = *dataPtr1;        {            /* Append input from an environment variable to data */            size_t dataLen = wcslen(data);            wchar_t * environment = GETENV(ENV_VARIABLE);            /* If there is data in the environment variable */            if (environment != NULL)            {                /* POTENTIAL FLAW: Read data from an environment variable */                wcsncat(data+dataLen, environment, 100-dataLen-1);            }        }        *dataPtr1 = data;    }    {        wchar_t * data = *dataPtr2;        /* wexecl - specify the path where the command is located */        /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */        EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);    }}

void CWE78_OS_Command_Injection__wchar_t_connect_socket_execl_63b_badSink(wchar_t * * dataPtr){    wchar_t * data = *dataPtr;    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__wchar_t_listen_socket_execl_67b_badSink(CWE78_OS_Command_Injection__wchar_t_listen_socket_execl_67_structType myStruct){    wchar_t * data = myStruct.structFirst;    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

int create_server(void){	int		child_pid, done_pid, status = 0;#	ifdef _BSD	union	wait	chld_status;#	define CSTAT	chld_status#	else#	define CSTAT	status#	endif	int		save_errno;	FORK(child_pid);	if (0 == child_pid)	{		process_id = getpid();		/* Do exec using gtmsecshr_path, which was initialize in file check code - send_mesg2gtmsecshr */		if (WBTEST_ENABLED(WBTEST_BADEXEC_SECSHR_PROCESS))			STRCPY(gtmsecshr_path, "");		status = EXECL(gtmsecshr_path, gtmsecshr_path, 0);		if (-1 == status)		{			send_msg_csa(CSA_ARG(NULL) VARLSTCNT(9) ERR_GTMSECSHRSTART, 3, RTS_ERROR_TEXT("Client"), process_id,				ERR_TEXT, 2, RTS_ERROR_STRING(secshrstart_error_code[UNABLETOEXECGTMSECSHR]));			UNDERSCORE_EXIT(UNABLETOEXECGTMSECSHR);		}        } else	{		if (-1 == child_pid)		{			status = GNDCHLDFORKFLD;			gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(10) ERR_GTMSECSHRSTART, 3, RTS_ERROR_TEXT("Client"), process_id,				   ERR_TEXT,  2, RTS_ERROR_TEXT("Failed to fork off gtmsecshr"), errno);			/* Sleep for a while and hope a subsequent fork will succeed */			hiber_start(1000);		}		for (; !status ;)		{			/* To prevent a warning message that the compiler issues */			done_pid = wait(&CSTAT);			if (done_pid == child_pid)			{				status = WEXITSTATUS(CSTAT);				break;			} else if (-1 == done_pid)			{				if (ECHILD == errno) /* Assume normal exit status */					break;				else if (EINTR != errno)				{					status = GNDCHLDFORKFLD;					gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(10) ERR_GTMSECSHRSTART, 3,							RTS_ERROR_TEXT("Client"), process_id,							ERR_TEXT, 2, RTS_ERROR_TEXT("Error spawning gtmsecshr"), errno);				}			}		}	}	return status;}

void CWE78_OS_Command_Injection__char_environment_execl_66b_badSink(char * dataArray[]){    /* copy data out of dataArray */    char * data = dataArray[2];    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B uses the GoodSource with the BadSink */void CWE78_OS_Command_Injection__char_console_execl_64b_goodG2BSink(void * dataVoidPtr){    /* cast void pointer to a pointer of the appropriate type */    char * * dataPtr = (char * *)dataVoidPtr;    /* dereference dataPtr into data */    char * data = (*dataPtr);    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

static void goodG2B(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    data = CWE78_OS_Command_Injection__wchar_t_console_execl_61b_goodG2BSource(data);    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B uses the GoodSource with the BadSink */static void goodG2B(){    char * data;    char dataBuffer[100] = "";    data = dataBuffer;    data = goodG2BSource(data);    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__char_environment_execl_42_bad(){    char * data;    char dataBuffer[100] = "";    data = dataBuffer;    data = badSource(data);    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__wchar_t_file_execl_22_bad(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    CWE78_OS_Command_Injection__wchar_t_file_execl_22_badGlobal = 1; /* true */    data = CWE78_OS_Command_Injection__wchar_t_file_execl_22_badSource(data);    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

