The following issues were found
builtin/commit.c
8 issues
Line: 391
Column: 35
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
old_repo_index_file = the_repository->index_file;
the_repository->index_file =
(char *)get_lock_file_path(&index_lock);
old_index_env = xstrdup_or_null(getenv(INDEX_ENVIRONMENT));
setenv(INDEX_ENVIRONMENT, the_repository->index_file, 1);
if (interactive_add(argv, prefix, patch_interactive) != 0)
die(_("interactive add failed"));
Reported by FlawFinder.
Line: 607
Column: 25
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
char *name, *email, *date;
struct ident_split author;
name = xstrdup_or_null(getenv("GIT_AUTHOR_NAME"));
email = xstrdup_or_null(getenv("GIT_AUTHOR_EMAIL"));
date = xstrdup_or_null(getenv("GIT_AUTHOR_DATE"));
if (author_message) {
struct ident_split ident;
Reported by FlawFinder.
Line: 608
Column: 26
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
struct ident_split author;
name = xstrdup_or_null(getenv("GIT_AUTHOR_NAME"));
email = xstrdup_or_null(getenv("GIT_AUTHOR_EMAIL"));
date = xstrdup_or_null(getenv("GIT_AUTHOR_DATE"));
if (author_message) {
struct ident_split ident;
size_t len;
Reported by FlawFinder.
Line: 609
Column: 25
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
name = xstrdup_or_null(getenv("GIT_AUTHOR_NAME"));
email = xstrdup_or_null(getenv("GIT_AUTHOR_EMAIL"));
date = xstrdup_or_null(getenv("GIT_AUTHOR_DATE"));
if (author_message) {
struct ident_split ident;
size_t len;
const char *a;
Reported by FlawFinder.
Line: 1727
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
/* Determine parents */
reflog_msg = getenv("GIT_REFLOG_ACTION");
if (!current_head) {
if (!reflog_msg)
reflog_msg = "commit (initial)";
} else if (amend) {
if (!reflog_msg)
Reported by FlawFinder.
Line: 1099
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct commit *commit;
struct strbuf buf = STRBUF_INIT;
struct string_list mailmap = STRING_LIST_INIT_NODUP;
const char *av[20];
int ac = 0;
repo_init_revisions(the_repository, &revs, NULL);
strbuf_addf(&buf, "--author=%s", name);
av[++ac] = "--all";
Reported by FlawFinder.
Line: 1808
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (amend) {
const char *exclude_gpgsig[3] = { "gpgsig", "gpgsig-sha256", NULL };
extra = read_commit_extra_headers(current_head, exclude_gpgsig);
} else {
struct commit_extra_header **tail = &extra;
append_merge_tag_headers(parents, &tail);
}
Reported by FlawFinder.
Line: 638
Column: 46
CWE codes:
126
if (force_author) {
struct ident_split ident;
if (split_ident_line(&ident, force_author, strlen(force_author)) < 0)
die(_("malformed --author parameter"));
set_ident_var(&name, xmemdupz(ident.name_begin, ident.name_end - ident.name_begin));
set_ident_var(&email, xmemdupz(ident.mail_begin, ident.mail_end - ident.mail_begin));
}
Reported by FlawFinder.
transport.c
8 issues
Line: 936
Column: 19
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
static struct string_list allowed = STRING_LIST_INIT_DUP;
if (enabled < 0) {
const char *v = getenv("GIT_ALLOW_PROTOCOL");
if (v) {
string_list_split(&allowed, v, ':', -1);
string_list_sort(&allowed);
enabled = 1;
} else {
Reported by FlawFinder.
Line: 727
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int measure_abbrev(const struct object_id *oid, int sofar)
{
char hex[GIT_MAX_HEXSZ + 1];
int w = find_unique_abbrev_r(hex, oid, DEFAULT_ABBREV);
return (w < sofar) ? sofar : w;
}
Reported by FlawFinder.
