The following issues were found
tests/unit/unit1650.c
7 issues
Line: 157
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UNITTEST_START
{
size_t size = 0;
unsigned char buffer[256];
size_t i;
unsigned char *p;
for(i = 0; i < sizeof(req) / sizeof(req[0]); i++) {
int rc = doh_encode(req[i].name, req[i].type,
buffer, sizeof(buffer), &size);
Reported by FlawFinder.
Line: 177
Column: 32
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
else if(req[i].packet && memcmp(req[i].packet, buffer, size)) {
fprintf(stderr, "DNS encode made: %s\n", hexdump(buffer, size));
fprintf(stderr, "... instead of: %s\n",
hexdump((unsigned char *)req[i].packet, size));
return 3;
}
}
for(i = 0; i < sizeof(resp) / sizeof(resp[0]); i++) {
Reported by FlawFinder.
Line: 189
Column: 37
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t len;
int u;
de_init(&d);
rc = doh_decode((const unsigned char *)resp[i].packet, resp[i].size,
resp[i].type, &d);
if(rc != resp[i].rc) {
fprintf(stderr, "resp %zu: Expected return code %d got %d\n", i,
resp[i].rc, rc);
return 4;
Reported by FlawFinder.
Line: 232
Column: 31
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ptr += o;
}
de_cleanup(&d);
if(resp[i].out && strcmp((char *)buffer, resp[i].out)) {
fprintf(stderr, "resp %zu: Expected %s got %s\n", i,
resp[i].out, buffer);
return 1;
}
}
Reported by FlawFinder.
Line: 205
Column: 13
CWE codes:
126
if(resp[i].type == DNS_TYPE_A) {
p = &a->ip.v4[0];
msnprintf(ptr, len, "%u.%u.%u.%u ", p[0], p[1], p[2], p[3]);
o = strlen(ptr);
len -= o;
ptr += o;
}
else {
int j;
Reported by FlawFinder.
Line: 215
Column: 15
CWE codes:
126
size_t l;
msnprintf(ptr, len, "%s%02x%02x", j?":":"", a->ip.v6[j],
a->ip.v6[j + 1]);
l = strlen(ptr);
len -= l;
ptr += l;
}
msnprintf(ptr, len, " ");
len--;
Reported by FlawFinder.
Line: 227
Column: 11
CWE codes:
126
for(u = 0; u < d.numcname; u++) {
size_t o;
msnprintf(ptr, len, "%s ", Curl_dyn_ptr(&d.cname[u]));
o = strlen(ptr);
len -= o;
ptr += o;
}
de_cleanup(&d);
if(resp[i].out && strcmp((char *)buffer, resp[i].out)) {
Reported by FlawFinder.
lib/vauth/cleartext.c
7 issues
Line: 87
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Calculate the reply */
if(zlen)
memcpy(plainauth, authzid, zlen);
plainauth[zlen] = '\0';
memcpy(plainauth + zlen + 1, authcid, clen);
plainauth[zlen + clen + 1] = '\0';
memcpy(plainauth + zlen + clen + 2, passwd, plen);
plainauth[plainlen] = '\0';
Reported by FlawFinder.
Line: 89
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(zlen)
memcpy(plainauth, authzid, zlen);
plainauth[zlen] = '\0';
memcpy(plainauth + zlen + 1, authcid, clen);
plainauth[zlen + clen + 1] = '\0';
memcpy(plainauth + zlen + clen + 2, passwd, plen);
plainauth[plainlen] = '\0';
Curl_bufref_set(out, plainauth, plainlen, curl_free);
return CURLE_OK;
Reported by FlawFinder.
Line: 91
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
plainauth[zlen] = '\0';
memcpy(plainauth + zlen + 1, authcid, clen);
plainauth[zlen + clen + 1] = '\0';
memcpy(plainauth + zlen + clen + 2, passwd, plen);
plainauth[plainlen] = '\0';
Curl_bufref_set(out, plainauth, plainlen, curl_free);
return CURLE_OK;
}
Reported by FlawFinder.
