flawfinder warnings in uriloader

VERIFIED INVALID

Status

()

Core
Networking
VERIFIED INVALID
15 years ago
15 years ago

People

(Reporter: Stephen P. Morse, Unassigned)

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
flawfinder found 2 warnings in uriloader code (2209-2210). Go through
that list and for each warning:

* If it is false positive, comment here why it is not an issue
* If it is a real issue, make patch for it here and let's get them checked in

In addition to checking the branch, also check the trunk.

2209) uriloader/exthandler/nsExternalHelperAppService.cpp:1053 [3] (random) 
srand: This function is not sufficiently random for security-related functions 
such as key and nonce creation. use a more secure technique for acquiring random 
values.

2210) uriloader/exthandler/mac/nsDecodeAppleFile.h:92 [4] (race) access: this 
usually indicates a security flaw. If an attacker can change anything along the 
path between the call to access() and the file's actual use (e.g., by moving 
files), the attacker can exploit the race condition. Set up the correct 
permissions (e.g., using setuid()) and try to open the file directly.
(Reporter)

Updated

15 years ago
Blocks: 148251
2209) -- this use of srand() is not to generate a key or nonce -- it's just to
generate a filename different from the "default" one using a non-deterministic
algorithm.  The usual srand() issue -- strong correlation between succeeding
values -- is not a problem here since the attacker has no access to _any_ of the
values.

2210) -- this is not a call to access(), this is a variable named access.

What's the correct resolution here?  worksforme?  invalid?
If all of the issues were false positives, we have been using invalid. Marking
as such. Thanks, Boris.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID

Comment 3

15 years ago
Catching up.  Reopen if you disagree.  Marking Verified!
Status: RESOLVED → VERIFIED
QA Contact: benc → jimmylee
You need to log in before you can comment on or make changes to this bug.