Line: 858
Column: 59
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
static int connect_git(struct transport *transport, const char *name,
const char *executable, int fd[2])
{
struct git_transport_data *data = transport->data;
data->conn = git_connect(data->fd, transport->url,
executable, 0);
Reported by FlawFinder.
Line: 859
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static int connect_git(struct transport *transport, const char *name,
const char *executable, int fd[2])
{
struct git_transport_data *data = transport->data;
data->conn = git_connect(data->fd, transport->url,
executable, 0);
fd[0] = data->fd[0];
Reported by FlawFinder.
Line: 1209
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ref *r;
struct child_process proc = CHILD_PROCESS_INIT;
struct strbuf buf;
const char *argv[4];
if (!(argv[0] = find_hook("pre-push")))
return 0;
argv[1] = transport->remote->name;
Reported by FlawFinder.
Line: 1471
Column: 58
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
string_list_clear(&transport->pack_lockfiles, 0);
}
int transport_connect(struct transport *transport, const char *name,
const char *exec, int fd[2])
{
if (transport->vtable->connect)
return transport->vtable->connect(transport, name, exec, fd);
else
Reported by FlawFinder.
Line: 1472
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
int transport_connect(struct transport *transport, const char *name,
const char *exec, int fd[2])
{
if (transport->vtable->connect)
return transport->vtable->connect(transport, name, exec, fd);
else
die(_("operation not supported by protocol"));
Reported by FlawFinder.
Line: 1504
Column: 13
CWE codes:
126
if (url_is_local_not_ssh(url) || !anon_part)
goto literal_copy;
anon_len = strlen(++anon_part);
scheme_prefix = strstr(url, "://");
if (!scheme_prefix) {
if (!strchr(anon_part, ':'))
/* cannot be "me@there:/path/name" */
goto literal_copy;
Reported by FlawFinder.
builtin/rebase.c
8 issues
Line: 1274
Column: 8
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (!is_merge(options))
return;
env = getenv(GIT_REFLOG_ACTION_ENVIRONMENT);
if (env && strcmp("rebase", env))
return; /* only override it if it is "rebase" */
strbuf_addf(&buf, "rebase (%s)", options->action);
setenv(GIT_REFLOG_ACTION_ENVIRONMENT, buf.buf, 1);
Reported by FlawFinder.
Line: 1778
Column: 6
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (options.type == REBASE_MERGE &&
!options.strategy &&
getenv("GIT_TEST_MERGE_ALGORITHM"))
options.strategy = xstrdup(getenv("GIT_TEST_MERGE_ALGORITHM"));
switch (options.type) {
case REBASE_MERGE:
case REBASE_PRESERVE_MERGES:
Reported by FlawFinder.
Line: 1779
Column: 30
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (options.type == REBASE_MERGE &&
!options.strategy &&
getenv("GIT_TEST_MERGE_ALGORITHM"))
options.strategy = xstrdup(getenv("GIT_TEST_MERGE_ALGORITHM"));
switch (options.type) {
case REBASE_MERGE:
case REBASE_PRESERVE_MERGES:
options.state_dir = merge_dir();
Reported by FlawFinder.
Line: 1989
Column: 10
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (options.switch_to) {
strbuf_reset(&buf);
strbuf_addf(&buf, "%s: checkout %s",
getenv(GIT_REFLOG_ACTION_ENVIRONMENT),
options.switch_to);
if (reset_head(the_repository,
&options.orig_head, "checkout",
options.head_name,
RESET_HEAD_RUN_POST_CHECKOUT_HOOK,
Reported by FlawFinder.
Line: 2067
Column: 7
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
"it...\n"));
strbuf_addf(&msg, "%s: checkout %s",
getenv(GIT_REFLOG_ACTION_ENVIRONMENT), options.onto_name);
if (reset_head(the_repository, &options.onto->object.oid, "checkout", NULL,
RESET_HEAD_DETACH | RESET_ORIG_HEAD |
RESET_HEAD_RUN_POST_CHECKOUT_HOOK,
NULL, msg.buf, DEFAULT_REFLOG_ACTION))
die(_("Could not detach HEAD"));
Reported by FlawFinder.