Line: 71
Column: 33
CWE codes:
126
size_t clen;
size_t plen;
zlen = (authzid == NULL ? 0 : strlen(authzid));
clen = strlen(authcid);
plen = strlen(passwd);
/* Compute binary message length. Check for overflows. */
if((zlen > SIZE_T_MAX/4) || (clen > SIZE_T_MAX/4) ||
Reported by FlawFinder.
Line: 72
Column: 10
CWE codes:
126
size_t plen;
zlen = (authzid == NULL ? 0 : strlen(authzid));
clen = strlen(authcid);
plen = strlen(passwd);
/* Compute binary message length. Check for overflows. */
if((zlen > SIZE_T_MAX/4) || (clen > SIZE_T_MAX/4) ||
(plen > (SIZE_T_MAX/2 - 2)))
Reported by FlawFinder.
Line: 73
Column: 10
CWE codes:
126
zlen = (authzid == NULL ? 0 : strlen(authzid));
clen = strlen(authcid);
plen = strlen(passwd);
/* Compute binary message length. Check for overflows. */
if((zlen > SIZE_T_MAX/4) || (clen > SIZE_T_MAX/4) ||
(plen > (SIZE_T_MAX/2 - 2)))
return CURLE_OUT_OF_MEMORY;
Reported by FlawFinder.
Line: 112
Column: 32
CWE codes:
126
*/
CURLcode Curl_auth_create_login_message(const char *valuep, struct bufref *out)
{
Curl_bufref_set(out, valuep, strlen(valuep), NULL);
return CURLE_OK;
}
/*
* Curl_auth_create_external_message()
Reported by FlawFinder.
lib/urldata.h
7 issues
Line: 407
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TCHAR *spn;
#else
unsigned int flags;
unsigned char nonce[8];
unsigned int target_info_len;
void *target_info; /* TargetInfo received in the ntlm type-2 message */
#if defined(NTLM_WB_ENABLED)
/* used for communication with Samba's winbind daemon helper ntlm_auth */
Reported by FlawFinder.
Line: 611
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dnsprobe {
CURL *easy;
int dnstype;
unsigned char dohbuffer[512];
size_t dohlen;
struct dynbuf serverdoh;
};
struct dohdata {
Reported by FlawFinder.
Line: 975
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for the last attempt. When the connection is actually established
these are updated with data which comes directly from the socket. */
char primary_ip[MAX_IPADR_LEN];
unsigned char ip_version; /* copied from the Curl_easy at creation time */
char *user; /* user name string, allocated */
char *passwd; /* password string, allocated */
char *options; /* options string, allocated */
Reported by FlawFinder.
Line: 1156
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
without disturbing information which is still alive, and that might be
reused, in the connection cache. */
char conn_primary_ip[MAX_IPADR_LEN];
int conn_primary_port;
char conn_local_ip[MAX_IPADR_LEN];
int conn_local_port;
const char *conn_scheme;
unsigned int conn_protocol;
Reported by FlawFinder.
Line: 1158
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char conn_primary_ip[MAX_IPADR_LEN];
int conn_primary_port;
char conn_local_ip[MAX_IPADR_LEN];
int conn_local_port;
const char *conn_scheme;
unsigned int conn_protocol;
struct curl_certinfo certs; /* info about the certs, only populated in
OpenSSL, GnuTLS, Schannel, NSS and GSKit
Reported by FlawFinder.
Line: 1741
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long new_file_perms; /* Permissions to use when creating remote files */
long new_directory_perms; /* Permissions to use when creating remote dirs */
long ssh_auth_types; /* allowed SSH auth types */
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
struct curl_blob *blobs[BLOB_LAST];
unsigned int scope_id; /* Scope id for IPv6 */
long allowed_protocols;
long redir_protocols;
struct curl_slist *mail_rcpt; /* linked list of mail recipients */
Reported by FlawFinder.