static void goodG2B2(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    goodG2B2Static = 1; /* true */    data = goodG2B2Source(data);    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B uses the GoodSource with the BadSink */static void goodG2B(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    /* FIX: Append a fixed string to data (not user / external input) */    wcscat(data, L"*.*");    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B2() - use goodsource and badsink by reversing the blocks in the if statement */static void goodG2B2(){    char * data;    char dataBuffer[100] = "";    data = dataBuffer;    if(5==5)    {        /* FIX: Append a fixed string to data (not user / external input) */        strcat(data, "*.*");    }    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B1() - use goodsource and badsink by changing the staticReturnsTrue() to staticReturnsFalse() */static void goodG2B1(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    if(staticReturnsFalse())    {        /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */        printLine("Benign, fixed string");    }    else    {        /* FIX: Append a fixed string to data (not user / external input) */        wcscat(data, L"*.*");    }    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__wchar_t_console_execl_12_bad(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    if(globalReturnsTrueOrFalse())    {        {            /* Read input from the console */            size_t dataLen = wcslen(data);            /* if there is room in data, read into it from the console */            if (100-dataLen > 1)            {                /* POTENTIAL FLAW: Read data from the console */                if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)                {                    /* The next few lines remove the carriage return from the string that is                     * inserted by fgetws() */                    dataLen = wcslen(data);                    if (dataLen > 0 && data[dataLen-1] == L'/n')                    {                        data[dataLen-1] = L'/0';                    }                }                else                {                    printLine("fgetws() failed");                    /* Restore NUL terminator if fgetws fails */                    data[dataLen] = L'/0';                }            }        }    }    else    {        /* FIX: Append a fixed string to data (not user / external input) */        wcscat(data, L"*.*");    }    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

/* goodG2B1() - use goodsource and badsink by changing the switch to switch(5) */static void goodG2B1(){    char * data;    char dataBuffer[100] = "";    data = dataBuffer;    switch(5)    {    case 6:        /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */        printLine("Benign, fixed string");        break;    default:        /* FIX: Append a fixed string to data (not user / external input) */        strcat(data, "*.*");        break;    }    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__char_file_execl_12_bad(){    char * data;    char dataBuffer[100] = "";    data = dataBuffer;    if(globalReturnsTrueOrFalse())    {        {            /* Read input from a file */            size_t dataLen = strlen(data);            FILE * pFile;            /* if there is room in data, attempt to read the input from a file */            if (100-dataLen > 1)            {                pFile = fopen(FILENAME, "r");                if (pFile != NULL)                {                    /* POTENTIAL FLAW: Read data from a file */                    if (fgets(data+dataLen, (int)(100-dataLen), pFile) == NULL)                    {                        printLine("fgets() failed");                        /* Restore NUL terminator if fgets fails */                        data[dataLen] = '/0';                    }                    fclose(pFile);                }            }        }    }    else    {        /* FIX: Append a fixed string to data (not user / external input) */        strcat(data, "*.*");    }    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__char_environment_execl_08_bad(){    char * data;    char dataBuffer[100] = "";    data = dataBuffer;    if(staticReturnsTrue())    {        {            /* Append input from an environment variable to data */            size_t dataLen = strlen(data);            char * environment = GETENV(ENV_VARIABLE);            /* If there is data in the environment variable */            if (environment != NULL)            {                /* POTENTIAL FLAW: Read data from an environment variable */                strncat(data+dataLen, environment, 100-dataLen-1);            }        }    }    /* execl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__wchar_t_file_execl_82_bad::action(wchar_t * data){    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

void CWE78_OS_Command_Injection__wchar_t_connect_socket_execl_07_bad(){    wchar_t * data;    wchar_t dataBuffer[100] = L"";    data = dataBuffer;    if(staticFive==5)    {        {#ifdef _WIN32            WSADATA wsaData;            int wsaDataInit = 0;#endif            int recvResult;            struct sockaddr_in service;            wchar_t *replace;            SOCKET connectSocket = INVALID_SOCKET;            size_t dataLen = wcslen(data);            do            {#ifdef _WIN32                if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)                {                    break;                }                wsaDataInit = 1;#endif                /* POTENTIAL FLAW: Read data using a connect socket */                connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);                if (connectSocket == INVALID_SOCKET)                {                    break;                }                memset(&service, 0, sizeof(service));                service.sin_family = AF_INET;                service.sin_addr.s_addr = inet_addr(IP_ADDRESS);                service.sin_port = htons(TCP_PORT);                if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)                {                    break;                }                /* Abort on error or the connection was closed, make sure to recv one                 * less char than is in the recv_buf in order to append a terminator */                /* Abort on error or the connection was closed */                recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(wchar_t) * (100 - dataLen - 1), 0);                if (recvResult == SOCKET_ERROR || recvResult == 0)                {                    break;                }                /* Append null terminator */                data[dataLen + recvResult / sizeof(wchar_t)] = L'/0';                /* Eliminate CRLF */                replace = wcschr(data, L'/r');                if (replace)                {                    *replace = L'/0';                }                replace = wcschr(data, L'/n');                if (replace)                {                    *replace = L'/0';                }            }            while (0);            if (connectSocket != INVALID_SOCKET)            {                CLOSE_SOCKET(connectSocket);            }#ifdef _WIN32            if (wsaDataInit)            {                WSACleanup();            }#endif        }    }    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

static void badSink(wchar_t * data){    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}

CWE78_OS_Command_Injection__wchar_t_connect_socket_execl_83_goodG2B::~CWE78_OS_Command_Injection__wchar_t_connect_socket_execl_83_goodG2B(){    /* wexecl - specify the path where the command is located */    /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */    EXECL(COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);}