diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..ca4db00a8e8de7c0efefadb74a9b1e1414d51cac
Binary files /dev/null and b/.DS_Store differ
diff --git a/bin/.DS_Store b/bin/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..79c8b8eccb15ad6d3e7138ee0873cbee6c381174
Binary files /dev/null and b/bin/.DS_Store differ
diff --git a/bin/original/passbook b/bin/original/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..edad8ae70fde6d1b23af02ca3b35868671f05397
Binary files /dev/null and b/bin/original/passbook differ
diff --git a/bin/original/passbook-cov b/bin/original/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..2915a7d845346da34ed857d2dddf6165e8269fa4
Binary files /dev/null and b/bin/original/passbook-cov differ
diff --git a/bin/original/passbook-cov.dSYM/Contents/Info.plist b/bin/original/passbook-cov.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..b04bfa4ffb70e2d6eb6e6948e8e9448d11ecfa7e
--- /dev/null
+++ b/bin/original/passbook-cov.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-cov</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/original/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov b/bin/original/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov
new file mode 100644
index 0000000000000000000000000000000000000000..261530d2c4cc87bd832c9a874af32c4636ceffba
Binary files /dev/null and b/bin/original/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov differ
diff --git a/bin/original/passbook-fuzz b/bin/original/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..bb9f0f02bf7e7958e0e64a489b77e82f8a93485a
Binary files /dev/null and b/bin/original/passbook-fuzz differ
diff --git a/bin/original/passbook-fuzz.dSYM/Contents/Info.plist b/bin/original/passbook-fuzz.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..970144a7f4e9a460867a3641b3a3c8e2edbd5bfa
--- /dev/null
+++ b/bin/original/passbook-fuzz.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-fuzz</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/original/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz b/bin/original/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz
new file mode 100644
index 0000000000000000000000000000000000000000..24501319a36bb905ab935ea3e89fffe682ed8aee
Binary files /dev/null and b/bin/original/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz differ
diff --git a/bin/original/passbook-san b/bin/original/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..7f78cda394d68b340892ad86fa35c59f8293b2be
Binary files /dev/null and b/bin/original/passbook-san differ
diff --git a/bin/original/passbook-san.dSYM/Contents/Info.plist b/bin/original/passbook-san.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..62126b77b4cf4333c912be9d19f1ff59235f124c
--- /dev/null
+++ b/bin/original/passbook-san.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-san</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/original/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san b/bin/original/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san
new file mode 100644
index 0000000000000000000000000000000000000000..0841be488361122cb0c7c0b089521fd3b8ddfbdd
Binary files /dev/null and b/bin/original/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san differ
diff --git a/bin/original/passbook.dSYM/Contents/Info.plist b/bin/original/passbook.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..f6869a7d122bf36bc97823b6ada648f5bdf47c24
--- /dev/null
+++ b/bin/original/passbook.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/original/passbook.dSYM/Contents/Resources/DWARF/passbook b/bin/original/passbook.dSYM/Contents/Resources/DWARF/passbook
new file mode 100644
index 0000000000000000000000000000000000000000..5d7d9e3d82b81938702b944ef3808273803cd480
Binary files /dev/null and b/bin/original/passbook.dSYM/Contents/Resources/DWARF/passbook differ
diff --git a/bin/original/passwords.txt b/bin/original/passwords.txt
new file mode 100644
index 0000000000000000000000000000000000000000..f8f45c0e3d074e6dccdc599abe69a175e2d498d2
--- /dev/null
+++ b/bin/original/passwords.txt
@@ -0,0 +1,3 @@
+masterpw masterpw
+put https://www.facebook.com zachyho pw1
+put https://www.youtube.com forrestknight170 pw2
diff --git a/bin/vuln-1/passbook b/bin/vuln-1/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..1d170778fff7b09a584afa79b4efa258e0b298d0
Binary files /dev/null and b/bin/vuln-1/passbook differ
diff --git a/bin/vuln-1/passbook-cov b/bin/vuln-1/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..a56098d9e94b4569688cb53b21a35c616c431027
Binary files /dev/null and b/bin/vuln-1/passbook-cov differ
diff --git a/bin/vuln-1/passbook-cov.dSYM/Contents/Info.plist b/bin/vuln-1/passbook-cov.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..b04bfa4ffb70e2d6eb6e6948e8e9448d11ecfa7e
--- /dev/null
+++ b/bin/vuln-1/passbook-cov.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-cov</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-1/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov b/bin/vuln-1/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov
new file mode 100644
index 0000000000000000000000000000000000000000..796f89bbd1145f48205273f7acfdd295daa326ff
Binary files /dev/null and b/bin/vuln-1/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov differ
diff --git a/bin/vuln-1/passbook-fuzz b/bin/vuln-1/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..c2fcd39740296344d4bab97c22c64ed319ef9dd7
Binary files /dev/null and b/bin/vuln-1/passbook-fuzz differ
diff --git a/bin/vuln-1/passbook-fuzz.dSYM/Contents/Info.plist b/bin/vuln-1/passbook-fuzz.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..970144a7f4e9a460867a3641b3a3c8e2edbd5bfa
--- /dev/null
+++ b/bin/vuln-1/passbook-fuzz.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-fuzz</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-1/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz b/bin/vuln-1/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz
new file mode 100644
index 0000000000000000000000000000000000000000..8f78607e74c3f79b9b6afebfae9857d2bed082ea
Binary files /dev/null and b/bin/vuln-1/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz differ
diff --git a/bin/vuln-1/passbook-san b/bin/vuln-1/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..2a5264eaeeff57f3591f9eef94498949fd9720a5
Binary files /dev/null and b/bin/vuln-1/passbook-san differ
diff --git a/bin/vuln-1/passbook-san.dSYM/Contents/Info.plist b/bin/vuln-1/passbook-san.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..62126b77b4cf4333c912be9d19f1ff59235f124c
--- /dev/null
+++ b/bin/vuln-1/passbook-san.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-san</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-1/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san b/bin/vuln-1/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san
new file mode 100644
index 0000000000000000000000000000000000000000..4d8830443d03cd67d46bf9d827326d67394255b2
Binary files /dev/null and b/bin/vuln-1/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san differ
diff --git a/bin/vuln-1/passbook.dSYM/Contents/Info.plist b/bin/vuln-1/passbook.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..f6869a7d122bf36bc97823b6ada648f5bdf47c24
--- /dev/null
+++ b/bin/vuln-1/passbook.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-1/passbook.dSYM/Contents/Resources/DWARF/passbook b/bin/vuln-1/passbook.dSYM/Contents/Resources/DWARF/passbook
new file mode 100644
index 0000000000000000000000000000000000000000..158cd1ef1ac0d38093fb61081a7b4c31bf3e86b7
Binary files /dev/null and b/bin/vuln-1/passbook.dSYM/Contents/Resources/DWARF/passbook differ
diff --git a/bin/vuln-1/passwords.txt b/bin/vuln-1/passwords.txt
new file mode 100644
index 0000000000000000000000000000000000000000..d0711896b8f1a1b39865f281be2a0c64fd4839a8
--- /dev/null
+++ b/bin/vuln-1/passwords.txt
@@ -0,0 +1,2 @@
+masterpw master_pw
+put www.abc.com abc abc1
diff --git a/bin/vuln-2/passbook b/bin/vuln-2/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..707ef222c3616c5f4e4a7d85f1429a61dc113c17
Binary files /dev/null and b/bin/vuln-2/passbook differ
diff --git a/bin/vuln-2/passbook-cov b/bin/vuln-2/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..9677ca6edcd1d88d32b561a2c44e1850040efa22