Line: 1905
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
the state etc are also kept. This array is mostly used to detect when a
socket is to be removed from the hash. See singlesocket(). */
curl_socket_t sockets[MAX_SOCKSPEREASYHANDLE];
unsigned char actions[MAX_SOCKSPEREASYHANDLE]; /* action for each socket in
sockets[] */
int numsocks;
struct Names dns;
struct Curl_multi *multi; /* if non-NULL, points to the multi handle
Reported by FlawFinder.
lib/mprintf.c
7 issues
Line: 960
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* NOTE NOTE NOTE!! Not all sprintf implementations return number of
output characters */
(sprintf)(work, formatbuf, p->data.dnum);
DEBUGASSERT(strlen(work) <= sizeof(work));
for(fptr = work; *fptr; fptr++)
OUTCHAR(*fptr);
}
break;
Reported by FlawFinder.
Line: 584
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long param_num = 0; /* parameter counter */
struct va_stack vto[MAX_PARAMETERS];
char *endpos[MAX_PARAMETERS];
char **end;
char work[BUFFSIZE];
struct va_stack *p;
/* 'workend' points to the final buffer byte position, but with an extra
Reported by FlawFinder.
Line: 586
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct va_stack vto[MAX_PARAMETERS];
char *endpos[MAX_PARAMETERS];
char **end;
char work[BUFFSIZE];
struct va_stack *p;
/* 'workend' points to the final buffer byte position, but with an extra
byte as margin to avoid the (false?) warning Coverity gives us
otherwise */
Reported by FlawFinder.
Line: 890
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
case FORMAT_DOUBLE:
{
char formatbuf[32]="%";
char *fptr = &formatbuf[1];
size_t left = sizeof(formatbuf)-strlen(formatbuf);
int len;
width = -1;
Reported by FlawFinder.
Line: 834
Column: 17
CWE codes:
126
else if(prec != -1)
len = (size_t)prec;
else
len = strlen(str);
width -= (len > LONG_MAX) ? LONG_MAX : (long)len;
if(p->flags & FLAGS_ALT)
OUTCHAR('"');
Reported by FlawFinder.
Line: 892
Column: 41
CWE codes:
126
{
char formatbuf[32]="%";
char *fptr = &formatbuf[1];
size_t left = sizeof(formatbuf)-strlen(formatbuf);
int len;
width = -1;
if(p->flags & FLAGS_WIDTH)
width = p->width;
Reported by FlawFinder.
Line: 961
Column: 21
CWE codes:
126
/* NOTE NOTE NOTE!! Not all sprintf implementations return number of
output characters */
(sprintf)(work, formatbuf, p->data.dnum);
DEBUGASSERT(strlen(work) <= sizeof(work));
for(fptr = work; *fptr; fptr++)
OUTCHAR(*fptr);
}
break;
Reported by FlawFinder.
lib/file.c
7 issues
Line: 75
Column: 30
CWE codes:
362
#endif
#ifdef OPEN_NEEDS_ARG3
# define open_readonly(p,f) open((p),(f),(0))
#else
# define open_readonly(p,f) open((p),(f))
#endif
/*
Reported by FlawFinder.
Line: 77
Column: 30
CWE codes:
362
#ifdef OPEN_NEEDS_ARG3
# define open_readonly(p,f) open((p),(f),(0))
#else
# define open_readonly(p,f) open((p),(f))
#endif
/*
* Forward declarations.
*/
Reported by FlawFinder.
Line: 281
Column: 8
CWE codes:
362
else
mode = MODE_DEFAULT|O_TRUNC;
fd = open(file->path, mode, data->set.new_file_perms);
if(fd < 0) {
failf(data, "Can't open %s for writing", file->path);
return CURLE_WRITE_ERROR;
}
Reported by FlawFinder.
