The following issues were found
contrib/credential/wincred/git-credential-wincred.c
20 issues
Line: 14
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
__attribute__((format (printf, 1, 2)))
static void die(const char *err, ...)
{
char msg[4096];
va_list params;
va_start(params, err);
Reported by FlawFinder.
Line: 20
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char msg[4096];
va_list params;
va_start(params, err);
vsnprintf(msg, sizeof(msg), err, params);
fprintf(stderr, "%s\n", msg);
va_end(params);
exit(1);
}
Reported by FlawFinder.
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__attribute__((format (printf, 1, 2)))
static void die(const char *err, ...)
{
char msg[4096];
va_list params;
va_start(params, err);
vsnprintf(msg, sizeof(msg), err, params);
fprintf(stderr, "%s\n", msg);
va_end(params);
Reported by FlawFinder.
Line: 246
Column: 13
CWE codes:
120
static WCHAR *utf8_to_utf16_dup(const char *str)
{
int wlen = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
WCHAR *wstr = xmalloc(sizeof(WCHAR) * wlen);
MultiByteToWideChar(CP_UTF8, 0, str, -1, wstr, wlen);
return wstr;
}
Reported by FlawFinder.
Line: 248
Column: 2
CWE codes:
120
{
int wlen = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
WCHAR *wstr = xmalloc(sizeof(WCHAR) * wlen);
MultiByteToWideChar(CP_UTF8, 0, str, -1, wstr, wlen);
return wstr;
}
static void read_credential(void)
{
Reported by FlawFinder.
Line: 254
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void read_credential(void)
{
char buf[1024];
while (fgets(buf, sizeof(buf), stdin)) {
char *v;
int len = strlen(buf);
/* strip trailing CR / LF */
Reported by FlawFinder.
Line: 306
Column: 2
CWE codes:
120
Suggestion:
Consider using a function version that stops copying at the end of the buffer
return 0;
/* prepare 'target', the unique key for the credential */
wcscpy(target, L"git:");
wcsncat(target, protocol, ARRAY_SIZE(target));
wcsncat(target, L"://", ARRAY_SIZE(target));
if (wusername) {
wcsncat(target, wusername, ARRAY_SIZE(target));
wcsncat(target, L"@", ARRAY_SIZE(target));
Reported by FlawFinder.
Line: 140
Column: 23
CWE codes:
126
if (*delim)
delim_pos = last ? wcsstr_last(start, delim) : wcsstr(start, delim);
else
delim_pos = start + wcslen(start);
/*
* match text up to delimiter, or end of string (e.g. the '/' after
* host is optional if not followed by a path)
*/
Reported by FlawFinder.
Line: 149
Column: 9
CWE codes:
126
if (delim_pos)
len = delim_pos - start;
else
len = wcslen(start);
/* update ptarget if we either found a delimiter or need a match */
if (delim_pos || want)
*ptarget = delim_pos ? delim_pos + wcslen(delim) : start + len;
Reported by FlawFinder.
Line: 153
Column: 38
CWE codes:
126
/* update ptarget if we either found a delimiter or need a match */
if (delim_pos || want)
*ptarget = delim_pos ? delim_pos + wcslen(delim) : start + len;
return !want || (!wcsncmp(want, start, len) && !want[len]);
}
static int match_part(LPCWSTR *ptarget, LPCWSTR want, LPCWSTR delim)
Reported by FlawFinder.
wrapper.c
19 issues
Line: 589
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int access_or_warn(const char *path, int mode, unsigned flag)
{
int ret = access(path, mode);
if (ret && !access_error_is_ok(errno, flag))
warn_on_inaccessible(path);
return ret;
}
Reported by FlawFinder.
Line: 597
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int access_or_die(const char *path, int mode, unsigned flag)
{
int ret = access(path, mode);
if (ret && !access_error_is_ok(errno, flag))
die_errno(_("unable to access '%s'"), path);
return ret;
}
Reported by FlawFinder.
Line: 617
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int len;
va_start(ap, fmt);
len = vsnprintf(dst, max, fmt, ap);
va_end(ap);
if (len < 0)
BUG("your snprintf is broken");
if (len >= max)
Reported by FlawFinder.
Line: 99
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
void *xmemdupz(const void *data, size_t len)
{
return memcpy(xmallocz(len), data, len);
}
char *xstrndup(const char *str, size_t len)
{
char *p = memchr(str, '\0', len);
Reported by FlawFinder.