Line: 315
Column: 16
CWE codes:
362
delete_reflog("REBASE_HEAD");
interactive = fopen(path_interactive(), "w");
if (!interactive)
return error_errno(_("could not mark as interactive"));
fclose(interactive);
return write_basic_state(opts, head_name, onto, orig_head);
Reported by FlawFinder.
Line: 863
Column: 21
CWE codes:
362
oid_to_hex(&opts->orig_head));
rebased_patches = xstrdup(git_path("rebased-patches"));
format_patch.out = open(rebased_patches,
O_WRONLY | O_CREAT | O_TRUNC, 0666);
if (format_patch.out < 0) {
status = error_errno(_("could not open '%s' for writing"),
rebased_patches);
free(rebased_patches);
Reported by FlawFinder.
Line: 908
Column: 10
CWE codes:
362
}
strbuf_release(&revisions);
am.in = open(rebased_patches, O_RDONLY);
if (am.in < 0) {
status = error_errno(_("could not open '%s' for reading"),
rebased_patches);
free(rebased_patches);
strvec_clear(&am.args);
Reported by FlawFinder.
commit.c
8 issues
Line: 1559
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* And check the encoding */
if (encoding_is_utf8 && !verify_utf8(&buffer))
fprintf(stderr, _(commit_utf8_warn));
if (sign_commit && sign_with_header(&buffer, sign_commit)) {
result = -1;
goto out;
}
Reported by FlawFinder.
Line: 1226
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void verify_merge_signature(struct commit *commit, int verbosity,
int check_trust)
{
char hex[GIT_MAX_HEXSZ + 1];
struct signature_check signature_check;
int ret;
memset(&signature_check, 0, sizeof(signature_check));
ret = check_commit_signature(commit, &signature_check);
Reported by FlawFinder.
Line: 1482
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (;;) {
int bad;
unsigned char c;
unsigned char replace[2];
bad = find_invalid_utf8(buf->buf + pos, buf->len - pos);
if (bad < 0)
return ok;
pos += bad;
Reported by FlawFinder.
Line: 960
Column: 28
CWE codes:
126
struct commit *ret = NULL;
char *full_refname;
switch (dwim_ref(refname, strlen(refname), &oid, &full_refname, 0)) {
case 0:
die("No such ref: '%s'", refname);
case 1:
break; /* good */
default:
Reported by FlawFinder.
Line: 1018
Column: 27
CWE codes:
126
int inspos, copypos;
const char *eoh;
const char *gpg_sig_header = gpg_sig_headers[hash_algo_by_ptr(the_hash_algo)];
int gpg_sig_header_len = strlen(gpg_sig_header);
/* find the end of the header */
eoh = strstr(buf->buf, "\n\n");
if (!eoh)
inspos = buf->len;
Reported by FlawFinder.
Line: 1087
Column: 17
CWE codes:
126
sig = line + 1;
else if (skip_prefix(line, gpg_sig_header, &p) &&
*p == ' ') {
sig = line + strlen(gpg_sig_header) + 1;
other_signature = 0;
}
else if (starts_with(line, "gpgsig"))
other_signature = 1;
else if (other_signature && line[0] != ' ')
Reported by FlawFinder.
Line: 1314
Column: 17
CWE codes:
126
return 0;
while (*exclude) {
size_t xlen = strlen(*exclude);
if (len == xlen && !memcmp(field, *exclude, xlen))
return 1;
exclude++;
}
return 0;
Reported by FlawFinder.
Line: 1632
Column: 16
CWE codes:
126
const char *find_commit_header(const char *msg, const char *key, size_t *out_len)
{
int key_len = strlen(key);
const char *line = msg;
while (line) {
const char *eol = strchrnul(line, '\n');
Reported by FlawFinder.
midx.c
8 issues
Line: 1175
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
static int verify_midx_error;
__attribute__((format (printf, 1, 2)))
static void midx_report(const char *fmt, ...)
