The following issues were found
tests/libtest/lib1560.c
6 issues
Line: 48
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i;
CURLUcode rc;
char buf[256];
char *bufp = &buf[0];
size_t len = sizeof(buf);
struct part parts[] = {
{CURLUPART_SCHEME, "scheme"},
{CURLUPART_USER, "user"},
Reported by FlawFinder.
Line: 706
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *e = strchr(p, ',');
if(e) {
size_t n = e-p;
char buf[80];
char part[80];
char value[80];
memset(part, 0, sizeof(part)); /* Avoid valgrind false positive. */
memset(value, 0, sizeof(value)); /* Avoid valgrind false positive. */
Reported by FlawFinder.
Line: 707
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(e) {
size_t n = e-p;
char buf[80];
char part[80];
char value[80];
memset(part, 0, sizeof(part)); /* Avoid valgrind false positive. */
memset(value, 0, sizeof(value)); /* Avoid valgrind false positive. */
memcpy(buf, p, n);
Reported by FlawFinder.
Line: 708
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t n = e-p;
char buf[80];
char part[80];
char value[80];
memset(part, 0, sizeof(part)); /* Avoid valgrind false positive. */
memset(value, 0, sizeof(value)); /* Avoid valgrind false positive. */
memcpy(buf, p, n);
buf[n] = 0;
Reported by FlawFinder.
Line: 712
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(part, 0, sizeof(part)); /* Avoid valgrind false positive. */
memset(value, 0, sizeof(value)); /* Avoid valgrind false positive. */
memcpy(buf, p, n);
buf[n] = 0;
if(2 == sscanf(buf, "%79[^=]=%79[^,]", part, value)) {
CURLUPart what = part2id(part);
#if 0
/* for debugging this */
Reported by FlawFinder.
Line: 75
Column: 9
CWE codes:
126
else
msnprintf(bufp, len, "%s[%d]", buf[0]?" | ":"", (int)rc);
n = strlen(bufp);
bufp += n;
len -= n;
curl_free(p);
}
if(strcmp(buf, wanted)) {
Reported by FlawFinder.
src/tool_cb_prg.c
6 issues
Line: 198
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
memset(line, '#', num);
line[num] = '\0';
msnprintf(format, sizeof(format), "\r%%-%ds %%5.1f%%%%", barwidth);
fprintf(bar->out, format, line, percent);
}
fflush(bar->out);
bar->prev = point;
bar->prevtime = now;
Reported by FlawFinder.
Line: 79
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void fly(struct ProgressData *bar, bool moved)
{
char buf[256];
int pos;
int check = bar->width - 2;
msnprintf(buf, sizeof(buf), "%*s\r", bar->width-1, " ");
memcpy(&buf[bar->bar], "-=O=-", 5);
Reported by FlawFinder.
Line: 84
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int check = bar->width - 2;
msnprintf(buf, sizeof(buf), "%*s\r", bar->width-1, " ");
memcpy(&buf[bar->bar], "-=O=-", 5);
pos = sinus[bar->tick%200] / (1000000 / check);
buf[pos] = '#';
pos = sinus[(bar->tick + 5)%200] / (1000000 / check);
buf[pos] = '#';
Reported by FlawFinder.
Line: 179
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bar->calls++;
if((total > 0) && (point != bar->prev)) {
char line[MAX_BARLENGTH + 1];
char format[40];
double frac;
double percent;
int barwidth;
int num;
Reported by FlawFinder.
Line: 180
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if((total > 0) && (point != bar->prev)) {
char line[MAX_BARLENGTH + 1];
char format[40];
double frac;
double percent;
int barwidth;
int num;
if(point > total)
Reported by FlawFinder.
Line: 228
Column: 46
CWE codes:
126
if(colp) {
char *endptr;
long num = strtol(colp, &endptr, 10);
if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20) &&
(num < 10000))
bar->width = (int)num;
curl_free(colp);
}
Reported by FlawFinder.
lib/vauth/krb5_sspi.c
6 issues
Line: 218
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(memcmp(&context, krb5->context, sizeof(context))) {
s_pSecFn->DeleteSecurityContext(krb5->context);
memcpy(krb5->context, &context, sizeof(context));
}
if(resp_buf.cbBuffer) {
result = Curl_bufref_memdup(out, resp_buf.pvBuffer, resp_buf.cbBuffer);
}
Reported by FlawFinder.
