The following issues were found
packages/vms/curl_crtl_init.c
5 issues
Line: 201
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void set_features(void)
{
int status;
char unix_shell_name[255];
int use_unix_settings = 1;
status = sys_trnlnm("GNV$UNIX_SHELL",
unix_shell_name, sizeof unix_shell_name -1);
if (!$VMS_STATUS_SUCCESS(status)) {
Reported by FlawFinder.
Line: 124
Column: 29
CWE codes:
126
itlst[1].buflen = 0;
itlst[1].itmcode = 0;
name_dsc.dsc$w_length = strlen(logname);
name_dsc.dsc$a_pointer = (char *)logname;
name_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
name_dsc.dsc$b_class = DSC$K_CLASS_S;
status = SYS$TRNLNM(&attr, &table_dsc, &name_dsc, 0, itlst);
Reported by FlawFinder.
Line: 153
Column: 35
CWE codes:
126
struct itmlst_3 item_list[2];
proc_table_dsc.dsc$a_pointer = (char *) proc_table;
proc_table_dsc.dsc$w_length = strlen(proc_table);
proc_table_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
proc_table_dsc.dsc$b_class = DSC$K_CLASS_S;
logname_dsc.dsc$a_pointer = (char *) logname;
logname_dsc.dsc$w_length = strlen(logname);
Reported by FlawFinder.
Line: 158
Column: 32
CWE codes:
126
proc_table_dsc.dsc$b_class = DSC$K_CLASS_S;
logname_dsc.dsc$a_pointer = (char *) logname;
logname_dsc.dsc$w_length = strlen(logname);
logname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
logname_dsc.dsc$b_class = DSC$K_CLASS_S;
item_list[0].buflen = strlen(value);
item_list[0].itmcode = LNM$_STRING;
Reported by FlawFinder.
Line: 162
Column: 27
CWE codes:
126
logname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
logname_dsc.dsc$b_class = DSC$K_CLASS_S;
item_list[0].buflen = strlen(value);
item_list[0].itmcode = LNM$_STRING;
item_list[0].bufadr = (char *)value;
item_list[0].retlen = NULL;
item_list[1].buflen = 0;
Reported by FlawFinder.
lib/rtsp.c
5 issues
Line: 624
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return CURLE_OUT_OF_MEMORY;
}
rtspc->rtp_buf = newptr;
memcpy(rtspc->rtp_buf + rtspc->rtp_bufsize, k->str, *nread);
rtspc->rtp_bufsize += *nread;
rtp = rtspc->rtp_buf;
rtp_dataleft = rtspc->rtp_bufsize;
}
else {
Reported by FlawFinder.
Line: 696
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rtspc->rtp_bufsize = 0;
return CURLE_OUT_OF_MEMORY;
}
memcpy(scratch, rtp, rtp_dataleft);
Curl_safefree(rtspc->rtp_buf);
rtspc->rtp_buf = scratch;
rtspc->rtp_bufsize = rtp_dataleft;
/* As far as the transfer is concerned, this data is consumed */
Reported by FlawFinder.
Line: 830
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data->set.str[STRING_RTSP_SESSION_ID] = malloc(idlen + 1);
if(!data->set.str[STRING_RTSP_SESSION_ID])
return CURLE_OUT_OF_MEMORY;
memcpy(data->set.str[STRING_RTSP_SESSION_ID], start, idlen);
(data->set.str[STRING_RTSP_SESSION_ID])[idlen] = '\0';
}
}
return CURLE_OK;
}
Reported by FlawFinder.
Line: 519
Column: 44
CWE codes:
126
else {
postsize = (data->state.infilesize != -1)?
data->state.infilesize:
(data->set.postfields? (curl_off_t)strlen(data->set.postfields):0);
data->state.httpreq = HTTPREQ_POST;
}
if(putsize > 0 || postsize > 0) {
/* As stated in the http comments, it is probably not wise to
Reported by FlawFinder.