Binary files /dev/null and b/bin/vuln-2/passbook-cov differ
diff --git a/bin/vuln-2/passbook-cov.dSYM/Contents/Info.plist b/bin/vuln-2/passbook-cov.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..b04bfa4ffb70e2d6eb6e6948e8e9448d11ecfa7e
--- /dev/null
+++ b/bin/vuln-2/passbook-cov.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-cov</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-2/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov b/bin/vuln-2/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov
new file mode 100644
index 0000000000000000000000000000000000000000..5aacee0194efba6c0e0a11edf8b02479b8cd9574
Binary files /dev/null and b/bin/vuln-2/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov differ
diff --git a/bin/vuln-2/passbook-fuzz b/bin/vuln-2/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..5228d9ff9bef3c916315cf41f96fc536e7aaa8f7
Binary files /dev/null and b/bin/vuln-2/passbook-fuzz differ
diff --git a/bin/vuln-2/passbook-fuzz.dSYM/Contents/Info.plist b/bin/vuln-2/passbook-fuzz.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..970144a7f4e9a460867a3641b3a3c8e2edbd5bfa
--- /dev/null
+++ b/bin/vuln-2/passbook-fuzz.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-fuzz</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-2/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz b/bin/vuln-2/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz
new file mode 100644
index 0000000000000000000000000000000000000000..949cf7b463a592d59dc2a0f1d6f32439097f76cd
Binary files /dev/null and b/bin/vuln-2/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz differ
diff --git a/bin/vuln-2/passbook-san b/bin/vuln-2/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..6173aac910eaf830b6cb0b0dcbf1638689983092
Binary files /dev/null and b/bin/vuln-2/passbook-san differ
diff --git a/bin/vuln-2/passbook-san.dSYM/Contents/Info.plist b/bin/vuln-2/passbook-san.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..62126b77b4cf4333c912be9d19f1ff59235f124c
--- /dev/null
+++ b/bin/vuln-2/passbook-san.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-san</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-2/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san b/bin/vuln-2/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san
new file mode 100644
index 0000000000000000000000000000000000000000..396f16b26b7e9106538e95e7c818610d2c8b3d47
Binary files /dev/null and b/bin/vuln-2/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san differ
diff --git a/bin/vuln-2/passbook.dSYM/Contents/Info.plist b/bin/vuln-2/passbook.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..f6869a7d122bf36bc97823b6ada648f5bdf47c24
--- /dev/null
+++ b/bin/vuln-2/passbook.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-2/passbook.dSYM/Contents/Resources/DWARF/passbook b/bin/vuln-2/passbook.dSYM/Contents/Resources/DWARF/passbook
new file mode 100644
index 0000000000000000000000000000000000000000..179b10dd26574443a9d9e61652c92a23f5748b7b
Binary files /dev/null and b/bin/vuln-2/passbook.dSYM/Contents/Resources/DWARF/passbook differ
diff --git a/bin/vuln-3/passbook b/bin/vuln-3/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..c1771367bbe2660d11ae9ed87ee0bc925914b578
Binary files /dev/null and b/bin/vuln-3/passbook differ
diff --git a/bin/vuln-3/passbook-cov b/bin/vuln-3/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..c402ea12818b0bcf04f1fed1a610dcb9fa704d4b
Binary files /dev/null and b/bin/vuln-3/passbook-cov differ
diff --git a/bin/vuln-3/passbook-cov.dSYM/Contents/Info.plist b/bin/vuln-3/passbook-cov.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..b04bfa4ffb70e2d6eb6e6948e8e9448d11ecfa7e
--- /dev/null
+++ b/bin/vuln-3/passbook-cov.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-cov</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-3/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov b/bin/vuln-3/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov
new file mode 100644
index 0000000000000000000000000000000000000000..62443db323d91e4e8e282536b4380cfff1ae764b
Binary files /dev/null and b/bin/vuln-3/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov differ
diff --git a/bin/vuln-3/passbook-fuzz b/bin/vuln-3/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..6f26abd24c7b42d23c1922a795da82f0e5ebec72
Binary files /dev/null and b/bin/vuln-3/passbook-fuzz differ
diff --git a/bin/vuln-3/passbook-fuzz.dSYM/Contents/Info.plist b/bin/vuln-3/passbook-fuzz.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..970144a7f4e9a460867a3641b3a3c8e2edbd5bfa
--- /dev/null
+++ b/bin/vuln-3/passbook-fuzz.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-fuzz</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-3/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz b/bin/vuln-3/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz
new file mode 100644
index 0000000000000000000000000000000000000000..cdd6231bff328b1c06b6be64289429235aef85b6
Binary files /dev/null and b/bin/vuln-3/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz differ
diff --git a/bin/vuln-3/passbook-san b/bin/vuln-3/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..f652ba9de0c5eadbf2e3cc14f17a911ccfbd0e85
Binary files /dev/null and b/bin/vuln-3/passbook-san differ
diff --git a/bin/vuln-3/passbook-san.dSYM/Contents/Info.plist b/bin/vuln-3/passbook-san.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..62126b77b4cf4333c912be9d19f1ff59235f124c
--- /dev/null
+++ b/bin/vuln-3/passbook-san.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-san</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-3/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san b/bin/vuln-3/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san
new file mode 100644
index 0000000000000000000000000000000000000000..68431be2b94a5ea520ec60ec6ed2efade839be19
Binary files /dev/null and b/bin/vuln-3/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san differ
diff --git a/bin/vuln-3/passbook.dSYM/Contents/Info.plist b/bin/vuln-3/passbook.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..f6869a7d122bf36bc97823b6ada648f5bdf47c24
--- /dev/null
+++ b/bin/vuln-3/passbook.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-3/passbook.dSYM/Contents/Resources/DWARF/passbook b/bin/vuln-3/passbook.dSYM/Contents/Resources/DWARF/passbook
new file mode 100644
index 0000000000000000000000000000000000000000..37b1b62834ba717d42053ae96bb697da9abcbe71
Binary files /dev/null and b/bin/vuln-3/passbook.dSYM/Contents/Resources/DWARF/passbook differ
diff --git a/bin/vuln-4/passbook b/bin/vuln-4/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..3def0b83cb498b7b44de72fd5463202f176cef9e
Binary files /dev/null and b/bin/vuln-4/passbook differ
diff --git a/bin/vuln-4/passbook-cov b/bin/vuln-4/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..df4227cf8c2e2c1b05bc1c89c9e55c99e9c5bc52
Binary files /dev/null and b/bin/vuln-4/passbook-cov differ
diff --git a/bin/vuln-4/passbook-cov.dSYM/Contents/Info.plist b/bin/vuln-4/passbook-cov.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..b04bfa4ffb70e2d6eb6e6948e8e9448d11ecfa7e
--- /dev/null
+++ b/bin/vuln-4/passbook-cov.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-cov</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-4/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov b/bin/vuln-4/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov
new file mode 100644
index 0000000000000000000000000000000000000000..262e344972ced173c8b01ab2e20aead77cc4d078
Binary files /dev/null and b/bin/vuln-4/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov differ
diff --git a/bin/vuln-4/passbook-fuzz b/bin/vuln-4/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..f3ee621c2af22b31302e4e187fc31a10a479ce9f
Binary files /dev/null and b/bin/vuln-4/passbook-fuzz differ
diff --git a/bin/vuln-4/passbook-fuzz.dSYM/Contents/Info.plist b/bin/vuln-4/passbook-fuzz.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..970144a7f4e9a460867a3641b3a3c8e2edbd5bfa
--- /dev/null
+++ b/bin/vuln-4/passbook-fuzz.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-fuzz</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-4/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz b/bin/vuln-4/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz
