Buffer problems fault tree

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Buffer problems fault tree

Steve Grubb

I am doing the mappings of several open source tools to CWE. I wanted to check my
understanding of the CWE's around buffer overflows by creating a fault tree. I don't
know if anyone else has created one of these, but I haven't seen one. From what I can
tell, the basic fault tree is something like this:

Does the problem start before the buffer?
        yes, is it a read or write?
                read = 127
                write = 124
        no, 823 is general category is it index or function based?
                indexed, is it a read or write?
                        write,  is it heap or stack based?
                                heap = 122
                                stack = 121
                        read = 787
                function based, did the function take a length param?
                        yes = 805
                        no, did it use the source buffer size rather than destination's?
                                yes = 806
                                no = 120

Any comments would be appreciated.