Line: 190
Column: 12
CWE codes:
362
va_end(ap);
for (;;) {
int fd = open(path, oflag, mode);
if (fd >= 0)
return fd;
if (errno == EINTR)
continue;
Reported by FlawFinder.
Line: 360
Column: 14
CWE codes:
362
FILE *xfopen(const char *path, const char *mode)
{
for (;;) {
FILE *fp = fopen(path, mode);
if (fp)
return fp;
if (errno == EINTR)
continue;
Reported by FlawFinder.
Line: 385
Column: 14
CWE codes:
362
FILE *fopen_for_writing(const char *path)
{
FILE *ret = fopen(path, "w");
if (!ret && errno == EPERM) {
if (!unlink(path))
ret = fopen(path, "w");
else
Reported by FlawFinder.
Line: 389
Column: 10
CWE codes:
362
if (!ret && errno == EPERM) {
if (!unlink(path))
ret = fopen(path, "w");
else
errno = EPERM;
}
return ret;
}
Reported by FlawFinder.
Line: 413
Column: 13
CWE codes:
362
FILE *fopen_or_warn(const char *path, const char *mode)
{
FILE *fp = fopen(path, mode);
if (fp)
return fp;
warn_on_fopen_errors(path);
Reported by FlawFinder.
Line: 425
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int xmkstemp(char *filename_template)
{
int fd;
char origtemplate[PATH_MAX];
strlcpy(origtemplate, filename_template, sizeof(origtemplate));
fd = mkstemp(filename_template);
if (fd < 0) {
int saved_errno = errno;
Reported by FlawFinder.
http-push.c
18 issues
Line: 83
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pushing;
static int aborted;
static signed char remote_dir_exists[256];
static int push_verbosely;
static int push_all = MATCH_REFS_NONE;
static int force_all;
static int dry_run;
Reported by FlawFinder.
Line: 128
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct buffer buffer;
enum transfer_state state;
CURLcode curl_result;
char errorstr[CURL_ERROR_SIZE];
long http_code;
void *userData;
struct active_request_slot *slot;
struct transfer_request *next;
};
Reported by FlawFinder.
Line: 149
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *url;
char *owner;
char *token;
char tmpfile_suffix[GIT_MAX_HEXSZ + 1];
time_t start_time;
long timeout;
int refreshing;
struct remote_lock *next;
};
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct active_request_slot *slot;
struct strbuf buf = STRBUF_INIT;
enum object_type type;
char hdr[50];
void *unpacked;
unsigned long len;
int hdrlen;
ssize_t size;
git_zstream stream;
Reported by FlawFinder.
Line: 766
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct remote_lock *lock = (struct remote_lock *)ctx->userData;
git_hash_ctx hash_ctx;
unsigned char lock_token_hash[GIT_MAX_RAWSZ];
if (tag_closed && ctx->cdata) {
if (!strcmp(ctx->name, DAV_ACTIVELOCK_OWNER)) {
lock->owner = xstrdup(ctx->cdata);
} else if (!strcmp(ctx->name, DAV_ACTIVELOCK_TIMEOUT)) {
Reported by FlawFinder.
Line: 783
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
the_hash_algo->final_fn(lock_token_hash, &hash_ctx);
lock->tmpfile_suffix[0] = '_';
memcpy(lock->tmpfile_suffix + 1, hash_to_hex(lock_token_hash), the_hash_algo->hexsz);
}
}
}
static void one_remote_ref(const char *refname);
Reported by FlawFinder.
Line: 850
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct strbuf in_buffer = STRBUF_INIT;
char *url;
char *ep;
char timeout_header[25];
struct remote_lock *lock = NULL;
struct curl_slist *dav_headers = http_copy_default_headers();
struct xml_ctx ctx;
char *escaped;
Reported by FlawFinder.
Line: 779
Column: 53
CWE codes:
126
lock->token = xstrdup(ctx->cdata);
the_hash_algo->init_fn(&hash_ctx);
the_hash_algo->update_fn(&hash_ctx, lock->token, strlen(lock->token));
the_hash_algo->final_fn(lock_token_hash, &hash_ctx);
lock->tmpfile_suffix[0] = '_';
memcpy(lock->tmpfile_suffix + 1, hash_to_hex(lock_token_hash), the_hash_algo->hexsz);
}
Reported by FlawFinder.