Line: 366
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* If given, append the authorization identity. */
if(authzid && *authzid)
memcpy(message + 4, authzid, messagelen - 4);
/* Allocate the padding */
padding = malloc(sizes.cbBlockSize);
if(!padding) {
free(message);
Reported by FlawFinder.
Line: 418
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Populate the encryption buffer */
memcpy(appdata, wrap_buf[0].pvBuffer, wrap_buf[0].cbBuffer);
offset += wrap_buf[0].cbBuffer;
memcpy(appdata + offset, wrap_buf[1].pvBuffer, wrap_buf[1].cbBuffer);
offset += wrap_buf[1].cbBuffer;
memcpy(appdata + offset, wrap_buf[2].pvBuffer, wrap_buf[2].cbBuffer);
Reported by FlawFinder.
Line: 420
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Populate the encryption buffer */
memcpy(appdata, wrap_buf[0].pvBuffer, wrap_buf[0].cbBuffer);
offset += wrap_buf[0].cbBuffer;
memcpy(appdata + offset, wrap_buf[1].pvBuffer, wrap_buf[1].cbBuffer);
offset += wrap_buf[1].cbBuffer;
memcpy(appdata + offset, wrap_buf[2].pvBuffer, wrap_buf[2].cbBuffer);
/* Free all of our local buffers */
free(padding);
Reported by FlawFinder.
Line: 422
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset += wrap_buf[0].cbBuffer;
memcpy(appdata + offset, wrap_buf[1].pvBuffer, wrap_buf[1].cbBuffer);
offset += wrap_buf[1].cbBuffer;
memcpy(appdata + offset, wrap_buf[2].pvBuffer, wrap_buf[2].cbBuffer);
/* Free all of our local buffers */
free(padding);
free(message);
free(trailer);
Reported by FlawFinder.
Line: 348
Column: 19
CWE codes:
126
/* Allocate our message */
messagelen = 4;
if(authzid)
messagelen += strlen(authzid);
message = malloc(messagelen);
if(!message) {
free(trailer);
return CURLE_OUT_OF_MEMORY;
Reported by FlawFinder.
tests/libtest/lib1527.c
6 issues
Line: 41
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
int test(char *URL)
Reported by FlawFinder.
Line: 37
Column: 15
CWE codes:
126
static size_t read_callback(char *ptr, size_t size, size_t nmemb, void *stream)
{
size_t amount = nmemb * size; /* Total bytes curl wants */
if(amount < strlen(data)) {
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
Reported by FlawFinder.
Line: 38
Column: 12
CWE codes:
126
{
size_t amount = nmemb * size; /* Total bytes curl wants */
if(amount < strlen(data)) {
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
Reported by FlawFinder.
Line: 41
Column: 21
CWE codes:
126
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
int test(char *URL)
Reported by FlawFinder.
Line: 42
Column: 10
CWE codes:
126
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
int test(char *URL)
{
Reported by FlawFinder.
Line: 86
Column: 47
CWE codes:
126
test_setopt(curl, CURLOPT_WRITEFUNCTION, fwrite);
test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L);
test_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(data));
test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED);
res = curl_easy_perform(curl);
test_cleanup:
Reported by FlawFinder.
lib/memdebug.c
6 issues
Line: 81
Column: 26
CWE codes:
362
{
if(!curl_dbg_logfile) {
if(logname && *logname)
curl_dbg_logfile = fopen(logname, FOPEN_WRITETEXT);
else
curl_dbg_logfile = stderr;
#ifdef MEMDEBUG_LOG_SYNC
/* Flush the log file after every line so the log isn't lost in a crash */
if(curl_dbg_logfile)
Reported by FlawFinder.
Line: 198
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mem = curl_dbg_malloc(len, 0, NULL); /* NULL prevents logging */
if(mem)
memcpy(mem, str, len);
if(source)
curl_dbg_log("MEM %s:%d strdup(%p) (%zu) = %p\n",
source, line, (const void *)str, len, (const void *)mem);
Reported by FlawFinder.
