The fun thing is that i've found at least three bugs in their example code other than the ones MITRE intended to illustrate. The most glaring of which would prevent the code from even getting compiled.
http://cwe.mitre.org/data/definitions/805.html
void host_lookup(char *user_supplied_addr){
struct hostent *hp;
in_addr_t *addr;
char hostname[64];
in_addr_t inet_addr(const char *cp);
/*routine that ensures user_supplied_addr is in
the right format for conversion */
validate_addr_form(user_supplied_addr);
addr = inet_addr(user_supplied_addr);
hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);
strcpy(&hostname, hp->h_name);
}
The final strcpy will not work, since the first parameter is a pointer-to-pointer-to-char, instead of pointer-to-char.