Line: 802
Column: 16
CWE codes:
126
else
c++;
old_namelen = strlen(ctx->name);
new_len = old_namelen + strlen(c) + 2;
if (new_len > ctx->len) {
ctx->name = xrealloc(ctx->name, new_len);
ctx->len = new_len;
Reported by FlawFinder.
Line: 803
Column: 26
CWE codes:
126
c++;
old_namelen = strlen(ctx->name);
new_len = old_namelen + strlen(c) + 2;
if (new_len > ctx->len) {
ctx->name = xrealloc(ctx->name, new_len);
ctx->len = new_len;
}
Reported by FlawFinder.
ident.c
18 issues
Line: 169
Column: 23
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *ident_default_email(void)
{
if (!(ident_config_given & IDENT_MAIL_GIVEN) && !git_default_email.len) {
const char *email = getenv("EMAIL");
if (email && email[0]) {
strbuf_addstr(&git_default_email, email);
committer_ident_explicitly_given |= IDENT_MAIL_GIVEN;
author_ident_explicitly_given |= IDENT_MAIL_GIVEN;
Reported by FlawFinder.
Line: 472
Column: 10
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
case WANT_BLANK_IDENT:
break;
case WANT_AUTHOR_IDENT:
name = getenv("GIT_AUTHOR_NAME");
email = getenv("GIT_AUTHOR_EMAIL");
break;
case WANT_COMMITTER_IDENT:
name = getenv("GIT_COMMITTER_NAME");
email = getenv("GIT_COMMITTER_EMAIL");
Reported by FlawFinder.
Line: 473
Column: 11
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
break;
case WANT_AUTHOR_IDENT:
name = getenv("GIT_AUTHOR_NAME");
email = getenv("GIT_AUTHOR_EMAIL");
break;
case WANT_COMMITTER_IDENT:
name = getenv("GIT_COMMITTER_NAME");
email = getenv("GIT_COMMITTER_EMAIL");
break;
Reported by FlawFinder.
Line: 476
Column: 10
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
email = getenv("GIT_AUTHOR_EMAIL");
break;
case WANT_COMMITTER_IDENT:
name = getenv("GIT_COMMITTER_NAME");
email = getenv("GIT_COMMITTER_EMAIL");
break;
}
return fmt_ident(name, email, whose_ident, NULL,
IDENT_STRICT | IDENT_NO_DATE);
Reported by FlawFinder.
Line: 477
Column: 11
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
break;
case WANT_COMMITTER_IDENT:
name = getenv("GIT_COMMITTER_NAME");
email = getenv("GIT_COMMITTER_EMAIL");
break;
}
return fmt_ident(name, email, whose_ident, NULL,
IDENT_STRICT | IDENT_NO_DATE);
}
Reported by FlawFinder.
Line: 486
Column: 6
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *git_author_info(int flag)
{
if (getenv("GIT_AUTHOR_NAME"))
author_ident_explicitly_given |= IDENT_NAME_GIVEN;
if (getenv("GIT_AUTHOR_EMAIL"))
author_ident_explicitly_given |= IDENT_MAIL_GIVEN;
return fmt_ident(getenv("GIT_AUTHOR_NAME"),
getenv("GIT_AUTHOR_EMAIL"),
Reported by FlawFinder.
Line: 488
Column: 6
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
{
if (getenv("GIT_AUTHOR_NAME"))
author_ident_explicitly_given |= IDENT_NAME_GIVEN;
if (getenv("GIT_AUTHOR_EMAIL"))
author_ident_explicitly_given |= IDENT_MAIL_GIVEN;
return fmt_ident(getenv("GIT_AUTHOR_NAME"),
getenv("GIT_AUTHOR_EMAIL"),
WANT_AUTHOR_IDENT,
getenv("GIT_AUTHOR_DATE"),
Reported by FlawFinder.
Line: 490
Column: 19
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
author_ident_explicitly_given |= IDENT_NAME_GIVEN;
if (getenv("GIT_AUTHOR_EMAIL"))
author_ident_explicitly_given |= IDENT_MAIL_GIVEN;
return fmt_ident(getenv("GIT_AUTHOR_NAME"),
getenv("GIT_AUTHOR_EMAIL"),
WANT_AUTHOR_IDENT,
getenv("GIT_AUTHOR_DATE"),
flag);
}
Reported by FlawFinder.