Line: 814
Column: 10
CWE codes:
126
if(data->set.str[STRING_RTSP_SESSION_ID]) {
/* If the Session ID is set, then compare */
if(strlen(data->set.str[STRING_RTSP_SESSION_ID]) != idlen ||
strncmp(start, data->set.str[STRING_RTSP_SESSION_ID], idlen) != 0) {
failf(data, "Got RTSP Session ID Line [%s], but wanted ID [%s]",
start, data->set.str[STRING_RTSP_SESSION_ID]);
return CURLE_RTSP_SESSION_ERROR;
}
Reported by FlawFinder.
lib/progress.c
5 issues
Line: 42
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
curl_off_t h;
if(seconds <= 0) {
strcpy(r, "--:--:--");
return;
}
h = seconds / CURL_OFF_T_C(3600);
if(h <= CURL_OFF_T_C(99)) {
curl_off_t m = (seconds - (h*CURL_OFF_T_C(3600))) / CURL_OFF_T_C(60);
Reported by FlawFinder.
Line: 458
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifndef CURL_DISABLE_PROGRESS_METER
static void progress_meter(struct Curl_easy *data)
{
char max5[6][10];
curl_off_t dlpercen = 0;
curl_off_t ulpercen = 0;
curl_off_t total_percen = 0;
curl_off_t total_transfer;
curl_off_t total_expected_transfer;
Reported by FlawFinder.
Line: 464
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
curl_off_t total_percen = 0;
curl_off_t total_transfer;
curl_off_t total_expected_transfer;
char time_left[10];
char time_total[10];
char time_spent[10];
curl_off_t ulestimate = 0;
curl_off_t dlestimate = 0;
curl_off_t total_estimate;
Reported by FlawFinder.
Line: 465
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
curl_off_t total_transfer;
curl_off_t total_expected_transfer;
char time_left[10];
char time_total[10];
char time_spent[10];
curl_off_t ulestimate = 0;
curl_off_t dlestimate = 0;
curl_off_t total_estimate;
curl_off_t timespent =
Reported by FlawFinder.
Line: 466
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
curl_off_t total_expected_transfer;
char time_left[10];
char time_total[10];
char time_spent[10];
curl_off_t ulestimate = 0;
curl_off_t dlestimate = 0;
curl_off_t total_estimate;
curl_off_t timespent =
(curl_off_t)data->progress.timespent/1000000; /* seconds */
Reported by FlawFinder.
docs/examples/evhiperfifo.c
5 issues
Line: 76
Column: 22
CWE codes:
134
Suggestion:
Use a constant for the format specification
#include <sys/stat.h>
#include <errno.h>
#define DPRINT(x...) printf(x)
#define MSG_OUT stdout /* Send info to stdout, change to stderr if you want */
/* Global information, common to all connections */
Reported by FlawFinder.
Line: 99
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CURL *easy;
char *url;
GlobalInfo *global;
char error[CURL_ERROR_SIZE];
} ConnInfo;
/* Information associated with a specific socket */
typedef struct _SockInfo
Reported by FlawFinder.
Line: 372
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* This gets called whenever data is received from the fifo */
static void fifo_cb(EV_P_ struct ev_io *w, int revents)
{
char s[1024];
long int rv = 0;
int n = 0;
GlobalInfo *g = (GlobalInfo *)w->data;
do {
Reported by FlawFinder.
Line: 409
Column: 12
CWE codes:
362
perror("mkfifo");
exit(1);
}
sockfd = open(fifo, O_RDWR | O_NONBLOCK, 0);
if(sockfd == -1) {
perror("open");
exit(1);
}
g->input = fdopen(sockfd, "r");
Reported by FlawFinder.
Line: 379
Column: 10
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
do {
s[0]='\0';
rv = fscanf(g->input, "%1023s%n", s, &n);
s[n]='\0';
if(n && s[0]) {
new_conn(s, g); /* if we read a URL, go get it! */
}
else
Reported by FlawFinder.
lib/md5.c
4 issues
Line: 244
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct md5_ctx {
MD5_u32plus lo, hi;
MD5_u32plus a, b, c, d;
unsigned char buffer[64];
MD5_u32plus block[16];
};
typedef struct md5_ctx MD5_CTX;
static void MD5_Init(MD5_CTX *ctx);
Reported by FlawFinder.