Line: 413
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
time_t filetime;
struct tm buffer;
const struct tm *tm = &buffer;
char header[80];
int headerlen;
char accept_ranges[24]= { "Accept-ranges: bytes\r\n" };
if(expected_size >= 0) {
headerlen = msnprintf(header, sizeof(header),
"Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n",
Reported by FlawFinder.
Line: 415
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct tm *tm = &buffer;
char header[80];
int headerlen;
char accept_ranges[24]= { "Accept-ranges: bytes\r\n" };
if(expected_size >= 0) {
headerlen = msnprintf(header, sizeof(header),
"Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n",
expected_size);
result = Curl_client_write(data, CLIENTWRITE_HEADER, header, headerlen);
Reported by FlawFinder.
Line: 425
Column: 49
CWE codes:
126
return result;
result = Curl_client_write(data, CLIENTWRITE_HEADER,
accept_ranges, strlen(accept_ranges));
if(result != CURLE_OK)
return result;
}
filetime = (time_t)statbuf.st_mtime;
Reported by FlawFinder.
Line: 518
Column: 13
CWE codes:
120
20
else
bytestoread = data->set.buffer_size-1;
nread = read(fd, buf, bytestoread);
if(nread > 0)
buf[nread] = 0;
if(nread <= 0 || (size_known && (expected_size == 0)))
Reported by FlawFinder.
lib/system_win32.c
7 issues
Line: 216
Column: 9
CWE codes:
120
Suggestion:
Consider using a function version that stops copying at the end of the buffer
TCHAR *path = malloc(sizeof(TCHAR) * (systemdirlen + 1 + filenamelen));
if(path && GetSystemDirectory(path, systemdirlen)) {
/* Calculate the full DLL path */
_tcscpy(path + _tcslen(path), TEXT("\\"));
_tcscpy(path + _tcslen(path), filename);
/* Load the DLL from the Windows system directory */
/** !checksrc! disable BANNEDFUNC 1 **/
hModule = pLoadLibraryEx ?
Reported by FlawFinder.
Line: 217
Column: 9
CWE codes:
120
Suggestion:
Consider using a function version that stops copying at the end of the buffer
if(path && GetSystemDirectory(path, systemdirlen)) {
/* Calculate the full DLL path */
_tcscpy(path + _tcslen(path), TEXT("\\"));
_tcscpy(path + _tcslen(path), filename);
/* Load the DLL from the Windows system directory */
/** !checksrc! disable BANNEDFUNC 1 **/
hModule = pLoadLibraryEx ?
pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
Reported by FlawFinder.
Line: 197
Column: 7
CWE codes:
829
20
Suggestion:
Use LoadLibraryEx with one of the search flags, or call SetSearchPathMode to use a safe search path, or pass a full path to the library
/** !checksrc! disable BANNEDFUNC 1 **/
hModule = pLoadLibraryEx ?
pLoadLibraryEx(filename, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
LoadLibrary(filename);
}
/* Detect if KB2533623 is installed, as LOAD_LIBRARY_SEARCH_SYSTEM32 is only
supported on Windows Vista, Windows Server 2008, Windows 7 and Windows
Server 2008 R2 with this patch or natively on Windows 8 and above */
else if(pLoadLibraryEx && GetProcAddress(hKernel32, "AddDllDirectory")) {
Reported by FlawFinder.
Line: 223
Column: 11
CWE codes:
829
20
Suggestion:
Use LoadLibraryEx with one of the search flags, or call SetSearchPathMode to use a safe search path, or pass a full path to the library
/** !checksrc! disable BANNEDFUNC 1 **/
hModule = pLoadLibraryEx ?
pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
LoadLibrary(path);
}
free(path);
}
}
Reported by FlawFinder.