new file mode 100644
index 0000000000000000000000000000000000000000..21c79810931f60af4ffa91af4781e3ee7f291596
Binary files /dev/null and b/bin/vuln-4/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz differ
diff --git a/bin/vuln-4/passbook-san b/bin/vuln-4/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..7abb181a7d9ab15d90d8789c815baebd58ee25cd
Binary files /dev/null and b/bin/vuln-4/passbook-san differ
diff --git a/bin/vuln-4/passbook-san.dSYM/Contents/Info.plist b/bin/vuln-4/passbook-san.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..62126b77b4cf4333c912be9d19f1ff59235f124c
--- /dev/null
+++ b/bin/vuln-4/passbook-san.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-san</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-4/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san b/bin/vuln-4/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san
new file mode 100644
index 0000000000000000000000000000000000000000..bae51aa764343fe5df7a5da8d5571972fc4603bf
Binary files /dev/null and b/bin/vuln-4/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san differ
diff --git a/bin/vuln-4/passbook.dSYM/Contents/Info.plist b/bin/vuln-4/passbook.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..f6869a7d122bf36bc97823b6ada648f5bdf47c24
--- /dev/null
+++ b/bin/vuln-4/passbook.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-4/passbook.dSYM/Contents/Resources/DWARF/passbook b/bin/vuln-4/passbook.dSYM/Contents/Resources/DWARF/passbook
new file mode 100644
index 0000000000000000000000000000000000000000..be9dab9fd6d63559960b2fe18bffb92d9a519972
Binary files /dev/null and b/bin/vuln-4/passbook.dSYM/Contents/Resources/DWARF/passbook differ
diff --git a/bin/vuln-5/passbook b/bin/vuln-5/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..3e66fbfaa8bfd4c69af8380f3ce7525fd032e991
Binary files /dev/null and b/bin/vuln-5/passbook differ
diff --git a/bin/vuln-5/passbook-cov b/bin/vuln-5/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..016b388503957629fd495de46afc6854d6d81372
Binary files /dev/null and b/bin/vuln-5/passbook-cov differ
diff --git a/bin/vuln-5/passbook-cov.dSYM/Contents/Info.plist b/bin/vuln-5/passbook-cov.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..b04bfa4ffb70e2d6eb6e6948e8e9448d11ecfa7e
--- /dev/null
+++ b/bin/vuln-5/passbook-cov.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-cov</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-5/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov b/bin/vuln-5/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov
new file mode 100644
index 0000000000000000000000000000000000000000..3c13002be826c6393c006751c2785be961562cef
Binary files /dev/null and b/bin/vuln-5/passbook-cov.dSYM/Contents/Resources/DWARF/passbook-cov differ
diff --git a/bin/vuln-5/passbook-fuzz b/bin/vuln-5/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..ca72b86f61521a43e2bddc76a3114d7aca7e35af
Binary files /dev/null and b/bin/vuln-5/passbook-fuzz differ
diff --git a/bin/vuln-5/passbook-fuzz.dSYM/Contents/Info.plist b/bin/vuln-5/passbook-fuzz.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..970144a7f4e9a460867a3641b3a3c8e2edbd5bfa
--- /dev/null
+++ b/bin/vuln-5/passbook-fuzz.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-fuzz</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-5/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz b/bin/vuln-5/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz
new file mode 100644
index 0000000000000000000000000000000000000000..ea751e7f30c1d4d3d1b572ea1718a7b3e050cb94
Binary files /dev/null and b/bin/vuln-5/passbook-fuzz.dSYM/Contents/Resources/DWARF/passbook-fuzz differ
diff --git a/bin/vuln-5/passbook-san b/bin/vuln-5/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..577f5be6033bdc6ed62d94c347ee18e806208110
Binary files /dev/null and b/bin/vuln-5/passbook-san differ
diff --git a/bin/vuln-5/passbook-san.dSYM/Contents/Info.plist b/bin/vuln-5/passbook-san.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..62126b77b4cf4333c912be9d19f1ff59235f124c
--- /dev/null
+++ b/bin/vuln-5/passbook-san.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook-san</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-5/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san b/bin/vuln-5/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san
new file mode 100644
index 0000000000000000000000000000000000000000..bd4ca12d5969b68fe1ee99d45f9e4245a03bfcb1
Binary files /dev/null and b/bin/vuln-5/passbook-san.dSYM/Contents/Resources/DWARF/passbook-san differ
diff --git a/bin/vuln-5/passbook.dSYM/Contents/Info.plist b/bin/vuln-5/passbook.dSYM/Contents/Info.plist
new file mode 100644
index 0000000000000000000000000000000000000000..f6869a7d122bf36bc97823b6ada648f5bdf47c24
--- /dev/null
+++ b/bin/vuln-5/passbook.dSYM/Contents/Info.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+ <dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.xcode.dsym.passbook</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundlePackageType</key>
+ <string>dSYM</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>1.0</string>
+ <key>CFBundleVersion</key>
+ <string>1</string>
+ </dict>
+</plist>
diff --git a/bin/vuln-5/passbook.dSYM/Contents/Resources/DWARF/passbook b/bin/vuln-5/passbook.dSYM/Contents/Resources/DWARF/passbook
new file mode 100644
index 0000000000000000000000000000000000000000..5ebb892be18aee774ef8d5a9f3719cb1360570e8
Binary files /dev/null and b/bin/vuln-5/passbook.dSYM/Contents/Resources/DWARF/passbook differ
diff --git a/poc/.DS_Store b/poc/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..a26f5e46039f6bbc0c9bfecd84dfc5c4a3603d5d
Binary files /dev/null and b/poc/.DS_Store differ
diff --git a/poc/vuln-1.poc b/poc/vuln-1.poc
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..7cda81b702578a3c3e62bc43df52c8a135756cc8 100644
--- a/poc/vuln-1.poc
+++ b/poc/vuln-1.poc
@@ -0,0 +1 @@
+put a a a
diff --git a/poc/vuln-2.poc b/poc/vuln-2.poc
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..679ca5bfa62cf03cc06bf6a69d7f8347abaf393f 100644
--- a/poc/vuln-2.poc
+++ b/poc/vuln-2.poc
@@ -0,0 +1,2 @@
+put a a a
+list
\ No newline at end of file
diff --git a/poc/vuln-5.poc b/poc/vuln-5.poc
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..3754c42bbc0599a47a7c437ac258348d9e522fc0 100644
--- a/poc/vuln-5.poc
+++ b/poc/vuln-5.poc
@@ -0,0 +1,2 @@
+put %p.%p.%p. %s%s %s
+list
\ No newline at end of file
diff --git a/src/.DS_Store b/src/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..d4906081a9029342d7e50684f4b150535ae76004
Binary files /dev/null and b/src/.DS_Store differ
diff --git a/src/vuln-1/passbook.c b/src/vuln-1/passbook.c
index 2a2ae56b90e1190bb5c4f554e48fa41c928ab935..8ee140fe01f13cc9cf7be591f54eba99df0bfb35 100644
--- a/src/vuln-1/passbook.c
+++ b/src/vuln-1/passbook.c
@@ -62,7 +62,7 @@ static void node_print(const node_t *p){
/* construct a new node */
static node_t *node_new(const char *url, const cred_t cred){
- node_t *new = malloc(sizeof(node_t));
+ node_t *new = malloc(sizeof(node_t)- sizeof(int));
assert(new != NULL && "new: malloc failed");
new->url = strdup(url);
assert(new->url != NULL && "new: strdup url failed");
diff --git a/src/vuln-2/passbook.c b/src/vuln-2/passbook.c
index 2a2ae56b90e1190bb5c4f554e48fa41c928ab935..b5e59c0d915610a06136b54647ba2bd6c2fb4e65 100644
--- a/src/vuln-2/passbook.c
+++ b/src/vuln-2/passbook.c
@@ -245,7 +245,7 @@ typedef struct nodeptr_list {
/* push an element p onto the front of a nodeptr list lst */
nodeptr_list_t list_push(nodeptr_list_t lst, const node_t *p){
- nodeptr_list_elem_t *n = malloc(sizeof(nodeptr_list_elem_t));
+ nodeptr_list_elem_t *n = malloc(sizeof(nodeptr_list_elem_t)/2);
assert(n != NULL && "push: malloc failed");
n->p = p;
n->next = lst.head;
diff --git a/src/vuln-3/passbook.c b/src/vuln-3/passbook.c
old mode 100644
new mode 100755
index 2a2ae56b90e1190bb5c4f554e48fa41c928ab935..e7e0e1044798036870727af3b2fa2c1b97a7fe07
--- a/src/vuln-3/passbook.c
+++ b/src/vuln-3/passbook.c
@@ -14,7 +14,7 @@ const char LIBFUZZER_INPUT_FILE[] = "libFuzzerInput.tmp";
#define printf(...)