Line: 491
Column: 5
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (getenv("GIT_AUTHOR_EMAIL"))
author_ident_explicitly_given |= IDENT_MAIL_GIVEN;
return fmt_ident(getenv("GIT_AUTHOR_NAME"),
getenv("GIT_AUTHOR_EMAIL"),
WANT_AUTHOR_IDENT,
getenv("GIT_AUTHOR_DATE"),
flag);
}
Reported by FlawFinder.
Line: 493
Column: 5
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
return fmt_ident(getenv("GIT_AUTHOR_NAME"),
getenv("GIT_AUTHOR_EMAIL"),
WANT_AUTHOR_IDENT,
getenv("GIT_AUTHOR_DATE"),
flag);
}
const char *git_committer_info(int flag)
{
Reported by FlawFinder.
connect.c
18 issues
Line: 954
Column: 22
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
static int git_use_proxy(const char *host)
{
git_proxy_command = getenv("GIT_PROXY_COMMAND");
git_config(git_proxy_command_options, (void*)host);
return (git_proxy_command && *git_proxy_command);
}
static struct child_process *git_proxy_connect(int fd[2], char *host)
Reported by FlawFinder.
Line: 1078
Column: 13
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
{
const char *ssh;
if ((ssh = getenv("GIT_SSH_COMMAND")))
return ssh;
if (!git_config_get_string_tmp("core.sshcommand", &ssh))
return ssh;
Reported by FlawFinder.
Line: 1098
Column: 24
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
static void override_ssh_variant(enum ssh_variant *ssh_variant)
{
const char *variant = getenv("GIT_SSH_VARIANT");
if (!variant && git_config_get_string_tmp("ssh.variant", &variant))
return;
if (!strcmp(variant, "auto"))
Reported by FlawFinder.
Line: 1182
Column: 22
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
* connect, unless the user has overridden us in
* the environment.
*/
char *target_host = getenv("GIT_OVERRIDE_VIRTUAL_HOST");
if (target_host)
target_host = xstrdup(target_host);
else
target_host = xstrdup(hostandport);
Reported by FlawFinder.
Line: 1312
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
*/
conn->use_shell = 0;
ssh = getenv("GIT_SSH");
if (!ssh)
ssh = "ssh";
variant = determine_ssh_variant(ssh, 0);
}
Reported by FlawFinder.
Line: 428
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ref = alloc_ref(line_sections.items[i++].string);
memcpy(ref->old_oid.hash, old_oid.hash, reader->hash_algo->rawsz);
**list = ref;
*list = &ref->next;
for (; i < line_sections.nr; i++) {
const char *arg = line_sections.items[i].string;
Reported by FlawFinder.
Line: 450
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
peeled_name = xstrfmt("%s^{}", ref->name);
peeled = alloc_ref(peeled_name);
memcpy(peeled->old_oid.hash, peeled_oid.hash,
reader->hash_algo->rawsz);
**list = peeled;
*list = &peeled->next;
free(peeled_name);
Reported by FlawFinder.
Line: 724
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *ai_name(const struct addrinfo *ai)
{
static char addr[NI_MAXHOST];
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, sizeof(addr), NULL, 0,
NI_NUMERICHOST) != 0)
xsnprintf(addr, sizeof(addr), "(unknown)");
return addr;
Reported by FlawFinder.
Line: 842
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&sa, 0, sizeof sa);
sa.sin_family = he->h_addrtype;
sa.sin_port = htons(nport);
memcpy(&sa.sin_addr, *ap, he->h_length);
sockfd = socket(he->h_addrtype, SOCK_STREAM, 0);
if ((sockfd < 0) ||
connect(sockfd, (struct sockaddr *)&sa, sizeof sa) < 0) {
strbuf_addf(&error_message, "%s[%d: %s]: errno=%s\n",
Reported by FlawFinder.
Line: 1137
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
p = xstrdup(ssh_command);
if (split_cmdline(p, &ssh_argv) > 0) {
variant = basename((char *)ssh_argv[0]);
/*
* At this point, variant points into the buffer
* referenced by p, hence we do not need ssh_argv
* any longer.
*/
Reported by FlawFinder.
compat/regex/regex_internal.c
18 issues
Line: 214
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
build_wcs_buffer (re_string_t *pstr)
{
#ifdef _LIBC
unsigned char buf[MB_LEN_MAX];
assert (MB_LEN_MAX >= pstr->mb_cur_max);
#else
unsigned char buf[64];
#endif
mbstate_t prev_st;
Reported by FlawFinder.