Line: 212
Column: 28
CWE codes:
126
if(systemdirlen) {
/* Allocate space for the full DLL path (Room for the null terminator
is included in systemdirlen) */
size_t filenamelen = _tcslen(filename);
TCHAR *path = malloc(sizeof(TCHAR) * (systemdirlen + 1 + filenamelen));
if(path && GetSystemDirectory(path, systemdirlen)) {
/* Calculate the full DLL path */
_tcscpy(path + _tcslen(path), TEXT("\\"));
_tcscpy(path + _tcslen(path), filename);
Reported by FlawFinder.
Line: 216
Column: 24
CWE codes:
126
TCHAR *path = malloc(sizeof(TCHAR) * (systemdirlen + 1 + filenamelen));
if(path && GetSystemDirectory(path, systemdirlen)) {
/* Calculate the full DLL path */
_tcscpy(path + _tcslen(path), TEXT("\\"));
_tcscpy(path + _tcslen(path), filename);
/* Load the DLL from the Windows system directory */
/** !checksrc! disable BANNEDFUNC 1 **/
hModule = pLoadLibraryEx ?
Reported by FlawFinder.
Line: 217
Column: 24
CWE codes:
126
if(path && GetSystemDirectory(path, systemdirlen)) {
/* Calculate the full DLL path */
_tcscpy(path + _tcslen(path), TEXT("\\"));
_tcscpy(path + _tcslen(path), filename);
/* Load the DLL from the Windows system directory */
/** !checksrc! disable BANNEDFUNC 1 **/
hModule = pLoadLibraryEx ?
pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
Reported by FlawFinder.
lib/imap.c
7 issues
Line: 1078
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(imapcode == '*') {
/* See if this is an UIDVALIDITY response */
char tmp[20];
if(sscanf(line + 2, "OK [UIDVALIDITY %19[0123456789]]", tmp) == 1) {
Curl_safefree(imapc->mailbox_uidvalidity);
imapc->mailbox_uidvalidity = strdup(tmp);
}
}
Reported by FlawFinder.
Line: 219
Column: 20
CWE codes:
126
static bool imap_matchresp(const char *line, size_t len, const char *cmd)
{
const char *end = line + len;
size_t cmd_len = strlen(cmd);
/* Skip the untagged response marker */
line += 2;
/* Do we have a number after the marker? */
Reported by FlawFinder.
Line: 260
Column: 19
CWE codes:
126
struct IMAP *imap = data->req.p.imap;
struct imap_conn *imapc = &conn->proto.imapc;
const char *id = imapc->resptag;
size_t id_len = strlen(id);
/* Do we have a tagged command response? */
if(len >= id_len + 1 && !memcmp(id, line, id_len) && line[id_len] == ' ') {
line += id_len + 1;
len -= id_len + 1;
Reported by FlawFinder.
Line: 358
Column: 16
CWE codes:
126
*/
static void imap_get_message(char *buffer, char **outptr)
{
size_t len = strlen(buffer);
char *message = NULL;
if(len > 2) {
/* Find the start of the message */
len -= 2;
Reported by FlawFinder.
Line: 1045
Column: 16
CWE codes:
126
{
CURLcode result = CURLE_OK;
char *line = data->state.buffer;
size_t len = strlen(line);
(void)instate; /* No use for this yet */
if(imapcode == '*') {
/* Temporarily add the LF character back and send as body to the client */
Reported by FlawFinder.
Line: 1461
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
state(data, IMAP_SERVERGREET);
/* Start off with an response id of '*' */
strcpy(imapc->resptag, "*");
result = imap_multi_statemach(data, done);
return result;
}
Reported by FlawFinder.
Line: 1830
Column: 12
CWE codes:
126
return strdup(str);
/* Calculate the new string length */
newlen = strlen(str) + backsp_count + quote_count + (escape_only ? 0 : 2);
/* Allocate the new string */
newstr = (char *) malloc((newlen + 1) * sizeof(char));
if(!newstr)
return NULL;
Reported by FlawFinder.
lib/curl_setup.h
7 issues
Line: 352
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
# define LSEEK_ERROR (__int64)-1
# define open curlx_win32_open
# define fopen(fname,mode) curlx_win32_fopen(fname, mode)
# define access(fname,mode) curlx_win32_access(fname, mode)
int curlx_win32_open(const char *filename, int oflag, ...);
int curlx_win32_stat(const char *path, struct_stat *buffer);
FILE *curlx_win32_fopen(const char *filename, const char *mode);
int curlx_win32_access(const char *path, int mode);
#endif
Reported by FlawFinder.