Line: 438
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned long available = 64 - used;
if(size < available) {
memcpy(&ctx->buffer[used], data, size);
return;
}
memcpy(&ctx->buffer[used], data, available);
data = (const unsigned char *)data + available;
Reported by FlawFinder.
Line: 442
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(&ctx->buffer[used], data, available);
data = (const unsigned char *)data + available;
size -= available;
body(ctx, ctx->buffer, 64);
}
Reported by FlawFinder.
Line: 453
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size &= 0x3f;
}
memcpy(ctx->buffer, data, size);
}
static void MD5_Final(unsigned char *result, MD5_CTX *ctx)
{
unsigned long used, available;
Reported by FlawFinder.
lib/ldap.c
4 issues
Line: 754
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
va_start(args, fmt);
vfprintf(stderr, fmt, args);
va_end(args);
}
#endif
#ifndef HAVE_LDAP_URL_PARSE
Reported by FlawFinder.
Line: 747
Column: 23
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
va_list args;
if(do_trace == -1) {
const char *env = getenv("CURL_TRACE");
do_trace = (env && strtol(env, NULL, 10) > 0);
}
if(!do_trace)
return;
Reported by FlawFinder.
Line: 540
Column: 18
CWE codes:
126
#else
char *dn = name = ldap_get_dn(server, entryIterator);
#endif
name_len = strlen(name);
result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"DN: ", 4);
if(result) {
FREE_ON_WINLDAP(name);
ldap_memfree(dn);
Reported by FlawFinder.
Line: 590
Column: 18
CWE codes:
126
#else
char *attr = attribute;
#endif
attr_len = strlen(attr);
vals = ldap_get_values_len(server, entryIterator, attribute);
if(vals != NULL) {
for(i = 0; (vals[i] != NULL); i++) {
result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\t", 1);
Reported by FlawFinder.
lib/inet_pton.c
4 issues
Line: 97
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static const char digits[] = "0123456789";
int saw_digit, octets, ch;
unsigned char tmp[INADDRSZ], *tp;
saw_digit = 0;
octets = 0;
tp = tmp;
*tp = 0;
Reported by FlawFinder.
Line: 132
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if(octets < 4)
return (0);
memcpy(dst, tmp, INADDRSZ);
return (1);
}
#ifdef ENABLE_IPV6
/* int
Reported by FlawFinder.
Line: 155
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static const char xdigits_l[] = "0123456789abcdef",
xdigits_u[] = "0123456789ABCDEF";
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
const char *curtok;
int ch, saw_xdigit;
size_t val;
memset((tp = tmp), 0, IN6ADDRSZ);
Reported by FlawFinder.
Line: 232
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if(tp != endp)
return (0);
memcpy(dst, tmp, IN6ADDRSZ);
return (1);
}
#endif /* ENABLE_IPV6 */
#endif /* HAVE_INET_PTON */
Reported by FlawFinder.
tests/libtest/lib555.c
4 issues
Line: 64
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if(size * nmemb > strlen(uploadthis)) {
fprintf(stderr, "READ!\n");
strcpy(ptr, uploadthis);
return strlen(uploadthis);
}
fprintf(stderr, "READ NOT FINE!\n");
return 0;
}
Reported by FlawFinder.
Line: 62
Column: 21
CWE codes:
126
}
(*counter)++; /* bump */
if(size * nmemb > strlen(uploadthis)) {
fprintf(stderr, "READ!\n");
strcpy(ptr, uploadthis);
return strlen(uploadthis);
}
fprintf(stderr, "READ NOT FINE!\n");
Reported by FlawFinder.