Line: 217
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char buf[MB_LEN_MAX];
assert (MB_LEN_MAX >= pstr->mb_cur_max);
#else
unsigned char buf[64];
#endif
mbstate_t prev_st;
int byte_idx, end_idx, remain_len;
size_t mbclen;
Reported by FlawFinder.
Line: 285
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int src_idx, byte_idx, end_idx, remain_len;
size_t mbclen;
#ifdef _LIBC
char buf[MB_LEN_MAX];
assert (MB_LEN_MAX >= pstr->mb_cur_max);
#else
char buf[64];
#endif
Reported by FlawFinder.
Line: 288
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char buf[MB_LEN_MAX];
assert (MB_LEN_MAX >= pstr->mb_cur_max);
#else
char buf[64];
#endif
byte_idx = pstr->valid_len;
end_idx = (pstr->bufs_len > pstr->len) ? pstr->len : pstr->bufs_len;
Reported by FlawFinder.
Line: 330
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wcu = towupper (wc);
mbcdlen = wcrtomb (buf, wcu, &prev_st);
if (BE (mbclen == mbcdlen, 1))
memcpy (pstr->mbs + byte_idx, buf, mbclen);
else
{
src_idx = byte_idx;
goto offsets_needed;
}
Reported by FlawFinder.
Line: 338
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
else
memcpy (pstr->mbs + byte_idx,
pstr->raw_mbs + pstr->raw_mbs_idx + byte_idx, mbclen);
pstr->wcs[byte_idx++] = wcu;
/* Write paddings. */
for (remain_len = byte_idx + mbclen - 1; byte_idx < remain_len ;)
pstr->wcs[byte_idx++] = WEOF;
Reported by FlawFinder.
Line: 398
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wcu = towupper (wc);
mbcdlen = wcrtomb ((char *) buf, wcu, &prev_st);
if (BE (mbclen == mbcdlen, 1))
memcpy (pstr->mbs + byte_idx, buf, mbclen);
else if (mbcdlen != (size_t) -1)
{
size_t i;
if (byte_idx + mbcdlen > pstr->bufs_len)
Reported by FlawFinder.
Line: 423
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pstr->offsets_needed = 1;
}
memcpy (pstr->mbs + byte_idx, buf, mbcdlen);
pstr->wcs[byte_idx] = wcu;
pstr->offsets[byte_idx] = src_idx;
for (i = 1; i < mbcdlen; ++i)
{
pstr->offsets[byte_idx + i]
Reported by FlawFinder.
Line: 442
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
}
else
memcpy (pstr->mbs + byte_idx, p, mbclen);
}
else
memcpy (pstr->mbs + byte_idx, p, mbclen);
if (BE (pstr->offsets_needed != 0, 0))
Reported by FlawFinder.
Line: 445
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy (pstr->mbs + byte_idx, p, mbclen);
}
else
memcpy (pstr->mbs + byte_idx, p, mbclen);
if (BE (pstr->offsets_needed != 0, 0))
{
size_t i;
for (i = 0; i < mbclen; ++i)
Reported by FlawFinder.
builtin/init-db.c
17 issues
Line: 254
Column: 8
CWE codes:
362
20
Suggestion:
Reconsider approach
*/
path = git_path_buf(&buf, "HEAD");
reinit = (!access(path, R_OK)
|| readlink(path, junk, sizeof(junk)-1) != -1);
if (!reinit) {
char *ref;
if (!initial_branch)
initial_branch = git_default_branch_name(quiet);
Reported by FlawFinder.
Line: 278
Column: 16
CWE codes:
362
Suggestion:
Use fchmod( ) instead
filemode = TEST_FILEMODE;
if (TEST_FILEMODE && !lstat(path, &st1)) {
struct stat st2;
filemode = (!chmod(path, st1.st_mode ^ S_IXUSR) &&
!lstat(path, &st2) &&
st1.st_mode != st2.st_mode &&
!chmod(path, st1.st_mode));
if (filemode && !reinit && (st1.st_mode & S_IXUSR))
filemode = 0;
Reported by FlawFinder.
Line: 281
Column: 6
CWE codes:
362
Suggestion:
Use fchmod( ) instead
filemode = (!chmod(path, st1.st_mode ^ S_IXUSR) &&
!lstat(path, &st2) &&
st1.st_mode != st2.st_mode &&
!chmod(path, st1.st_mode));
if (filemode && !reinit && (st1.st_mode & S_IXUSR))
filemode = 0;
}
git_config_set("core.filemode", filemode ? "true" : "false");
Reported by FlawFinder.