{
va_list ap;
verify_midx_error = 1;
va_start(ap, fmt);
Reported by FlawFinder.
Line: 1181
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
verify_midx_error = 1;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}
struct pair_pos_vs_id
Reported by FlawFinder.
Line: 664
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
ALLOC_GROW(deduplicated_entries, *nr_objects + 1, alloc_objects);
memcpy(&deduplicated_entries[*nr_objects],
&entries_by_fanout[cur_object],
sizeof(struct pack_midx_entry));
(*nr_objects)++;
}
}
Reported by FlawFinder.
Line: 679
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct write_midx_context *ctx = data;
uint32_t i;
unsigned char padding[MIDX_CHUNK_ALIGNMENT];
size_t written = 0;
for (i = 0; i < ctx->nr; i++) {
size_t writelen;
Reported by FlawFinder.
Line: 899
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned flags)
{
char *midx_name;
unsigned char midx_hash[GIT_MAX_RAWSZ];
uint32_t i;
struct hashfile *f = NULL;
struct lock_file lk;
struct write_midx_context ctx = { 0 };
int pack_name_concat_len = 0;
Reported by FlawFinder.
Line: 167
Column: 20
CWE codes:
126
for (i = 0; i < m->num_packs; i++) {
m->pack_names[i] = cur_pack_name;
cur_pack_name += strlen(cur_pack_name) + 1;
if (i && strcmp(m->pack_names[i], m->pack_names[i - 1]) <= 0)
die(_("multi-pack-index pack names out of order: '%s' before '%s'"),
m->pack_names[i - 1],
m->pack_names[i]);
Reported by FlawFinder.
Line: 693
Column: 14
CWE codes:
126
ctx->info[i - 1].pack_name,
ctx->info[i].pack_name);
writelen = strlen(ctx->info[i].pack_name) + 1;
hashwrite(f, ctx->info[i].pack_name, writelen);
written += writelen;
}
/* add padding to be aligned */
Reported by FlawFinder.
Line: 1023
Column: 28
CWE codes:
126
for (i = 0; i < ctx.nr; i++) {
if (!ctx.info[i].expired)
pack_name_concat_len += strlen(ctx.info[i].pack_name) + 1;
}
/* Check that the preferred pack wasn't expired (if given). */
if (preferred_pack_name) {
struct pack_info *preferred = bsearch(preferred_pack_name,
Reported by FlawFinder.
worktree.c
8 issues
Line: 268
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
/* convenient wrapper to deal with NULL strbuf */
__attribute__((format (printf, 2, 3)))
static void strbuf_addf_gently(struct strbuf *buf, const char *fmt, ...)
{
va_list params;
if (!buf)
Reported by FlawFinder.
Line: 337
Column: 19
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
goto done;
}
strbuf_realpath(&realpath, git_common_path("worktrees/%s", wt->id), 1);
ret = fspathcmp(path, realpath.buf);
if (ret)
strbuf_addf_gently(errmsg, _("'%s' does not point back to '%s'"),
wt->path, git_common_path("worktrees/%s", wt->id));
Reported by FlawFinder.
Line: 338
Column: 24
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
}
strbuf_realpath(&realpath, git_common_path("worktrees/%s", wt->id), 1);
ret = fspathcmp(path, realpath.buf);
if (ret)
strbuf_addf_gently(errmsg, _("'%s' does not point back to '%s'"),
wt->path, git_common_path("worktrees/%s", wt->id));
done:
Reported by FlawFinder.
Line: 346
Column: 18
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
done:
free(path);
strbuf_release(&wt_path);
strbuf_release(&realpath);
return ret;
}
void update_worktree_location(struct worktree *wt, const char *path_)
{
Reported by FlawFinder.