#define fprintf(...)
#endif
-
+// Siyuan Wu
const char INSTRUCTION_PUT[] = "put";
const char INSTRUCTION_REM[] = "rem";
@@ -29,8 +29,8 @@ const char INSTRUCTION_MASTERPW[] = "masterpw";
/* a credential is a username/password pair */
typedef struct {
- char * username;
- char * password;
+ char username[512];
+ char password[512];
} cred_t;
/* we store a mapping from URLs to credentials using a binary tree
@@ -40,7 +40,7 @@ typedef struct node {
cred_t cred;
struct node *left;
struct node *right;
-} node_t;
+} node_t;d
static const node_t * lookup(const node_t *p, const char *url){
while (p != NULL){
@@ -66,9 +66,9 @@ static node_t *node_new(const char *url, const cred_t cred){
assert(new != NULL && "new: malloc failed");
new->url = strdup(url);
assert(new->url != NULL && "new: strdup url failed");
- new->cred.username = strdup(cred.username);
+ sprintf(new->cred.username,cred.username);
assert(new->cred.username != NULL && "new: strdup username failed");
- new->cred.password = strdup(cred.password);
+ sprintf(new->cred.password,cred.password);
assert(new->cred.password != NULL && "new: strdup password failed");
new->left = NULL;
new->right = NULL;
@@ -78,11 +78,10 @@ static node_t *node_new(const char *url, const cred_t cred){
/* updates a node's credential in place:
replaces p's credential with that from q and frees q */
static void node_edit_cred(node_t * p, node_t *q){
- free(p->cred.username);
- free(p->cred.password);
- p->cred.username = q->cred.username;
- p->cred.password = q->cred.password;
+
+ strcpy(p->cred.username,q->cred.username);
+ strcpy(p->cred.password,q->cred.password);
free(q->url);
free(q);
}
@@ -392,6 +391,8 @@ int save_levelorder(const node_t *p, const char *masterpw,
return 0;
}
+char namebuff[100];
+char passbuff[100];
/* returns 0 on successful execution of the instruction in inst */
static int execute(void){
char * toks[4]; /* these are pointers to start of different tokens */
@@ -429,8 +430,10 @@ static int execute(void){
return -1;
}
cred_t cred;
- cred.username = toks[2];
- cred.password = toks[3];
+ sprintf(namebuff, "%.100s", toks[2]);
+ sprintf(passbuff, "%.100s", toks[3]);
+ strcpy(cred.username,namebuff);
+ strcpy(cred.password,passbuff);
map = put(map,toks[1],cred);
} else if (strcmp(toks[0],INSTRUCTION_SAVE) == 0){
diff --git a/src/vuln-4/passbook.c b/src/vuln-4/passbook.c
old mode 100644
new mode 100755
index 2a2ae56b90e1190bb5c4f554e48fa41c928ab935..06b9442b2c0b127c16f058b0d1b200e028017f4e
--- a/src/vuln-4/passbook.c
+++ b/src/vuln-4/passbook.c
@@ -14,7 +14,7 @@ const char LIBFUZZER_INPUT_FILE[] = "libFuzzerInput.tmp";
#define printf(...)
#define fprintf(...)
#endif
-
+//Siyuan Wu
const char INSTRUCTION_PUT[] = "put";
const char INSTRUCTION_REM[] = "rem";
@@ -29,189 +29,200 @@ const char INSTRUCTION_MASTERPW[] = "masterpw";
/* a credential is a username/password pair */
typedef struct {
- char * username;
- char * password;
+ char * username;
+ char * password;
} cred_t;
/* we store a mapping from URLs to credentials using a binary tree
- to try to ensure log lookup performance */
+to try to ensure log lookup performance */
typedef struct node {
- char * url;
- cred_t cred;
- struct node *left;
- struct node *right;
+ char * url;
+ cred_t cred;
+ struct node *left;
+ struct node *right;
} node_t;
static const node_t * lookup(const node_t *p, const char *url){
- while (p != NULL){
- int ret = strcmp(url,p->url);
- if (ret == 0){
- return p;
- }else if (ret < 0){
- p = p->left;
- }else{
- p = p->right;
- }
- }
- return p; // not found
+ while (p != NULL){
+ int ret = strcmp(url, p->url);
+ if (ret == 0){
+ return p;
+ }
+ else if (ret < 0){
+ p = p->left;
+ }
+ else{
+ p = p->right;
+ }
+ }
+ return p; // not found
}
static void node_print(const node_t *p){
- printf("URL: %s, Username: %s, Password: %s\n",p->url,p->cred.username,p->cred.password);
+ printf("URL: %s, Username: %s, Password: %s\n", p->url, p->cred.username, p->cred.password);
}
/* construct a new node */
static node_t *node_new(const char *url, const cred_t cred){
- node_t *new = malloc(sizeof(node_t));
- assert(new != NULL && "new: malloc failed");
- new->url = strdup(url);
- assert(new->url != NULL && "new: strdup url failed");
- new->cred.username = strdup(cred.username);
- assert(new->cred.username != NULL && "new: strdup username failed");
- new->cred.password = strdup(cred.password);
- assert(new->cred.password != NULL && "new: strdup password failed");
- new->left = NULL;
- new->right = NULL;
- return new;
+ node_t *new = malloc(sizeof(node_t));
+ assert(new != NULL && "new: malloc failed");
+ new->url = strdup(url);
+ assert(new->url != NULL && "new: strdup url failed");
+ new->cred.username = strdup(cred.username);
+ assert(new->cred.username != NULL && "new: strdup username failed");
+ new->cred.password = strdup(cred.password);
+ assert(new->cred.password != NULL && "new: strdup password failed");
+ new->left = NULL;
+ new->right = NULL;
+ return new;
}
-/* updates a node's credential in place:
- replaces p's credential with that from q and frees q */
+/* updates a node's credential in place:
+replaces p's credential with that from q and frees q */
static void node_edit_cred(node_t * p, node_t *q){
- free(p->cred.username);
- free(p->cred.password);
+ //free(p->cred.username);
+ //free(p->cred.password);
- p->cred.username = q->cred.username;
- p->cred.password = q->cred.password;
- free(q->url);
- free(q);
+ sprintf(p->cred.username, q->cred.username);
+ sprintf(p->cred.password, q->cred.password);
+ free(q->url);
+ free(q);
}
static void node_free(node_t *p){
- free(p->url);
- free(p->cred.username);
- free(p->cred.password);
- free(p);
+ free(p->url);
+ free(p->cred.username);
+ free(p->cred.password);
+ free(p);
}
/* insert q into p
- we assume that if q has children then it cannot already
- be present in p. Otherwise, if q has no children and we find its url in p,
- then we edit the found entry in place while preserving its children */
+we assume that if q has children then it cannot already
+be present in p. Otherwise, if q has no children and we find its url in p,
+then we edit the found entry in place while preserving its children */
static node_t * node_insert(node_t *p, node_t *q){
- if (p == NULL){
- return q;
- }
- if (q == NULL){
- return p;
- }
- /* we store a pointer to a node pointer that remembers where in the
- tree the new node needs to be added */
- node_t ** new = NULL;
- node_t * const start = p;
- while (new == NULL) {