Line: 223
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mem = curl_dbg_malloc(bsiz, 0, NULL); /* NULL prevents logging */
if(mem)
memcpy(mem, str, bsiz);
if(source)
curl_dbg_log("MEM %s:%d wcsdup(%p) (%zu) = %p\n",
source, line, (void *)str, bsiz, (void *)mem);
Reported by FlawFinder.
Line: 414
Column: 15
CWE codes:
362
FILE *curl_dbg_fopen(const char *file, const char *mode,
int line, const char *source)
{
FILE *res = fopen(file, mode);
if(source)
curl_dbg_log("FILE %s:%d fopen(\"%s\",\"%s\") = %p\n",
source, line, file, mode, (void *)res);
Reported by FlawFinder.
Line: 194
Column: 9
CWE codes:
126
if(countcheck("strdup", line, source))
return NULL;
len = strlen(str) + 1;
mem = curl_dbg_malloc(len, 0, NULL); /* NULL prevents logging */
if(mem)
memcpy(mem, str, len);
Reported by FlawFinder.
Line: 218
Column: 10
CWE codes:
126
if(countcheck("wcsdup", line, source))
return NULL;
wsiz = wcslen(str) + 1;
bsiz = wsiz * sizeof(wchar_t);
mem = curl_dbg_malloc(bsiz, 0, NULL); /* NULL prevents logging */
if(mem)
memcpy(mem, str, bsiz);
Reported by FlawFinder.
tests/libtest/lib1525.c
6 issues
Line: 42
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
int test(char *URL)
Reported by FlawFinder.
Line: 38
Column: 15
CWE codes:
126
static size_t read_callback(char *ptr, size_t size, size_t nmemb, void *stream)
{
size_t amount = nmemb * size; /* Total bytes curl wants */
if(amount < strlen(data)) {
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
Reported by FlawFinder.
Line: 39
Column: 12
CWE codes:
126
{
size_t amount = nmemb * size; /* Total bytes curl wants */
if(amount < strlen(data)) {
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
Reported by FlawFinder.
Line: 42
Column: 21
CWE codes:
126
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
int test(char *URL)
Reported by FlawFinder.
Line: 43
Column: 10
CWE codes:
126
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
int test(char *URL)
{
Reported by FlawFinder.
Line: 85
Column: 47
CWE codes:
126
test_setopt(curl, CURLOPT_WRITEFUNCTION, fwrite);
test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L);
test_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(data));
res = curl_easy_perform(curl);
test_cleanup:
Reported by FlawFinder.
lib/inet_ntop.c
6 issues
Line: 69
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
errno = ENOSPC;
return (NULL);
}
strcpy(dst, tmp);
return dst;
}
#ifdef ENABLE_IPV6
/*
Reported by FlawFinder.
Line: 166
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
errno = ENOSPC;
return (NULL);
}
strcpy(dst, tmp);
return dst;
}
#endif /* ENABLE_IPV6 */
/*
Reported by FlawFinder.
Line: 52
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static char *inet_ntop4 (const unsigned char *src, char *dst, size_t size)
{
char tmp[sizeof("255.255.255.255")];
size_t len;
DEBUGASSERT(size >= 16);
tmp[0] = '\0';
Reported by FlawFinder.
Line: 86
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Keep this in mind if you think this function should have been coded
* to use pointer overlays. All the world's not a VAX.
*/
char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
char *tp;
struct {
long base;
long len;
} best, cur;
Reported by FlawFinder.
Line: 64
Column: 9
CWE codes:
126
((int)((unsigned char)src[2])) & 0xff,
((int)((unsigned char)src[3])) & 0xff);
len = strlen(tmp);
if(len == 0 || len >= size) {
errno = ENOSPC;
return (NULL);
}
strcpy(dst, tmp);
Reported by FlawFinder.
Line: 148
Column: 13
CWE codes:
126
errno = ENOSPC;
return (NULL);
}
tp += strlen(tp);
break;
}
tp += msnprintf(tp, 5, "%lx", words[i]);
}
Reported by FlawFinder.
tests/libtest/lib1526.c
6 issues
Line: 41
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
int test(char *URL)
{
Reported by FlawFinder.