Line: 375
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
# define struct_stat struct _stat
# define open curlx_win32_open
# define fopen(fname,mode) curlx_win32_fopen(fname, mode)
# define access(fname,mode) curlx_win32_access(fname, mode)
int curlx_win32_stat(const char *path, struct_stat *buffer);
int curlx_win32_open(const char *filename, int oflag, ...);
FILE *curlx_win32_fopen(const char *filename, const char *mode);
int curlx_win32_access(const char *path, int mode);
# endif
Reported by FlawFinder.
Line: 350
Column: 11
CWE codes:
362
# define stat(fname,stp) curlx_win32_stat(fname, stp)
# define struct_stat struct _stati64
# define LSEEK_ERROR (__int64)-1
# define open curlx_win32_open
# define fopen(fname,mode) curlx_win32_fopen(fname, mode)
# define access(fname,mode) curlx_win32_access(fname, mode)
int curlx_win32_open(const char *filename, int oflag, ...);
int curlx_win32_stat(const char *path, struct_stat *buffer);
FILE *curlx_win32_fopen(const char *filename, const char *mode);
Reported by FlawFinder.
Line: 351
Column: 11
CWE codes:
362
# define struct_stat struct _stati64
# define LSEEK_ERROR (__int64)-1
# define open curlx_win32_open
# define fopen(fname,mode) curlx_win32_fopen(fname, mode)
# define access(fname,mode) curlx_win32_access(fname, mode)
int curlx_win32_open(const char *filename, int oflag, ...);
int curlx_win32_stat(const char *path, struct_stat *buffer);
FILE *curlx_win32_fopen(const char *filename, const char *mode);
int curlx_win32_access(const char *path, int mode);
Reported by FlawFinder.
Line: 373
Column: 13
CWE codes:
362
# define fstat(fdes,stp) _fstat(fdes, stp)
# define stat(fname,stp) curlx_win32_stat(fname, stp)
# define struct_stat struct _stat
# define open curlx_win32_open
# define fopen(fname,mode) curlx_win32_fopen(fname, mode)
# define access(fname,mode) curlx_win32_access(fname, mode)
int curlx_win32_stat(const char *path, struct_stat *buffer);
int curlx_win32_open(const char *filename, int oflag, ...);
FILE *curlx_win32_fopen(const char *filename, const char *mode);
Reported by FlawFinder.
Line: 374
Column: 13
CWE codes:
362
# define stat(fname,stp) curlx_win32_stat(fname, stp)
# define struct_stat struct _stat
# define open curlx_win32_open
# define fopen(fname,mode) curlx_win32_fopen(fname, mode)
# define access(fname,mode) curlx_win32_access(fname, mode)
int curlx_win32_stat(const char *path, struct_stat *buffer);
int curlx_win32_open(const char *filename, int oflag, ...);
FILE *curlx_win32_fopen(const char *filename, const char *mode);
int curlx_win32_access(const char *path, int mode);
Reported by FlawFinder.
Line: 834
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* !checksrc! disable TYPEDEFSTRUCT 1 */
typedef struct sockaddr_un {
ADDRESS_FAMILY sun_family;
char sun_path[UNIX_PATH_MAX];
} SOCKADDR_UN, *PSOCKADDR_UN;
# endif
#endif
#endif /* HEADER_CURL_SETUP_H */
Reported by FlawFinder.
lib/rand.c
6 issues
Line: 47
Column: 25
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
static bool seeded = FALSE;
#ifdef CURLDEBUG
char *force_entropy = getenv("CURL_ENTROPY");
if(force_entropy) {
if(!seeded) {
unsigned int seed = 0;
size_t elen = strlen(force_entropy);
size_t clen = sizeof(seed);
Reported by FlawFinder.