Line: 780
Column: 7
CWE codes:
362
strbuf_addstr(reason, _("gitdir file does not exist"));
return 1;
}
fd = open(git_path("worktrees/%s/gitdir", id), O_RDONLY);
if (fd < 0) {
strbuf_addf(reason, _("unable to read gitdir file (%s)"),
strerror(errno));
return 1;
}
Reported by FlawFinder.
Line: 164
Column: 14
CWE codes:
126
struct worktree *found = NULL;
int nr_found = 0, suffixlen;
suffixlen = strlen(suffix);
if (!suffixlen)
return NULL;
for (; *list && nr_found < 2; list++) {
const char *path = (*list)->path;
Reported by FlawFinder.
Line: 170
Column: 19
CWE codes:
126
for (; *list && nr_found < 2; list++) {
const char *path = (*list)->path;
int pathlen = strlen(path);
int start = pathlen - suffixlen;
/* suffix must start at directory boundary */
if ((!start || (start > 0 && is_dir_sep(path[start - 1]))) &&
!fspathcmp(suffix, path + start)) {
Reported by FlawFinder.
Line: 478
Column: 30
CWE codes:
126
strbuf_release(&err);
/* Replace config by worktrees. */
strbuf_setlen(&sb, sb.len - strlen("config"));
strbuf_addstr(&sb, "worktrees");
/* See if there is any file inside the worktrees directory. */
dir = opendir(sb.buf);
strbuf_release(&sb);
Reported by FlawFinder.
pkt-line.c
7 issues
Line: 5
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "pkt-line.h"
#include "run-command.h"
char packet_buffer[LARGE_PACKET_MAX];
static const char *packet_trace_prefix = "git";
static struct trace_key trace_packet = TRACE_KEY_INIT(PACKET);
static struct trace_key trace_pack = TRACE_KEY_INIT(PACKFILE);
void packet_trace_identity(const char *prog)
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int do_packet_write(const int fd_out, const char *buf, size_t size,
struct strbuf *err)
{
char header[4];
size_t packet_size;
if (size > LARGE_PACKET_DATA_MAX) {
strbuf_addstr(err, _("packet write failed - data exceeds max packet size"));
return -1;
Reported by FlawFinder.
Line: 321
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Read up to "size" bytes from our source, whatever it is. */
if (src_buf && *src_buf) {
ret = size < *src_size ? size : *src_size;
memcpy(dst, *src_buf, ret);
*src_buf += ret;
*src_size -= ret;
} else {
ret = read_in_full(fd, dst, size);
if (ret < 0) {
Reported by FlawFinder.
Line: 346
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
int packet_length(const char lenbuf_hex[4])
{
int val = hex2chr(lenbuf_hex);
return (val < 0) ? val : (val << 8) | hex2chr(lenbuf_hex + 2);
}
Reported by FlawFinder.
Line: 358
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int options)
{
int len;
char linelen[4];
if (get_packet_data(fd, src_buffer, src_len, linelen, 4, options) < 0) {
*pktlen = -1;
return PACKET_READ_EOF;
}
Reported by FlawFinder.
Line: 498
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int recv_sideband(const char *me, int in_stream, int out)
{
char buf[LARGE_PACKET_MAX + 1];
int len;
struct strbuf scratch = STRBUF_INIT;
enum sideband_type sideband_type;
while (1) {
Reported by FlawFinder.
Line: 56
Column: 9
CWE codes:
126
* started.
*/
buf = "PACK ...";
len = strlen(buf);
}
if (!trace_want(&trace_packet))
return;
Reported by FlawFinder.
base85.c
7 issues
Line: 6
Column: 16
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef DEBUG_85
#ifdef DEBUG_85
#define say(a) fprintf(stderr, a)
#define say1(a,b) fprintf(stderr, a, b)
#define say2(a,b,c) fprintf(stderr, a, b, c)
#else
#define say(a) do { /* nothing */ } while (0)
#define say1(a,b) do { /* nothing */ } while (0)
Reported by FlawFinder.
