taint2.c-explain.html from CQual at Krugle
Show taint2.c-explain.html syntax highlighted
<html>
<body bgcolor="white">
<h2>Tainting: Function Calls</h2>
<p>
The lower left pane contains the original program, and the lower right
pane contains the program with qualifier annotations.
<p>
In this example, the call to <tt>getenv</tt> returns the value of
environment variable <tt>LD_LIBRARY_PATH</tt>, which may be controlled
by a malicious adversary. The result of <tt>getenv</tt> is stored in
<tt>unclean</tt>, which is passed to <tt>f1</tt>. The function
<tt>f1</tt> returns exactly what it is passed by calling <tt>f2</tt>
which in turn calls <tt>f3</tt>. Thus the result of the call to
<tt>getenv</tt> is ultimately stored in <tt>s</tt>, which is passed to
<tt>printf</tt>. Thus this program has a potential format-string
vulnerability.
</body>
</html>
See more files for this project here