Closed Bug 174007 Opened 22 years ago Closed 18 years ago

flawfinder warnings in mailnews/mime

Categories

(MailNews Core :: MIME, defect)

x86
Windows NT
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: morse, Assigned: bugzilla)

References

Details

Heikki ran flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 
branch.

flawfinder found 29 warnings in mailnews/mime code (3754-3882). Go through
that list and for each warning:

* If it is false positive, comment here why it is not an issue
* If it is a real issue, make patch for it here and let's get them checked in

In addition to checking the branch, also check the trunk.

3854) mailnews/mime/cthandlers/vcard/nsVCard.cpp:1290 [3] (buffer) getenv: 
Environment variables are untrustable input if they can be set by an attacker. 
They can have any content and length, and the same variable can be set more than 
once.. Check environment variables carefully before using them.

3855) mailnews/mime/cthandlers/vcard/nsVCard.cpp:1292 [3] (buffer) getenv: 
Environment variables are untrustable input if they can be set by an attacker. 
They can have any content and length, and the same variable can be set more than 
once.. Check environment variables carefully before using them.

3856) mailnews/mime/cthandlers/vcard/nsVCardObj.cpp:1298 [2] (buffer) sprintf: 
does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low 
because the source has a constant maximum length.

3857) mailnews/mime/cthandlers/vcard/nsVCardObj.cpp:1304 [2] (buffer) sprintf: 
does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low 
because the source has a constant maximum length.

3858) mailnews/mime/emitters/src/nsMimeXmlEmitter.cpp:74 [2] (buffer) sprintf: 
does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low 
because the source has a constant maximum length.

3859) mailnews/mime/emitters/src/nsMimeXmlEmitter.cpp:195 [2] (buffer) sprintf: 
does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low 
because the source has a constant maximum length.

3860) mailnews/mime/src/comi18n.cpp:310 [4] (buffer) strcpy: does not check for 
buffer overflows. Consider using strncpy or strlcpy.

3861) mailnews/mime/src/comi18n.cpp:408 [4] (buffer) strcpy: does not check for 
buffer overflows. Consider using strncpy or strlcpy.

3862) mailnews/mime/src/comi18n.cpp:417 [2] (buffer) strcpy: does not check for 
buffer overflows. Consider using strncpy or strlcpy. Risk is low because the 
source is a constant string.

3863) mailnews/mime/src/comi18n.cpp:428 [4] (buffer) strcpy: does not check for 
buffer overflows. Consider using strncpy or strlcpy.

3864) mailnews/mime/src/comi18n.cpp:477 [4] (buffer) strcpy: does not check for 
buffer overflows. Consider using strncpy or strlcpy.

3865) mailnews/mime/src/comi18n.cpp:489 [2] (buffer) strcpy: does not check for 
buffer overflows. Consider using strncpy or strlcpy. Risk is low because the 
source is a constant string.

3866) mailnews/mime/src/comi18n.cpp:494 [2] (buffer) strcpy: does not check for 
buffer overflows. Consider using strncpy or strlcpy. Risk is low because the 
source is a constant string.

3867) mailnews/mime/src/mimefilt.cpp:173 [4] (format) fprintf: if format strings 
can be influenced by an attacker, they can be exploited. Use a constant for the 
format specification.

3868) mailnews/mime/src/mimefilt.cpp:343 [4] (buffer) sprintf: does not check 
for buffer overflows. Use snprintf or vsnprintf.

3869) mailnews/mime/src/mimefilt.cpp:343 [3] (buffer) getenv: Environment 
variables are untrustable input if they can be set by an attacker. They can have 
any content and length, and the same variable can be set more than once.. Check 
environment variables carefully before using them.

3870) mailnews/mime/src/mimefilt.cpp:345 [4] (buffer) sprintf: does not check 
for buffer overflows. Use snprintf or vsnprintf.

3871) mailnews/mime/src/mimefilt.cpp:345 [3] (buffer) getenv: Environment 
variables are untrustable input if they can be set by an attacker. They can have 
any content and length, and the same variable can be set more than once.. Check 
environment variables carefully before using them.

3872) mailnews/mime/src/mimefilt.cpp:354 [4] (buffer) sprintf: does not check 
for buffer overflows. Use snprintf or vsnprintf.

3873) mailnews/mime/src/mimefilt.cpp:354 [3] (buffer) getenv: Environment 
variables are untrustable input if they can be set by an attacker. They can have 
any content and length, and the same variable can be set more than once.. Check 
environment variables carefully before using them.

3874) mailnews/mime/src/mimefilt.cpp:356 [4] (buffer) sprintf: does not check 
for buffer overflows. Use snprintf or vsnprintf.

3875) mailnews/mime/src/mimefilt.cpp:356 [3] (buffer) getenv: Environment 
variables are untrustable input if they can be set by an attacker. They can have 
any content and length, and the same variable can be set more than once.. Check 
environment variables carefully before using them.

3876) mailnews/mime/src/mimefilt.cpp:391 [4] (buffer) sprintf: does not check 
for buffer overflows. Use snprintf or vsnprintf.

3877) mailnews/mime/src/mimefilt.cpp:391 [3] (buffer) getenv: Environment 
variables are untrustable input if they can be set by an attacker. They can have 
any content and length, and the same variable can be set more than once.. Check 
environment variables carefully before using them.

3878) mailnews/mime/src/mimemoz2.cpp:1107 [4] (race) access: this usually 
indicates a security flaw. If an attacker can change anything along the path 
between the call to access() and the file's actual use (e.g., by moving files), 
the attacker can exploit the race condition. Set up the correct permissions 
(e.g., using setuid()) and try to open the file directly.

3879) mailnews/mime/src/mimemoz2.cpp:1110 [4] (race) access: this usually 
indicates a security flaw. If an attacker can change anything along the path 
between the call to access() and the file's actual use (e.g., by moving files), 
the attacker can exploit the race condition. Set up the correct permissions 
(e.g., using setuid()) and try to open the file directly.

3880) mailnews/mime/src/mimemoz2.cpp:1112 [4] (race) access: this usually 
indicates a security flaw. If an attacker can change anything along the path 
between the call to access() and the file's actual use (e.g., by moving files), 
the attacker can exploit the race condition. Set up the correct permissions 
(e.g., using setuid()) and try to open the file directly.

3881) mailnews/mime/src/mimemoz2.cpp:1115 [4] (race) access: this usually 
indicates a security flaw. If an attacker can change anything along the path 
between the call to access() and the file's actual use (e.g., by moving files), 
the attacker can exploit the race condition. Set up the correct permissions 
(e.g., using setuid()) and try to open the file directly.

3882) mailnews/mime/src/mimemoz2.cpp:1115 [4] (race) access: this usually 
indicates a security flaw. If an attacker can change anything along the path 
between the call to access() and the file's actual use (e.g., by moving files), 
the attacker can exploit the race condition. Set up the correct permissions 
(e.g., using setuid()) and try to open the file directly.
Blocks: 148251
QA Contact: gayatri → stephend
Product: MailNews → Core
Closing all open flawfinder bugs as WORKSFORME because we now have much better tools that do the same (well, better) kind of analysis (Coverity, Klocwork).
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.