Line: 65
Column: 12
CWE codes:
126
if(size * nmemb > strlen(uploadthis)) {
fprintf(stderr, "READ!\n");
strcpy(ptr, uploadthis);
return strlen(uploadthis);
}
fprintf(stderr, "READ NOT FINE!\n");
return 0;
}
static curlioerr ioctlcallback(CURL *handle,
Reported by FlawFinder.
Line: 109
Column: 50
CWE codes:
126
easy_setopt(curl, CURLOPT_READDATA, &counter);
/* We CANNOT do the POST fine without setting the size (or choose
chunked)! */
easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(uploadthis));
easy_setopt(curl, CURLOPT_POST, 1L);
easy_setopt(curl, CURLOPT_PROXY, libtest_arg2);
easy_setopt(curl, CURLOPT_PROXYUSERPWD, libtest_arg3);
easy_setopt(curl, CURLOPT_PROXYAUTH,
Reported by FlawFinder.
lib/if2ip.c
4 issues
Line: 122
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(strcasecompare(iface->ifa_name, interf)) {
void *addr;
const char *ip;
char scope[12] = "";
char ipstr[64];
#ifdef ENABLE_IPV6
if(af == AF_INET6) {
#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
unsigned int scopeid = 0;
Reported by FlawFinder.
Line: 123
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *addr;
const char *ip;
char scope[12] = "";
char ipstr[64];
#ifdef ENABLE_IPV6
if(af == AF_INET6) {
#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
unsigned int scopeid = 0;
#endif
Reported by FlawFinder.
Line: 210
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return IF2IP_NOT_FOUND;
memset(&req, 0, sizeof(req));
memcpy(req.ifr_name, interf, len + 1);
req.ifr_addr.sa_family = AF_INET;
if(ioctl(dummy, SIOCGIFADDR, &req) < 0) {
sclose(dummy);
/* With SIOCGIFADDR, we cannot tell the difference between an interface
Reported by FlawFinder.
Line: 201
Column: 9
CWE codes:
126
if(!interf || (af != AF_INET))
return IF2IP_NOT_FOUND;
len = strlen(interf);
if(len >= sizeof(req.ifr_name))
return IF2IP_NOT_FOUND;
dummy = socket(AF_INET, SOCK_STREAM, 0);
if(CURL_SOCKET_BAD == dummy)
Reported by FlawFinder.
tests/libtest/lib547.c
4 issues
Line: 57
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if(size * nmemb > strlen(UPLOADTHIS)) {
fprintf(stderr, "READ!\n");
strcpy(ptr, UPLOADTHIS);
return strlen(UPLOADTHIS);
}
fprintf(stderr, "READ NOT FINE!\n");
return 0;
}
Reported by FlawFinder.
Line: 55
Column: 21
CWE codes:
126
}
(*counter)++; /* bump */
if(size * nmemb > strlen(UPLOADTHIS)) {
fprintf(stderr, "READ!\n");
strcpy(ptr, UPLOADTHIS);
return strlen(UPLOADTHIS);
}
fprintf(stderr, "READ NOT FINE!\n");
Reported by FlawFinder.
Line: 58
Column: 12
CWE codes:
126
if(size * nmemb > strlen(UPLOADTHIS)) {
fprintf(stderr, "READ!\n");
strcpy(ptr, UPLOADTHIS);
return strlen(UPLOADTHIS);
}
fprintf(stderr, "READ NOT FINE!\n");
return 0;
}
static curlioerr ioctlcallback(CURL *handle,
Reported by FlawFinder.
Line: 114
Column: 50
CWE codes:
126
test_setopt(curl, CURLOPT_READDATA, &counter);
/* We CANNOT do the POST fine without setting the size (or choose
chunked)! */
test_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(UPLOADTHIS));
#endif
test_setopt(curl, CURLOPT_POST, 1L);
test_setopt(curl, CURLOPT_PROXY, libtest_arg2);
test_setopt(curl, CURLOPT_PROXYUSERPWD, libtest_arg3);
test_setopt(curl, CURLOPT_PROXYAUTH,
Reported by FlawFinder.