Closed Bug 173428 Opened 23 years ago Closed 19 years ago

flawfinder warnings in libjar

Categories

(Core :: Networking: JAR, defect)

Product:
Core
Component:
Networking: JAR
Version:
1.0 Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: morse, Assigned: dveditz)

References

Details

I run flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 branch. flawfinder found 6 warnings in libjar code (1105-1110). Go through that list and for each warning: * If it is false positive, comment here why it is not an issue * If it is a real issue, make patch for it here and let's get them checked in In addition to checking the branch, also check the trunk. 1105) modules/libjar/nsJAR.cpp:287 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. 1106) modules/libjar/nsZipArchive.cpp:676 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. 1107) modules/libjar/nsZipArchive.cpp:1779 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. 1108) modules/libjar/nsZipArchive.cpp:1792 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. 1109) modules/libjar/nsZipArchive.cpp:1825 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 1110) modules/libjar/zipstub.h:41 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
Blocks: 148251
One more flawfinder warning -- 3921 3921) modules/libjar/nsZipArchive.cpp:676 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
1107-1109 are safe because the buffer is big enough. 1110 is safe, define strcpy to PL_strcpy and all the usage of that is safe in libjar I have NOT checked 1105-1106, 3921 is a duplicate of 1106.
Product: Browser → Seamonkey
Closing all open flawfinder bugs as WORKSFORME because we now have much better tools that do the same (well, better) kind of analysis (Coverity, Klocwork).
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Component: Installer: XPI Packages → Installer
QA Contact: ktrina → general
Component: Installer → Networking: JAR
Product: SeaMonkey → Core
QA Contact: general → networking.jar
Version: Trunk → 1.0 Branch
You need to log in before you can comment on or make changes to this bug.