- int ret = strcmp(q->url,p->url);
- if (ret == 0){
- assert (q->left == NULL && q->right == NULL && "illegal insertion");
- /* edit the node in place */
- node_edit_cred(p,q);
- /* q is now freed so cannot be used anymore */
- return start;
- }else if (ret < 0){
- if (p->left == NULL){
- new = &(p->left);
- }else{
- p = p->left;
- }
- }else{
- if (p->right == NULL){
- new = &(p->right);
- }else{
- p = p->right;
- }
- }
- }
- *new = q;
- return start;
+ if (p == NULL){
+ return q;
+ }
+ if (q == NULL){
+ return p;
+ }
+ /* we store a pointer to a node pointer that remembers where in the
+ tree the new node needs to be added */
+ node_t ** new = NULL;
+ node_t * const start = p;
+ while (new == NULL) {
+ int ret = strcmp(q->url, p->url);
+ if (ret == 0){
+ assert(q->left == NULL && q->right == NULL && "illegal insertion");
+ /* edit the node in place */
+ node_edit_cred(p, q);
+ /* q is now freed so cannot be used anymore */
+ return start;
+ }
+ else if (ret < 0){
+ if (p->left == NULL){
+ new = &(p->left);
+ }
+ else{
+ p = p->left;
+ }
+ }
+ else{
+ if (p->right == NULL){
+ new = &(p->right);
+ }
+ else{
+ p = p->right;
+ }
+ }
+ }
+ *new = q;
+ return start;
}
/* returns a pointer to the tree with the node added or with the existing
- node updated if it was already present */
+node updated if it was already present */
static node_t * put(node_t *p, const char *url, const cred_t cred){
- return node_insert(p,node_new(url,cred));
+ return node_insert(p, node_new(url, cred));
}
/* destroy tree rooted at p */
static void destroy(node_t *p){
- while (p != NULL){
- node_t * left = p->left;
- node_t * const right = p->right;
- left = node_insert(left,right);
- node_free(p);
- p = left;
- }
+ while (p != NULL){
+ node_t * left = p->left;
+ node_t * const right = p->right;
+ left = node_insert(left, right);
+ node_free(p);
+ p = left;
+ }
}
/* returns a pointer to the tree with the node removed (if it was present) */
static node_t * rem(node_t *p, const char *url){
- node_t * const start = p;
- /* remember where the pointer to p was stored */
- node_t ** pptr = NULL;
- while (p != NULL){
- int ret = strcmp(url,p->url);
- if (ret == 0){
- node_t * left = p->left;
- node_t * const right = p->right;
- left = node_insert(left,right);
- node_free(p);
- if (pptr != NULL){
- *pptr = left;
- return start;
- }else{
- /* p was the only node in the tree */
- assert(p == start);
- return left;
- }
- }else if (ret < 0){
- pptr = &(p->left);
- p = p->left;
- }else{
- pptr = &(p->right);
- p = p->right;
- }
- }
- return start; // not found
+ node_t * const start = p;
+ /* remember where the pointer to p was stored */
+ node_t ** pptr = NULL;
+ while (p != NULL){
+ int ret = strcmp(url, p->url);
+ if (ret == 0){
+ node_t * left = p->left;
+ node_t * const right = p->right;
+ left = node_insert(left, right);
+ node_free(p);
+ if (pptr != NULL){
+ *pptr = left;
+ return start;
+ }
+ else{
+ /* p was the only node in the tree */
+ assert(p == start);
+ return left;
+ }
+ }
+ else if (ret < 0){
+ pptr = &(p->left);
+ p = p->left;
+ }
+ else{
+ pptr = &(p->right);
+ p = p->right;
+ }
+ }
+ return start; // not found
}
const char WHITESPACE[] = " \t\r\n";
/* tokenise a string, splitting on characters in WHITESPACE, up to
- * a maxium of toksLen tokens, each of whose start addresses is put into
- * toks and each of which is NUL-terminated in str.
- * returns number of tokens found */
+* a maxium of toksLen tokens, each of whose start addresses is put into
+* toks and each of which is NUL-terminated in str.
+* returns number of tokens found */
unsigned int tokenise(char *str, char * toks[], unsigned int toksLen){
- unsigned numToks = 0;
- while (numToks < toksLen){
- /* strip leading whitespace */
- size_t start = strspn(str,WHITESPACE);
- if (str[start] != '\0'){
- toks[numToks] = &(str[start]);
-
- /* compute the length of the token */
- const size_t tokLen = strcspn(toks[numToks],WHITESPACE);
- if (tokLen > 0){
- toks[numToks][tokLen] = '\0';
- str = &(toks[numToks][tokLen+1]);
- numToks++;
- }else{
- return numToks;
- }
- }else{
- return numToks;
- }
- }
- return numToks;
+ unsigned numToks = 0;
+ while (numToks < toksLen){
+ /* strip leading whitespace */
+ size_t start = strspn(str, WHITESPACE);
+ if (str[start] != '\0'){
+ toks[numToks] = &(str[start]);
+
+ /* compute the length of the token */
+ const size_t tokLen = strcspn(toks[numToks], WHITESPACE);
+ if (tokLen > 0){
+ toks[numToks][tokLen] = '\0';
+ str = &(toks[numToks][tokLen + 1]);
+ numToks++;
+ }
+ else{
+ return numToks;
+ }
+ }
+ else{
+ return numToks;
+ }
+ }
+ return numToks;
}
#define MAX_LINE_LENGTH 1022
@@ -227,364 +238,380 @@ char inst[INSTRUCTION_LENGTH];
node_t * map = NULL;
/* a doubly-linked list of node pointers
- is used to implement stacks/queues of nodes so we can implement various
- tree traversal algorithms without using recursion (to avoid stack overflow
- for very large trees). Stack overflow is a trivial form of memory-safety
- vulnerability. */
+is used to implement stacks/queues of nodes so we can implement various
+tree traversal algorithms without using recursion (to avoid stack overflow
+for very large trees). Stack overflow is a trivial form of memory-safety
+vulnerability. */
typedef struct nodeptr_list_elem {
- const node_t *p;
- struct nodeptr_list_elem *next;
- struct nodeptr_list_elem *prev;
+ const node_t *p;
+ struct nodeptr_list_elem *next;
+ struct nodeptr_list_elem *prev;
} nodeptr_list_elem_t;
typedef struct nodeptr_list {
- nodeptr_list_elem_t *head;
- nodeptr_list_elem_t *last;
+ nodeptr_list_elem_t *head;
+ nodeptr_list_elem_t *last;
} nodeptr_list_t;
/* push an element p onto the front of a nodeptr list lst */
nodeptr_list_t list_push(nodeptr_list_t lst, const node_t *p){
- nodeptr_list_elem_t *n = malloc(sizeof(nodeptr_list_elem_t));
- assert(n != NULL && "push: malloc failed");
- n->p = p;
- n->next = lst.head;
- n->prev = NULL;
- if (lst.head != NULL){
- assert(lst.last != NULL);
- lst.head->prev = n;
- }else{
- assert(lst.last == NULL);
- lst.last = n;
- }
- lst.head = n;
-
- return lst;
+ nodeptr_list_elem_t *n = malloc(sizeof(nodeptr_list_elem_t));
+ assert(n != NULL && "push: malloc failed");
+ n->p = p;
+ n->next = lst.head;
+ n->prev = NULL;
+ if (lst.head != NULL){
+ assert(lst.last != NULL);
+ lst.head->prev = n;
+ }
+ else{
+ assert(lst.last == NULL);
+ lst.last = n;
+ }
+ lst.head = n;
+
+ return lst;
}
/* when out is non-NULL we place a pointer to the first node into it.