Line: 7
Column: 19
CWE codes:
134
Suggestion:
Use a constant for the format specification
#ifdef DEBUG_85
#define say(a) fprintf(stderr, a)
#define say1(a,b) fprintf(stderr, a, b)
#define say2(a,b,c) fprintf(stderr, a, b, c)
#else
#define say(a) do { /* nothing */ } while (0)
#define say1(a,b) do { /* nothing */ } while (0)
#define say2(a,b,c) do { /* nothing */ } while (0)
Reported by FlawFinder.
Line: 8
Column: 21
CWE codes:
134
Suggestion:
Use a constant for the format specification
#ifdef DEBUG_85
#define say(a) fprintf(stderr, a)
#define say1(a,b) fprintf(stderr, a, b)
#define say2(a,b,c) fprintf(stderr, a, b, c)
#else
#define say(a) do { /* nothing */ } while (0)
#define say1(a,b) do { /* nothing */ } while (0)
#define say2(a,b,c) do { /* nothing */ } while (0)
#endif
Reported by FlawFinder.
Line: 28
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
'|', '}', '~'
};
static char de85[256];
static void prep_base85(void)
{
int i;
if (de85['Z'])
return;
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef DEBUG_85
int main(int ac, char **av)
{
char buf[1024];
if (!strcmp(av[1], "-e")) {
int len = strlen(av[2]);
encode_85(buf, av[2], len);
if (len <= 26) len = len + 'A' - 1;
Reported by FlawFinder.
Line: 126
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
}
if (!strcmp(av[1], "-t")) {
char t[4] = { -1,-1,-1,-1 };
encode_85(buf, t, 4);
printf("encoded: D%s\n", buf);
return 0;
}
}
Reported by FlawFinder.
Line: 110
Column: 13
CWE codes:
126
char buf[1024];
if (!strcmp(av[1], "-e")) {
int len = strlen(av[2]);
encode_85(buf, av[2], len);
if (len <= 26) len = len + 'A' - 1;
else len = len + 'a' - 26 - 1;
printf("encoded: %c%s\n", len, buf);
return 0;
Reported by FlawFinder.
pkt-line.h
7 issues
Line: 26
Column: 76
CWE codes:
134
Suggestion:
Use a constant for the format specification
void packet_flush(int fd);
void packet_delim(int fd);
void packet_response_end(int fd);
void packet_write_fmt(int fd, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
void packet_buf_flush(struct strbuf *buf);
void packet_buf_delim(struct strbuf *buf);
void set_packet_header(char *buf, int size);
void packet_write(int fd_out, const char *buf, size_t size);
void packet_buf_write(struct strbuf *buf, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
Reported by FlawFinder.
Line: 31
Column: 88
CWE codes:
134
Suggestion:
Use a constant for the format specification
void packet_buf_delim(struct strbuf *buf);
void set_packet_header(char *buf, int size);
void packet_write(int fd_out, const char *buf, size_t size);
void packet_buf_write(struct strbuf *buf, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
void packet_buf_write_len(struct strbuf *buf, const char *data, size_t len);
int packet_flush_gently(int fd);
int packet_write_fmt_gently(int fd, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
int write_packetized_from_fd_no_flush(int fd_in, int fd_out);
int write_packetized_from_buf_no_flush(const char *src_in, size_t len, int fd_out);
Reported by FlawFinder.
Line: 34
Column: 82
CWE codes:
134
Suggestion:
Use a constant for the format specification
void packet_buf_write(struct strbuf *buf, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
void packet_buf_write_len(struct strbuf *buf, const char *data, size_t len);
int packet_flush_gently(int fd);
int packet_write_fmt_gently(int fd, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
int write_packetized_from_fd_no_flush(int fd_in, int fd_out);
int write_packetized_from_buf_no_flush(const char *src_in, size_t len, int fd_out);
/*
* Read a packetized line into the buffer, which must be at least size bytes
Reported by FlawFinder.