Line: 54
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t elen = strlen(force_entropy);
size_t clen = sizeof(seed);
size_t min = elen < clen ? elen : clen;
memcpy((char *)&seed, force_entropy, min);
randseed = ntohl(seed);
seeded = TRUE;
}
else
randseed++;
Reported by FlawFinder.
Line: 77
Column: 14
CWE codes:
362
#ifdef RANDOM_FILE
if(!seeded) {
/* if there's a random file to read a seed from, use it */
int fd = open(RANDOM_FILE, O_RDONLY);
if(fd > -1) {
/* read random data into the randseed variable */
ssize_t nread = read(fd, &randseed, sizeof(randseed));
if(nread == sizeof(randseed))
seeded = TRUE;
Reported by FlawFinder.
Line: 155
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
const char *hex = "0123456789abcdef";
unsigned char buffer[128];
unsigned char *bufp = buffer;
DEBUGASSERT(num > 1);
#ifdef __clang_analyzer__
/* This silences a scan-build warning about accessing this buffer with
Reported by FlawFinder.
Line: 51
Column: 21
CWE codes:
126
if(force_entropy) {
if(!seeded) {
unsigned int seed = 0;
size_t elen = strlen(force_entropy);
size_t clen = sizeof(seed);
size_t min = elen < clen ? elen : clen;
memcpy((char *)&seed, force_entropy, min);
randseed = ntohl(seed);
seeded = TRUE;
Reported by FlawFinder.
Line: 80
Column: 23
CWE codes:
120
20
int fd = open(RANDOM_FILE, O_RDONLY);
if(fd > -1) {
/* read random data into the randseed variable */
ssize_t nread = read(fd, &randseed, sizeof(randseed));
if(nread == sizeof(randseed))
seeded = TRUE;
close(fd);
}
}
Reported by FlawFinder.
src/tool_cb_prg.c
6 issues
Line: 198
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
memset(line, '#', num);
line[num] = '\0';
msnprintf(format, sizeof(format), "\r%%-%ds %%5.1f%%%%", barwidth);
fprintf(bar->out, format, line, percent);
}
fflush(bar->out);
bar->prev = point;
bar->prevtime = now;
Reported by FlawFinder.
Line: 79
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void fly(struct ProgressData *bar, bool moved)
{
char buf[256];
int pos;
int check = bar->width - 2;
msnprintf(buf, sizeof(buf), "%*s\r", bar->width-1, " ");
memcpy(&buf[bar->bar], "-=O=-", 5);
Reported by FlawFinder.
Line: 84
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int check = bar->width - 2;
msnprintf(buf, sizeof(buf), "%*s\r", bar->width-1, " ");
memcpy(&buf[bar->bar], "-=O=-", 5);
pos = sinus[bar->tick%200] / (1000000 / check);
buf[pos] = '#';
pos = sinus[(bar->tick + 5)%200] / (1000000 / check);
buf[pos] = '#';
Reported by FlawFinder.
Line: 179
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bar->calls++;
if((total > 0) && (point != bar->prev)) {
char line[MAX_BARLENGTH + 1];
char format[40];
double frac;
double percent;
int barwidth;
int num;
Reported by FlawFinder.
Line: 180
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if((total > 0) && (point != bar->prev)) {
char line[MAX_BARLENGTH + 1];
char format[40];
double frac;
double percent;
int barwidth;
int num;
if(point > total)
Reported by FlawFinder.
Line: 228
Column: 46
CWE codes:
126
if(colp) {
char *endptr;
long num = strtol(colp, &endptr, 10);
if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20) &&
(num < 10000))
bar->width = (int)num;
curl_free(colp);
}
Reported by FlawFinder.