Closed
Bug 173551
Opened 22 years ago
Closed 22 years ago
flawfinder warnings in zlib
Categories
(SeaMonkey :: General, defect, P4)
Tracking
(Not tracked)
VERIFIED
INVALID
Future
People
(Reporter: morse, Assigned: netscape)
References
Details
I run flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 branch. flawfinder found 25 warnings in zlib code (1462-1486). Go through that list and for each warning: * If it is false positive, comment here why it is not an issue * If it is a real issue, make patch for it here and let's get them checked in In addition to checking the branch, also check the trunk. 1462) modules/zlib/src/example.c:71 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1463) modules/zlib/src/example.c:119 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1464) modules/zlib/src/example.c:209 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1465) modules/zlib/src/example.c:305 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1466) modules/zlib/src/example.c:384 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1467) modules/zlib/src/example.c:465 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1468) modules/zlib/src/gzio.c:108 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1469) modules/zlib/src/gzio.c:201 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. 1470) modules/zlib/src/gzio.c:533 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. 1471) modules/zlib/src/gzio.c:535 [4] (format) vsprintf: Potential format string problem. Make format string constant. 1472) modules/zlib/src/gzio.c:556 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. 1473) modules/zlib/src/gzio.c:559 [4] (format) sprintf: Potential format string problem. Make format string constant. 1474) modules/zlib/src/gzio.c:871 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1475) modules/zlib/src/gzio.c:872 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string. 1476) modules/zlib/src/gzio.c:873 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. 1477) modules/zlib/src/minigzip.c:203 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1478) modules/zlib/src/minigzip.c:204 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. 1479) modules/zlib/src/minigzip.c:234 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1480) modules/zlib/src/minigzip.c:243 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. 1481) modules/zlib/src/minigzip.c:278 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1482) modules/zlib/src/zutil.h:197 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. 1483) modules/zlib/src/zutil.h:198 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. 1484) modules/zlib/src/zutil.h:199 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. 1485) modules/zlib/src/zutil.h:200 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. 1486) modules/zlib/src/zutil.h:201 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
Comment 1•22 years ago
|
||
the only thing the build team can do is install a new version of zlib if one is available. If you want someone to go in a fix these warnings, you'll need to assign this to a developer.
Component: Build Config → Browser-General
I emailed the authors of zlib to have a look at these warnings.
Assignee | ||
Updated•22 years ago
|
Priority: -- → P4
Target Milestone: --- → Future
1462-1467 are in sample code, not used 1468 safe, enough space allocated dynamically 1469 is safe, enough static buffer to write an int and fixed string 1470-1473 can't really help that format string, looks like it has to be like that. Also there is use of fixed sized buffer that might be a problem in some cases, although I did not check that well. There does not appear to be any callers of this function in our code so we are safe. 1474-1476 safe, dynamically allocated anough space 1477-1481 minizgip application, we don't use. However, this application is vulnerable to buffer overflows because it has a static buffer size of 1024 for file name/path, and it takes that argument from command line and uses strcpy and strcat to write the user supplied name that can be of any length to this fixed static buffer. If you know of anyone using this application you should let them know about it so they can make sure their usage of it is safe. 1482-1486 are debug-only code Since none of this affects Mozilla, marking INVALID.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•