Line: 356
CWE codes:
908
else
die(_("unable to handle file type %d"), (int)st.st_mode);
if (rename(src, git_dir))
die_errno(_("unable to move %s to %s"), src, git_dir);
repair_worktrees(NULL, NULL);
}
write_file(git_link, "gitdir: %s", git_dir);
Reported by Cppcheck.
Line: 253
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* not yet exist.
*/
path = git_path_buf(&buf, "HEAD");
reinit = (!access(path, R_OK)
|| readlink(path, junk, sizeof(junk)-1) != -1);
if (!reinit) {
char *ref;
if (!initial_branch)
Reported by FlawFinder.
Line: 312
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* Check if the filesystem is case-insensitive */
path = git_path_buf(&buf, "CoNfIg");
if (!access(path, F_OK))
git_config_set("core.ignorecase", "true");
probe_utf8_pathname_composition();
}
strbuf_release(&buf);
Reported by FlawFinder.
Line: 462
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
int len = strlen(git_dir);
if (reinit)
printf(get_shared_repository()
? _("Reinitialized existing shared Git repository in %s%s\n")
: _("Reinitialized existing Git repository in %s%s\n"),
git_dir, len && git_dir[len-1] != '/' ? "/" : "");
else
printf(get_shared_repository()
Reported by FlawFinder.
Line: 467
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
: _("Reinitialized existing Git repository in %s%s\n"),
git_dir, len && git_dir[len-1] != '/' ? "/" : "");
else
printf(get_shared_repository()
? _("Initialized empty shared Git repository in %s%s\n")
: _("Initialized empty Git repository in %s%s\n"),
git_dir, len && git_dir[len-1] != '/' ? "/" : "");
}
Reported by FlawFinder.
Line: 678
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
set_git_work_tree(work_tree);
else
set_git_work_tree(git_work_tree_cfg);
if (access(get_git_work_tree(), X_OK))
die_errno (_("Cannot access work tree '%s'"),
get_git_work_tree());
}
else {
if (real_git_dir)
Reported by FlawFinder.
Line: 107
Column: 18
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
char *to_free = NULL;
if (!template_dir)
template_dir = getenv(TEMPLATE_DIR_ENVIRONMENT);
if (!template_dir)
template_dir = init_template_dir;
if (!template_dir)
template_dir = to_free = system_path(DEFAULT_GIT_TEMPLATE_DIR);
if (!template_dir[0]) {
Reported by FlawFinder.
t/t4256/1/mailinfo.c
16 issues
Line: 345
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
#define MAX_HDR_PARSED 10
static const char *header[MAX_HDR_PARSED] = {
"From","Subject","Date",
};
static inline int cmp_header(const struct strbuf *line, const char *hdr)
{
Reported by FlawFinder.
Line: 1154
Column: 12
CWE codes:
362
int peek;
struct strbuf line = STRBUF_INIT;
cmitmsg = fopen(msg, "w");
if (!cmitmsg) {
perror(msg);
return -1;
}
mi->patchfile = fopen(patch, "w");
Reported by FlawFinder.
Line: 1159
Column: 18
CWE codes:
362
perror(msg);
return -1;
}
mi->patchfile = fopen(patch, "w");
if (!mi->patchfile) {
perror(patch);
fclose(cmitmsg);
return -1;
}
Reported by FlawFinder.
Line: 228
Column: 8
CWE codes:
126
strbuf_setlen(attr, 0);
if (!ap)
return 0;
ap += strlen(name);
if (*ap == '"') {
ap++;
ends = "\"";
}
else
Reported by FlawFinder.
Line: 351
Column: 12
CWE codes:
126
static inline int cmp_header(const struct strbuf *line, const char *hdr)
{
int len = strlen(hdr);
return !strncasecmp(line->buf, hdr, len) && line->len > len &&
line->buf[len] == ':' && isspace(line->buf[len + 1]);
}
static int is_format_patch_separator(const char *line, int len)
Reported by FlawFinder.
Line: 362
Column: 13
CWE codes:
126
"From e6807f3efca28b30decfecb1732a56c7db1137ee Mon Sep 17 00:00:00 2001\n";
const char *cp;
if (len != strlen(SAMPLE))
return 0;
if (!skip_prefix(line, "From ", &cp))
return 0;
if (strspn(cp, "0123456789abcdef") != 40)
return 0;
Reported by FlawFinder.