- assumption: lst.head and lst.last are non-NULL */
+assumption: lst.head and lst.last are non-NULL */
nodeptr_list_t list_pop(nodeptr_list_t lst, const node_t **out){
- assert(lst.head != NULL && lst.last != NULL);
- if (out != NULL){
- *out = lst.head->p;
- }
- if (lst.last == lst.head){
- free(lst.head);
- lst.head = NULL;
- lst.last = NULL;
- }else{
- nodeptr_list_elem_t *ret = lst.head->next;
- free(lst.head);
- lst.head = ret;
- }
- return lst;
+ assert(lst.head != NULL && lst.last != NULL);
+ if (out != NULL){
+ *out = lst.head->p;
+ }
+ if (lst.last == lst.head){
+ free(lst.head);
+ lst.head = NULL;
+ lst.last = NULL;
+ }
+ else{
+ nodeptr_list_elem_t *ret = lst.head->next;
+ free(lst.head);
+ lst.head = ret;
+ }
+ return lst;
}
/* when out is non-NULL we place a pointer to the last node into it.
- assumption: lst.head and lst.last are non-NULL */
+assumption: lst.head and lst.last are non-NULL */
nodeptr_list_t list_dequeue(nodeptr_list_t lst, const node_t **out){
- assert(lst.head != NULL && lst.last != NULL);
- if (out != NULL){
- *out = lst.last->p;
- }
-
- if (lst.last == lst.head){
- free(lst.head);
- lst.head = NULL;
- lst.last = NULL;
- }else{
- nodeptr_list_elem_t *ret = lst.last->prev;
- free(lst.last);
- lst.last = ret;
- }
- return lst;
+ assert(lst.head != NULL && lst.last != NULL);
+ if (out != NULL){
+ *out = lst.last->p;
+ }
+
+ if (lst.last == lst.head){
+ free(lst.head);
+ lst.head = NULL;
+ lst.last = NULL;
+ }
+ else{
+ nodeptr_list_elem_t *ret = lst.last->prev;
+ free(lst.last);
+ lst.last = ret;
+ }
+ return lst;
}
/* in order traversal to print out nodes in sorted order. Is used to
- implement listing of all entries in the passbook */
+implement listing of all entries in the passbook */
void print_inorder(const node_t *p){
- nodeptr_list_t lst = {.head = NULL, .last = NULL};
- if (p != NULL){
- lst = list_push(lst,p);
-
- while(lst.head != NULL){
- // keep recursing left until we can go no further
- while (p->left != NULL){
- lst = list_push(lst,p->left);
- p = p->left;
- }
-
- // pop from the stack to simulate the return
- const node_t *q;
- lst = list_pop(lst,&q);
-
- // print the node following the return
- node_print(q);
-
- // simulate right recursive call
- if (q->right != NULL){
- lst = list_push(lst,q->right);
- p = q->right;
- }
- }
- }
+ nodeptr_list_t lst = { .head = NULL, .last = NULL };
+ if (p != NULL){
+ lst = list_push(lst, p);
+
+ while (lst.head != NULL){
+ // keep recursing left until we can go no further
+ while (p->left != NULL){
+ lst = list_push(lst, p->left);
+ p = p->left;
+ }
+
+ // pop from the stack to simulate the return
+ const node_t *q;
+ lst = list_pop(lst, &q);
+
+ // print the node following the return
+ node_print(q);
+
+ // simulate right recursive call
+ if (q->right != NULL){
+ lst = list_push(lst, q->right);
+ p = q->right;
+ }
+ }
+ }
}
/* save a node to the given file. We save to the file a "put" instruction
- that will cause the node to be placed back into the passbook when the
- file is read. */
+that will cause the node to be placed back into the passbook when the
+file is read. */
void node_save(const node_t *p, FILE *f){
- fprintf(f,"%s",INSTRUCTION_PUT);
- fprintf(f," ");
- fprintf(f,"%s",p->url);
- fprintf(f," ");
- fprintf(f,"%s",p->cred.username);
- fprintf(f," ");
- fprintf(f,"%s",p->cred.password);
- fprintf(f,"\n");
+ fprintf(f, "%s", INSTRUCTION_PUT);
+ fprintf(f, " ");
+ fprintf(f, "%s", p->url);
+ fprintf(f, " ");
+ fprintf(f, "%s", p->cred.username);
+ fprintf(f, " ");
+ fprintf(f, "%s", p->cred.password);
+ fprintf(f, "\n");
}
-/* save the master password to the given file. We save a "masterpw"
- instruction that will cause the passbook to prompt the user for the
- given master password the next time the file is read */
+/* save the master password to the given file. We save a "masterpw"
+instruction that will cause the passbook to prompt the user for the
+given master password the next time the file is read */
void masterpw_save(const char *pw, FILE *f){
- fprintf(f,"%s",INSTRUCTION_MASTERPW);
- fprintf(f," ");
- fprintf(f,"%s",pw);
- fprintf(f,"\n");
+ fprintf(f, "%s", INSTRUCTION_MASTERPW);
+ fprintf(f, " ");
+ fprintf(f, "%s", pw);
+ fprintf(f, "\n");
}
/* level order (i.e. breadth-first) traversal to print nodes out in the
- order that they need to be put back in to an empty tree to ensure
- that the resulting tree has the same structure as the original one.
- This is how we save the passbook to a file.
- Returns 0 on success; nonzero on failure */
+order that they need to be put back in to an empty tree to ensure
+that the resulting tree has the same structure as the original one.
+This is how we save the passbook to a file.