Line: 37
Column: 15
CWE codes:
126
static size_t read_callback(char *ptr, size_t size, size_t nmemb, void *stream)
{
size_t amount = nmemb * size; /* Total bytes curl wants */
if(amount < strlen(data)) {
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
Reported by FlawFinder.
Line: 38
Column: 12
CWE codes:
126
{
size_t amount = nmemb * size; /* Total bytes curl wants */
if(amount < strlen(data)) {
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
Reported by FlawFinder.
Line: 41
Column: 21
CWE codes:
126
return strlen(data);
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
int test(char *URL)
{
Reported by FlawFinder.
Line: 42
Column: 10
CWE codes:
126
}
(void)stream;
memcpy(ptr, data, strlen(data));
return strlen(data);
}
int test(char *URL)
{
CURL *curl = NULL;
Reported by FlawFinder.
Line: 88
Column: 47
CWE codes:
126
test_setopt(curl, CURLOPT_WRITEFUNCTION, fwrite);
test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L);
test_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(data));
res = curl_easy_perform(curl);
test_cleanup:
Reported by FlawFinder.
lib/content_encoding.c
5 issues
Line: 873
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
for(cep = encodings; *cep; cep++) {
ce = *cep;
if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT)) {
strcpy(p, ce->name);
p += strlen(p);
*p++ = ',';
*p++ = ' ';
}
}
Reported by FlawFinder.
Line: 493
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(!z->next_in) {
return exit_zlib(data, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY);
}
memcpy(z->next_in, buf, z->avail_in);
zp->zlib_init = ZLIB_GZIP_HEADER; /* Need more gzip header data state */
/* We don't have any data to inflate yet */
return CURLE_OK;
case GZIP_BAD:
Reported by FlawFinder.
Line: 516
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return exit_zlib(data, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY);
}
/* Append the new block of data to the previous one */
memcpy(z->next_in + z->avail_in - nbytes, buf, nbytes);
switch(check_gzip_header(z->next_in, z->avail_in, &hlen)) {
case GZIP_OK:
/* This is the zlib stream data */
free(z->next_in);
Reported by FlawFinder.
Line: 861
Column: 14
CWE codes:
126
for(cep = encodings; *cep; cep++) {
ce = *cep;
if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT))
len += strlen(ce->name) + 2;
}
if(!len)
return strdup(CONTENT_ENCODING_DEFAULT);
Reported by FlawFinder.
Line: 874
Column: 14
CWE codes:
126
ce = *cep;
if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT)) {
strcpy(p, ce->name);
p += strlen(p);
*p++ = ',';
*p++ = ' ';
}
}
p[-2] = '\0';
Reported by FlawFinder.
lib/conncache.c
5 issues
Line: 193
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct connectbundle *bundle = NULL;
CONNCACHE_LOCK(data);
if(connc) {
char key[HASHKEY_SIZE];
hashkey(conn, key, sizeof(key), hostp);
bundle = Curl_hash_pick(&connc->hash, key, strlen(key));
}
return bundle;
Reported by FlawFinder.
Line: 247
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NULL);
if(!bundle) {
int rc;
char key[HASHKEY_SIZE];
result = bundle_create(&bundle);
if(result) {
goto unlock;
}
Reported by FlawFinder.
Line: 542
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void Curl_conncache_close_all_connections(struct conncache *connc)
{
struct connectdata *conn;
char buffer[READBUFFER_MIN + 1];
if(!connc->closure_handle)
return;
connc->closure_handle->state.buffer = buffer;
connc->closure_handle->set.buffer_size = READBUFFER_MIN;
Reported by FlawFinder.
Line: 195
Column: 48
CWE codes:
126
if(connc) {
char key[HASHKEY_SIZE];
hashkey(conn, key, sizeof(key), hostp);
bundle = Curl_hash_pick(&connc->hash, key, strlen(key));
}
return bundle;
}
Reported by FlawFinder.
Line: 205
Column: 46
CWE codes:
126
char *key,
struct connectbundle *bundle)
{
void *p = Curl_hash_add(&connc->hash, key, strlen(key), bundle);
return p?TRUE:FALSE;
}
static void conncache_remove_bundle(struct conncache *connc,
Reported by FlawFinder.