Line: 369
Column: 43
CWE codes:
126
if (strspn(cp, "0123456789abcdef") != 40)
return 0;
cp += 40;
return !memcmp(SAMPLE + (cp - line), cp, strlen(SAMPLE) - (cp - line));
}
static struct strbuf *decode_q_segment(const struct strbuf *q_seg, int rfc2047)
{
const char *in = q_seg->buf;
Reported by FlawFinder.
Line: 457
Column: 27
CWE codes:
126
return error("cannot convert from %s to %s",
charset, mi->metainfo_charset);
}
strbuf_attach(line, out, strlen(out), strlen(out));
return 0;
}
static void decode_header(struct mailinfo *mi, struct strbuf *it)
{
Reported by FlawFinder.
Line: 457
Column: 40
CWE codes:
126
return error("cannot convert from %s to %s",
charset, mi->metainfo_charset);
}
strbuf_attach(line, out, strlen(out), strlen(out));
return 0;
}
static void decode_header(struct mailinfo *mi, struct strbuf *it)
{
Reported by FlawFinder.
Line: 555
Column: 13
CWE codes:
126
/* search for the interesting parts */
for (i = 0; header[i]; i++) {
int len = strlen(header[i]);
if ((!hdr_data[i] || overwrite) && cmp_header(line, header[i])) {
/* Unwrap inline B and Q encoding, and optionally
* normalize the meta information to utf8.
*/
strbuf_add(&sb, line->buf + len + 2, line->len - len - 2);
Reported by FlawFinder.
tar.h
16 issues
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define TYPEFLAG_EXT_HEADER 'x'
struct ustar_header {
char name[100]; /* 0 */
char mode[8]; /* 100 */
char uid[8]; /* 108 */
char gid[8]; /* 116 */
char size[12]; /* 124 */
char mtime[12]; /* 136 */
Reported by FlawFinder.
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ustar_header {
char name[100]; /* 0 */
char mode[8]; /* 100 */
char uid[8]; /* 108 */
char gid[8]; /* 116 */
char size[12]; /* 124 */
char mtime[12]; /* 136 */
char chksum[8]; /* 148 */
Reported by FlawFinder.
Line: 14
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ustar_header {
char name[100]; /* 0 */
char mode[8]; /* 100 */
char uid[8]; /* 108 */
char gid[8]; /* 116 */
char size[12]; /* 124 */
char mtime[12]; /* 136 */
char chksum[8]; /* 148 */
char typeflag[1]; /* 156 */
Reported by FlawFinder.
Line: 15
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char name[100]; /* 0 */
char mode[8]; /* 100 */
char uid[8]; /* 108 */
char gid[8]; /* 116 */
char size[12]; /* 124 */
char mtime[12]; /* 136 */
char chksum[8]; /* 148 */
char typeflag[1]; /* 156 */
char linkname[100]; /* 157 */
Reported by FlawFinder.
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char mode[8]; /* 100 */
char uid[8]; /* 108 */
char gid[8]; /* 116 */
char size[12]; /* 124 */
char mtime[12]; /* 136 */
char chksum[8]; /* 148 */
char typeflag[1]; /* 156 */
char linkname[100]; /* 157 */
char magic[6]; /* 257 */
Reported by FlawFinder.
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char uid[8]; /* 108 */
char gid[8]; /* 116 */
char size[12]; /* 124 */
char mtime[12]; /* 136 */
char chksum[8]; /* 148 */
char typeflag[1]; /* 156 */
char linkname[100]; /* 157 */
char magic[6]; /* 257 */
char version[2]; /* 263 */
Reported by FlawFinder.
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char gid[8]; /* 116 */
char size[12]; /* 124 */
char mtime[12]; /* 136 */
char chksum[8]; /* 148 */
char typeflag[1]; /* 156 */
char linkname[100]; /* 157 */
char magic[6]; /* 257 */
char version[2]; /* 263 */
char uname[32]; /* 265 */
Reported by FlawFinder.
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char size[12]; /* 124 */
char mtime[12]; /* 136 */
char chksum[8]; /* 148 */
char typeflag[1]; /* 156 */
char linkname[100]; /* 157 */
char magic[6]; /* 257 */
char version[2]; /* 263 */
char uname[32]; /* 265 */
char gname[32]; /* 297 */
Reported by FlawFinder.