+Returns 0 on success; nonzero on failure */
int save_levelorder(const node_t *p, const char *masterpw,
- const char * filename){
+ const char * filename){
#ifdef PASSBOOK_FUZZ
- // ignore the file name when fuzzing etc. to avoid DoS on the server
- FILE *f = fopen("/dev/null","w");
+ // ignore the file name when fuzzing etc. to avoid DoS on the server
+ FILE *f = fopen("/dev/null", "w");
#else
- FILE *f = fopen(filename,"w");
+ FILE *f = fopen(filename, "w");
#endif
- if (f == NULL){
- fprintf(stderr,"Couldn't open file %s for writing.\n",filename);
- return -1;
- }
- masterpw_save(masterpw,f);
- nodeptr_list_t lst = {.head = NULL, .last = NULL};
- if (p != NULL){
- lst = list_push(lst,p);
-
- while(lst.last != NULL){
- lst = list_dequeue(lst,&p);
- node_save(p,f);
- if (p->left != NULL){
- lst = list_push(lst,p->left);
- }
- if (p->right != NULL){
- lst = list_push(lst,p->right);
- }
- }
- }
- fclose(f);
- return 0;
+ if (f == NULL){
+ fprintf(stderr, "Couldn't open file %s for writing.\n", filename);
+ return -1;
+ }
+ masterpw_save(masterpw, f);
+ nodeptr_list_t lst = { .head = NULL, .last = NULL };
+ if (p != NULL){
+ lst = list_push(lst, p);
+
+ while (lst.last != NULL){
+ lst = list_dequeue(lst, &p);
+ node_save(p, f);
+ if (p->left != NULL){
+ lst = list_push(lst, p->left);
+ }
+ if (p->right != NULL){
+ lst = list_push(lst, p->right);
+ }
+ }
+ }
+ fclose(f);
+ return 0;
}
/* returns 0 on successful execution of the instruction in inst */
static int execute(void){
- char * toks[4]; /* these are pointers to start of different tokens */
- const unsigned int numToks = tokenise(inst,toks,4);
-
- if (numToks == 0){
- /* blank line */
- return 0;
- }
-
- if (strcmp(toks[0],INSTRUCTION_GET) == 0){
- if (numToks != 2){
- debug_printf("Expected 1 argument to %s instruction but instead found %u\n",INSTRUCTION_GET,numToks-1);
- return -1;
- }
- debug_printf("Looking up: %s\n",toks[1]);
- const node_t *p = lookup(map,toks[1]);
- if (p != NULL){
- node_print(p);
- }else{
- printf("Not found.\n");
- }
-
- } else if (strcmp(toks[0],INSTRUCTION_REM) == 0){
- if (numToks != 2){
- debug_printf("Expected 1 argument to %s instruction but instead found %u\n",INSTRUCTION_REM,numToks-1);
- return -1;
- }
- debug_printf("Removing: %s\n",toks[1]);
- map = rem(map,toks[1]);
-
- } else if (strcmp(toks[0],INSTRUCTION_PUT) == 0){
- if (numToks != 4){
- debug_printf("Expected 3 arguments to %s instruction but instead found %u\n",INSTRUCTION_PUT,numToks-1);
- return -1;
- }
- cred_t cred;
- cred.username = toks[2];
- cred.password = toks[3];
- map = put(map,toks[1],cred);
-
- } else if (strcmp(toks[0],INSTRUCTION_SAVE) == 0){
- if (numToks != 3){
- debug_printf("Expected 2 arguments to %s instruction but instead found %u\n",INSTRUCTION_SAVE,numToks-1);
- return -1;
- }
- debug_printf("Saving under master password %s to file: %s\n",toks[1],toks[2]);
- if (save_levelorder(map,toks[1],toks[2]) != 0){
- debug_printf("Error saving to file %s\n",toks[2]);
- return -1;
- }
-
- } else if (strcmp(toks[0],INSTRUCTION_MASTERPW) == 0){
- if (numToks != 2){
- debug_printf("Expected 1 argument to %s instruction but instead found %u\n",INSTRUCTION_MASTERPW,numToks-1); return -1;
- }
- // when fuzzing (or gathering coverage stats, etc.) don't check master pw
+ char * toks[4]; /* these are pointers to start of different tokens */
+ const unsigned int numToks = tokenise(inst, toks, 4);
+
+ if (numToks == 0){
+ /* blank line */
+ return 0;
+ }
+
+ if (strcmp(toks[0], INSTRUCTION_GET) == 0){
+ if (numToks != 2){
+ debug_printf("Expected 1 argument to %s instruction but instead found %u\n", INSTRUCTION_GET, numToks - 1);
+ return -1;
+ }
+ debug_printf("Looking up: %s\n", toks[1]);
+ const node_t *p = lookup(map, toks[1]);
+ if (p != NULL){
+ node_print(p);
+ }
+ else{
+ printf("Not found.\n");
+ }
+
+ }
+ else if (strcmp(toks[0], INSTRUCTION_REM) == 0){
+ if (numToks != 2){
+ debug_printf("Expected 1 argument to %s instruction but instead found %u\n", INSTRUCTION_REM, numToks - 1);
+ return -1;
+ }
+ debug_printf("Removing: %s\n", toks[1]);
+ map = rem(map, toks[1]);
+
+ }
+ else if (strcmp(toks[0], INSTRUCTION_PUT) == 0){
+ if (numToks != 4){
+ debug_printf("Expected 3 arguments to %s instruction but instead found %u\n", INSTRUCTION_PUT, numToks - 1);
+ return -1;
+ }
+ cred_t cred;
+ cred.username = toks[2];
+ cred.password = toks[3];
+ map = put(map, toks[1], cred);
+
+ }
+ else if (strcmp(toks[0], INSTRUCTION_SAVE) == 0){
+ if (numToks != 3){
+ debug_printf("Expected 2 arguments to %s instruction but instead found %u\n", INSTRUCTION_SAVE, numToks - 1);
+ return -1;
+ }
+ debug_printf("Saving under master password %s to file: %s\n", toks[1], toks[2]);
+ if (save_levelorder(map, toks[1], toks[2]) != 0){
+ debug_printf("Error saving to file %s\n", toks[2]);
+ return -1;
+ }
+
+ }
+ else if (strcmp(toks[0], INSTRUCTION_MASTERPW) == 0){
+ if (numToks != 2){
+ debug_printf("Expected 1 argument to %s instruction but instead found %u\n", INSTRUCTION_MASTERPW, numToks - 1); return -1;
+ }
+ // when fuzzing (or gathering coverage stats, etc.) don't check master pw
#ifndef PASSBOOK_FUZZ
- const char * pass = getpass("Enter master password: ");
- if (pass == NULL || strcmp(pass,toks[1]) != 0){
- fprintf(stderr,"Master password incorrect!\n");
- exit(1); // exit immediately
- }
+ const char * pass = getpass("Enter master password: ");
+ if (pass == NULL || strcmp(pass, toks[1]) != 0){
+ fprintf(stderr, "Master password incorrect!\n");
+ exit(1); // exit immediately
+ }
#else
- return -1;
+ return -1;
#endif
- } else if (strcmp(toks[0],INSTRUCTION_LIST) == 0){
- if (numToks != 1){
- debug_printf("Expected 0 arguments to %s instruction but instead found %u\n",INSTRUCTION_LIST,numToks-1);
- return -1;
- }
- print_inorder(map);
-
- }else{
- debug_printf("Unrecognised instruction %s\n",toks[0]);
- return -1;
- }
-
- return 0;
+ }
+ else if (strcmp(toks[0], INSTRUCTION_LIST) == 0){
+ if (numToks != 1){
+ debug_printf("Expected 0 arguments to %s instruction but instead found %u\n", INSTRUCTION_LIST, numToks - 1);
+ return -1;
+ }
+ print_inorder(map);
+
+ }
+ else{
+ debug_printf("Unrecognised instruction %s\n", toks[0]);
+ return -1;
+ }
+
+ return 0;
}
/* returns >=0 on success, in which case the number of instructions executed
- is returned. Returns < 0 on failure. */
+is returned. Returns < 0 on failure. */
static int run(FILE *f){
- assert(f != NULL);
-
- int instructionCount = 0;
- while (instructionCount < MAX_INSTRUCTIONS){
- memset(inst,0,sizeof(inst));
- char * res = fgets(inst,sizeof(inst),f);
- if (res == NULL){
- if (feof(f)){
- /* end of file */
- return instructionCount;
- }else{
- debug_printf("Error while reading, having read %d lines\n",instructionCount);
- return -1;
- }
- }
- if (inst[MAX_LINE_LENGTH] != '\0'){
- if (!(inst[MAX_LINE_LENGTH] == '\n' && inst[MAX_LINE_LENGTH+1] == '\0')){
- fprintf(stderr,"Line %d exceeds maximum length (%d)\n",instructionCount+1,MAX_LINE_LENGTH);
- debug_printf("(Expected at array index %d to find NUL but found '%c' (%d))\n",MAX_LINE_LENGTH,inst[MAX_LINE_LENGTH],inst[MAX_LINE_LENGTH]);
- return -1;
- }
- }else{
- /* inst[MAX_LINE_LENGTH] == '\0', so
- strlen is guaranteed to be <= MAX_LINE_LENGTH
- Check if it has a newline and add it if it needs it */
- size_t len = strlen(inst);
- if (len > 0){
- if (inst[len-1] != '\n'){
- inst[len] = '\n';
- inst[len+1] = '\0';
- }
- }
- }
- instructionCount++;
- int r = execute();
- if (r != 0){
- return -1;
- }
- }
-
- if (feof(f)){
- /* final line of file didn't have a trailing newline */
- return instructionCount;
- }else{
- /* see if we are at end of file by trying to do one more read.