Line: 233
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
void packet_writer_init(struct packet_writer *writer, int dest_fd);
/* These functions die upon failure. */
__attribute__((format (printf, 2, 3)))
void packet_writer_write(struct packet_writer *writer, const char *fmt, ...);
__attribute__((format (printf, 2, 3)))
void packet_writer_error(struct packet_writer *writer, const char *fmt, ...);
void packet_writer_delim(struct packet_writer *writer);
void packet_writer_flush(struct packet_writer *writer);
Reported by FlawFinder.
Line: 235
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* These functions die upon failure. */
__attribute__((format (printf, 2, 3)))
void packet_writer_write(struct packet_writer *writer, const char *fmt, ...);
__attribute__((format (printf, 2, 3)))
void packet_writer_error(struct packet_writer *writer, const char *fmt, ...);
void packet_writer_delim(struct packet_writer *writer);
void packet_writer_flush(struct packet_writer *writer);
#endif
Reported by FlawFinder.
Line: 90
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* If lenbuf_hex contains non-hex characters, return -1. Otherwise, return the
* numeric value of the length header.
*/
int packet_length(const char lenbuf_hex[4]);
/*
* Read a packetized line into a buffer like the 'packet_read()' function but
* returns an 'enum packet_read_status' which indicates the status of the read.
* The number of bytes read will be assigned to *pktlen if the status of the
Reported by FlawFinder.
Line: 223
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DEFAULT_PACKET_MAX 1000
#define LARGE_PACKET_MAX 65520
#define LARGE_PACKET_DATA_MAX (LARGE_PACKET_MAX - 4)
extern char packet_buffer[LARGE_PACKET_MAX];
struct packet_writer {
int dest_fd;
unsigned use_sideband : 1;
};
Reported by FlawFinder.
remote-curl.c
7 issues
Line: 1247
CWE codes:
908
else
die(_("protocol error: expected sha/ref, got '%s'"), p);
ref = alloc_ref(name);
oidcpy(&ref->old_oid, &old_oid);
*list = ref;
list = &ref->next;
Reported by Cppcheck.
Line: 650
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
set_packet_header(buf - 4, *appended);
break;
case PACKET_READ_DELIM:
memcpy(buf - 4, "0001", 4);
break;
case PACKET_READ_FLUSH:
memcpy(buf - 4, "0000", 4);
break;
case PACKET_READ_RESPONSE_END:
Reported by FlawFinder.
Line: 653
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(buf - 4, "0001", 4);
break;
case PACKET_READ_FLUSH:
memcpy(buf - 4, "0000", 4);
break;
case PACKET_READ_RESPONSE_END:
die(_("remote server sent unexpected response end packet"));
}
}
Reported by FlawFinder.
Line: 707
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (max < avail)
avail = max;
memcpy(ptr, rpc->buf + rpc->pos, avail);
rpc->pos += avail;
return avail;
}
#ifndef NO_CURL_IOCTL
Reported by FlawFinder.
Line: 736
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
struct check_pktline_state {
char len_buf[4];
int len_filled;
int remaining;
};
static void check_pktline(struct check_pktline_state *state, const char *ptr, size_t size)
Reported by FlawFinder.
Line: 748
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int digits_remaining = 4 - state->len_filled;
if (digits_remaining > size)
digits_remaining = size;
memcpy(&state->len_buf[state->len_filled], ptr, digits_remaining);
state->len_filled += digits_remaining;
ptr += digits_remaining;
size -= digits_remaining;
if (state->len_filled == 4) {
Reported by FlawFinder.
Line: 1107
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!err) {
strbuf_read(rpc_result, client.out, 0);
} else {
char buf[4096];
for (;;)
if (xread(client.out, buf, sizeof(buf)) <= 0)
break;
}
Reported by FlawFinder.