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char mtime[12]; /* 136 */
char chksum[8]; /* 148 */
char typeflag[1]; /* 156 */
char linkname[100]; /* 157 */
char magic[6]; /* 257 */
char version[2]; /* 263 */
char uname[32]; /* 265 */
char gname[32]; /* 297 */
char devmajor[8]; /* 329 */
Reported by FlawFinder.
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char chksum[8]; /* 148 */
char typeflag[1]; /* 156 */
char linkname[100]; /* 157 */
char magic[6]; /* 257 */
char version[2]; /* 263 */
char uname[32]; /* 265 */
char gname[32]; /* 297 */
char devmajor[8]; /* 329 */
char devminor[8]; /* 337 */
Reported by FlawFinder.
refs.c
16 issues
Line: 383
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return 0;
}
fprintf(d->fp, d->msg_fmt, refname);
fputc('\n', d->fp);
return 0;
}
void warn_dangling_symref(FILE *fp, const char *msg_fmt, const char *refname)
Reported by FlawFinder.
Line: 1235
Column: 12
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
int rules_to_fail = i;
int short_name_len;
if (1 != sscanf(refname, scanf_fmts[i], short_name))
continue;
short_name_len = strlen(short_name);
/*
Reported by FlawFinder.
Line: 583
Column: 20
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *config_key = "init.defaultbranch";
const char *config_display_key = "init.defaultBranch";
char *ret = NULL, *full_ref;
const char *env = getenv("GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME");
if (env && *env)
ret = xstrdup(env);
else if (repo_config_get_string(r, config_key, &ret) < 0)
die(_("could not retrieve `%s`"), config_display_key);
Reported by FlawFinder.
Line: 2129
Column: 6
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
break;
}
if (getenv(GIT_QUARANTINE_ENVIRONMENT)) {
strbuf_addstr(err,
_("ref updates forbidden inside quarantine environment"));
return -1;
}
Reported by FlawFinder.
Line: 51
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* ":", "?", "[", "\", "^", "~", SP, or TAB
* 5: *, reject unless REFNAME_REFSPEC_PATTERN is set
*/
static unsigned char refname_disposition[256] = {
1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 0, 0, 2, 1,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 4,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
Reported by FlawFinder.
Line: 1819
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ref_store *refs;
/* NUL-terminated identifier of the ref store: */
char name[FLEX_ARRAY];
};
static int ref_store_hash_cmp(const void *unused_cmp_data,
const struct hashmap_entry *eptr,
const struct hashmap_entry *entry_or_key,
Reported by FlawFinder.
Line: 227
Column: 20
CWE codes:
126
if (skip_prefix(refname, "refs/", &rest)) {
char *buf;
int result;
size_t restlen = strlen(rest);
/* rest must not be empty, or start or end with "/" */
if (!restlen || *rest == '/' || rest[restlen - 1] == '/')
return 0;
Reported by FlawFinder.
Line: 542
Column: 30
CWE codes:
126
int refname_match(const char *abbrev_name, const char *full_name)
{
const char **p;
const int abbrev_name_len = strlen(abbrev_name);
const int num_rules = NUM_REV_PARSE_RULES;
for (p = ref_rev_parse_rules; *p; p++)
if (!strcmp(full_name, mkpath(*p, abbrev_name_len, abbrev_name)))
return &ref_rev_parse_rules[num_rules] - p;
Reported by FlawFinder.
Line: 559
Column: 12
CWE codes:
126
void expand_ref_prefix(struct strvec *prefixes, const char *prefix)
{
const char **p;
int len = strlen(prefix);
for (p = ref_rev_parse_rules; *p; p++)
strvec_pushf(prefixes, *p, len, prefix);
}
Reported by FlawFinder.
Line: 1209
Column: 17
CWE codes:
126
/* the rule list is NULL terminated, count them first */
for (nr_rules = 0; ref_rev_parse_rules[nr_rules]; nr_rules++)
/* -2 for strlen("%.*s") - strlen("%s"); +1 for NUL */
total_len += strlen(ref_rev_parse_rules[nr_rules]) - 2 + 1;
scanf_fmts = xmalloc(st_add(st_mult(sizeof(char *), nr_rules), total_len));
offset = 0;
for (i = 0; i < nr_rules; i++) {
Reported by FlawFinder.