- this is necessary if the final line of the file ends in a
- newline '\n' character */
- char c;
- int res = fread(&c,1,1,f);
- if (res == 1){
- fprintf(stderr,"Number of instructions (lines) in file exceeds max (%d)\n",MAX_INSTRUCTIONS);
- return -1;
- }else{
- if (feof(f)){
- /* final read found the EOF, so all good */
- return instructionCount;
- }else{
- /* probably won't ever get here */
- debug_printf("Error while trying to test if line %d was empty\n",instructionCount+1);
- return -1;
- }
- }
- }
+ assert(f != NULL);
+
+ int instructionCount = 0;
+ while (instructionCount < MAX_INSTRUCTIONS){
+ memset(inst, 0, sizeof(inst));
+ char * res = fgets(inst, sizeof(inst), f);
+ if (res == NULL){
+ if (feof(f)){
+ /* end of file */
+ return instructionCount;
+ }
+ else{
+ debug_printf("Error while reading, having read %d lines\n", instructionCount);
+ return -1;
+ }
+ }
+ if (inst[MAX_LINE_LENGTH] != '\0'){
+ if (!(inst[MAX_LINE_LENGTH] == '\n' && inst[MAX_LINE_LENGTH + 1] == '\0')){
+ fprintf(stderr, "Line %d exceeds maximum length (%d)\n", instructionCount + 1, MAX_LINE_LENGTH);
+ debug_printf("(Expected at array index %d to find NUL but found '%c' (%d))\n", MAX_LINE_LENGTH, inst[MAX_LINE_LENGTH], inst[MAX_LINE_LENGTH]);
+ return -1;
+ }
+ }
+ else{
+ /* inst[MAX_LINE_LENGTH] == '\0', so
+ strlen is guaranteed to be <= MAX_LINE_LENGTH
+ Check if it has a newline and add it if it needs it */
+ size_t len = strlen(inst);
+ if (len > 0){
+ if (inst[len - 1] != '\n'){
+ inst[len] = '\n';
+ inst[len + 1] = '\0';
+ }
+ }
+ }
+ instructionCount++;
+ int r = execute();
+ if (r != 0){
+ return -1;
+ }
+ }
+
+ if (feof(f)){
+ /* final line of file didn't have a trailing newline */
+ return instructionCount;
+ }
+ else{
+ /* see if we are at end of file by trying to do one more read.
+ this is necessary if the final line of the file ends in a
+ newline '\n' character */
+ char c;
+ int res = fread(&c, 1, 1, f);
+ if (res == 1){
+ fprintf(stderr, "Number of instructions (lines) in file exceeds max (%d)\n", MAX_INSTRUCTIONS);
+ return -1;
+ }
+ else{
+ if (feof(f)){
+ /* final read found the EOF, so all good */
+ return instructionCount;
+ }
+ else{
+ /* probably won't ever get here */
+ debug_printf("Error while trying to test if line %d was empty\n", instructionCount + 1);
+ return -1;
+ }
+ }
+ }
}
#ifdef PASSBOOK_LIBFUZZER
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- FILE *f = fopen(LIBFUZZER_INPUT_FILE,"w");
- fwrite(Data,Size,1,f);
- fclose(f);
- f = fopen(LIBFUZZER_INPUT_FILE,"r");
- run(f);
- fclose(f);
- destroy(map);
- map = NULL;
- return 0; /* libFuzzer wants 0 returned always */
+ FILE *f = fopen(LIBFUZZER_INPUT_FILE, "w");
+ fwrite(Data, Size, 1, f);
+ fclose(f);
+ f = fopen(LIBFUZZER_INPUT_FILE, "r");
+ run(f);
+ fclose(f);
+ destroy(map);
+ map = NULL;
+ return 0; /* libFuzzer wants 0 returned always */
}
#else
int main(const int argc, const char * argv[]){
- if (argc <= 1){
- fprintf(stderr,"Usage: %s file1 file2 ...\n",argv[0]);
- fprintf(stderr," use - to read from standard input\n");
- exit(0);
- }
-
- for (int i = 1; i<argc; i++){
- printf("Running on input file %s\n",argv[i]);
- FILE *f;
- if (strcmp(argv[i],"-") == 0){
- f = stdin;
- }else{
- f = fopen(argv[i],"r");
- if (f == NULL){
- fprintf(stderr,"Error opening %s for reading\n",argv[i]);
- destroy(map);
- exit(1);
- }
- }
- int ans = run(f);
- if (ans < 0){
- fprintf(stderr,"Error\n");
- }
- /* do not close stdin */
- if (f != stdin){
- fclose(f);
- }
- }
- destroy(map);
- return 0;
+ if (argc <= 1){
+ fprintf(stderr, "Usage: %s file1 file2 ...\n", argv[0]);
+ fprintf(stderr, " use - to read from standard input\n");
+ exit(0);
+ }
+
+ for (int i = 1; i<argc; i++){
+ printf("Running on input file %s\n", argv[i]);
+ FILE *f;
+ if (strcmp(argv[i], "-") == 0){
+ f = stdin;
+ }
+ else{
+ f = fopen(argv[i], "r");
+ if (f == NULL){
+ fprintf(stderr, "Error opening %s for reading\n", argv[i]);
+ destroy(map);
+ exit(1);
+ }
+ }
+ int ans = run(f);
+ if (ans < 0){
+ fprintf(stderr, "Error\n");
+ }
+ /* do not close stdin */
+ if (f != stdin){
+ fclose(f);
+ }
+ }
+ destroy(map);
+ return 0;
}
#endif
diff --git a/src/vuln-5/passbook.c b/src/vuln-5/passbook.c
index 2a2ae56b90e1190bb5c4f554e48fa41c928ab935..a87c42595e821e32a5720e347f8d87314befe2e2 100644
--- a/src/vuln-5/passbook.c
+++ b/src/vuln-5/passbook.c
@@ -56,8 +56,18 @@ static const node_t * lookup(const node_t *p, const char *url){
return p; // not found
}
-static void node_print(const node_t *p){
- printf("URL: %s, Username: %s, Password: %s\n",p->url,p->cred.username,p->cred.password);
+static void node_print(const node_t *p)
+{
+
+ // Vuln-1 here!
+ printf("Url: ");
+ printf(p->url);
+ printf(", Username: ");
+ printf(p->cred.username);
+ printf(", Password: ");
+ printf(p->cred.password);
+ printf("\n");
+
}
/* construct a new node */