Closed
Bug 174008
Opened 22 years ago
Closed 22 years ago
flawfinder warnings in mailnews/movemail [CODE NOT YET USED]
Categories
(MailNews Core :: Movemail, defect)
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: morse, Assigned: adam)
References
Details
Heikki ran flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1
branch.
flawfinder found 20 warnings in movemail code (3883-3902). Go through
that list and for each warning:
* If it is false positive, comment here why it is not an issue
* If it is a real issue, make patch for it here and let's get them checked in
In addition to checking the branch, also check the trunk.
3883) mailnews/movemail/src/movemail.c:104 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3884) mailnews/movemail/src/movemail.c:117 [1] (port) snprintf: On some very old
systems, snprintf is incorrectly implemented and permits buffer overflows; there
are also incompatible standard definitions of it. Check it during installation,
or use something else.
3885) mailnews/movemail/src/movemail.c:148 [4] (buffer) strcpy: does not check
for buffer overflows. Consider using strncpy or strlcpy.
3886) mailnews/movemail/src/movemail.c:158 [4] (race) access: this usually
indicates a security flaw. If an attacker can change anything along the path
between the call to access() and the file's actual use (e.g., by moving files),
the attacker can exploit the race condition. Set up the correct permissions
(e.g., using setuid()) and try to open the file directly.
3887) mailnews/movemail/src/movemail.c:160 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3888) mailnews/movemail/src/movemail.c:179 [1] (port) snprintf: On some very old
systems, snprintf is incorrectly implemented and permits buffer overflows; there
are also incompatible standard definitions of it. Check it during installation,
or use something else.
3889) mailnews/movemail/src/movemail.c:181 [4] (race) access: this usually
indicates a security flaw. If an attacker can change anything along the path
between the call to access() and the file's actual use (e.g., by moving files),
the attacker can exploit the race condition. Set up the correct permissions
(e.g., using setuid()) and try to open the file directly.
3890) mailnews/movemail/src/movemail.c:185 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3891) mailnews/movemail/src/movemail.c:193 [1] (port) snprintf: On some very old
systems, snprintf is incorrectly implemented and permits buffer overflows; there
are also incompatible standard definitions of it. Check it during installation,
or use something else.
3892) mailnews/movemail/src/movemail.c:203 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3893) mailnews/movemail/src/movemail.c:224 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3894) mailnews/movemail/src/movemail.c:264 [4] (race) access: this usually
indicates a security flaw. If an attacker can change anything along the path
between the call to access() and the file's actual use (e.g., by moving files),
the attacker can exploit the race condition. Set up the correct permissions
(e.g., using setuid()) and try to open the file directly.
3895) mailnews/movemail/src/movemail.c:266 [4] (race) access: this usually
indicates a security flaw. If an attacker can change anything along the path
between the call to access() and the file's actual use (e.g., by moving files),
the attacker can exploit the race condition. Set up the correct permissions
(e.g., using setuid()) and try to open the file directly.
3896) mailnews/movemail/src/movemail.c:270 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3897) mailnews/movemail/src/movemail.c:279 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3898) mailnews/movemail/src/movemail.c:295 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3899) mailnews/movemail/src/movemail.c:312 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3900) mailnews/movemail/src/movemail.c:327 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3901) mailnews/movemail/src/movemail.c:339 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
3902) mailnews/movemail/src/movemail.c:360 [4] (format) snprintf: if format
strings can be influenced by an attacker, they can be exploited. Use a constant
for the format specification.
QA Contact: gayatri → stephend
Stuff under mozilla/mailnews/movemail is unused at the moment. It is perhaps
intended as a starting point for new functionality. If anyone intends to base
their work on this existing code would probably be wiser to rewrite it from
scratch anyway...
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Could we cvs remove mailnews/movemail/ dir and files in it? As far as I know,
this code is not built/used, and the movemail support is implemented in:
mailnews/base/src/nsMessengerMigrator.cpp
Comment 3•22 years ago
|
||
> Could we cvs remove mailnews/movemail/ dir and files in it?
just to silence flawfinder?
> As far as I know, this code is not built/used
correct, I believe movemail.c is an external movemail application.
note, mozilla currently only does internal movemail (and that might have
bit-rotted.)
> and the movemail support is implemented in:
> mailnews/base/src/nsMessengerMigrator.cpp
that's just the migration code. (if you used movemail in 4.x, the code in that
file would set up mozilla for it, too.)
the internal movemail code is here:
/mailnews/local/public/nsIMovemailIncomingServer.idl
/mailnews/local/public/nsIMovemailService.idl
/mailnews/local/src/nsMovemailService.cpp
/mailnews/local/src/nsMovemailIncomingServer.cpp
/mailnews/local/src/nsMovemailIncomingServer.h
/mailnews/local/src/nsMovemailService.h
if someone was going to add external movemail support to mozilla (people talk
about it, but no one has done it) they could start with movemail.c
if you want to assign this flawfinder bug to me, feel free.
I'll add this info to http://www.mozilla.org/mailnews/movemail/
No, it can remain in the tree. I'll leave this bug closed for now, though, since
the code is not built/used. But please mention this in the movemail TODO document.
Summary: flawfinder warnings in mailnews/movemail → flawfinder warnings in mailnews/movemail [CODE NOT YET USED]
Comment 5•22 years ago
|
||
I've updated http://www.mozilla.org/mailnews/movemail/index.html
give it a few hours to update.
[minor point:] I just raised bug#185191 about a broken link to flawfinder at
http://www.mozilla.org/mailnews/movemail/index.html
verified. http://www.mozilla.org/mailnews/movemail/index.html has been updated
with the relevant info.
Status: RESOLVED → VERIFIED
Updated•20 years ago
|
Product: MailNews → Core
Updated•17 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•