The following issues were found
lib/doh.h
2 issues
Line: 76
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dohaddr {
int type;
union {
unsigned char v4[4]; /* network byte order */
unsigned char v6[16];
} ip;
};
struct dohentry {
Reported by FlawFinder.
Line: 77
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int type;
union {
unsigned char v4[4]; /* network byte order */
unsigned char v6[16];
} ip;
};
struct dohentry {
struct dynbuf cname[DOH_MAX_CNAME];
Reported by FlawFinder.
tests/libtest/lib1506.c
2 issues
Line: 39
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int running;
CURLM *m = NULL;
int i;
char target_url[256];
char dnsentry[256];
struct curl_slist *slist = NULL, *slist2;
char *port = libtest_arg3;
char *address = libtest_arg2;
Reported by FlawFinder.
Line: 40
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CURLM *m = NULL;
int i;
char target_url[256];
char dnsentry[256];
struct curl_slist *slist = NULL, *slist2;
char *port = libtest_arg3;
char *address = libtest_arg2;
(void)URL;
Reported by FlawFinder.
tests/libtest/lib1510.c
2 issues
Line: 37
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int res = 0;
CURL *curl = NULL;
int i;
char target_url[256];
char dnsentry[256];
struct curl_slist *slist = NULL, *slist2;
char *port = libtest_arg3;
char *address = libtest_arg2;
Reported by FlawFinder.
Line: 38
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CURL *curl = NULL;
int i;
char target_url[256];
char dnsentry[256];
struct curl_slist *slist = NULL, *slist2;
char *port = libtest_arg3;
char *address = libtest_arg2;
(void)URL;
Reported by FlawFinder.
lib/vauth/oauth2.c
2 issues
Line: 75
Column: 31
CWE codes:
126
if(!oauth)
return CURLE_OUT_OF_MEMORY;
Curl_bufref_set(out, oauth, strlen(oauth), curl_free);
return CURLE_OK;
}
/*
* Curl_auth_create_xoauth_bearer_message()
Reported by FlawFinder.
Line: 102
Column: 32
CWE codes:
126
if(!xoauth)
return CURLE_OUT_OF_MEMORY;
Curl_bufref_set(out, xoauth, strlen(xoauth), curl_free);
return CURLE_OK;
}
#endif /* disabled, no users */
Reported by FlawFinder.
docs/examples/sendrecv.c
2 issues
Line: 131
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for(;;) {
/* Warning: This example program may loop indefinitely (see above). */
char buf[1024];
size_t nread;
do {
nread = 0;
res = curl_easy_recv(curl, buf, sizeof(buf), &nread);
Reported by FlawFinder.
Line: 64
Column: 24
CWE codes:
126
CURL *curl;
/* Minimalistic http request */
const char *request = "GET / HTTP/1.0\r\nHost: example.com\r\n\r\n";
size_t request_len = strlen(request);
/* A general note of caution here: if you're using curl_easy_recv() or
curl_easy_send() to implement HTTP or _any_ other protocol libcurl
supports "natively", you're doing it wrong and you should stop.
Reported by FlawFinder.
lib/vauth/spnego_sspi.c
2 issues
Line: 258
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
free(chlg);
if(GSS_ERROR(nego->status)) {
char buffer[STRERROR_LEN];
failf(data, "InitializeSecurityContext failed: %s",
Curl_sspi_strerror(nego->status, buffer, sizeof(buffer)));
if(nego->status == (DWORD)SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
Reported by FlawFinder.
Line: 272
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
nego->status == SEC_I_COMPLETE_AND_CONTINUE) {
nego->status = s_pSecFn->CompleteAuthToken(nego->context, &resp_desc);
if(GSS_ERROR(nego->status)) {
char buffer[STRERROR_LEN];
failf(data, "CompleteAuthToken failed: %s",
Curl_sspi_strerror(nego->status, buffer, sizeof(buffer)));
if(nego->status == (DWORD)SEC_E_INSUFFICIENT_MEMORY)
return CURLE_OUT_OF_MEMORY;
Reported by FlawFinder.
tests/libtest/lib552.c
2 issues
Line: 127
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static size_t current_offset = 0;
static char databuf[70000]; /* MUST be more than 64k OR
MAX_INITIAL_POST_SIZE */
static size_t read_callback(char *ptr, size_t size, size_t nmemb, void *stream)
{
size_t amount = nmemb * size; /* Total bytes curl wants */
Reported by FlawFinder.
Line: 137
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
give */
size_t given = amount < available ? amount : available; /* What is given */
(void)stream;
memcpy(ptr, databuf + current_offset, given);
current_offset += given;
return given;
}
Reported by FlawFinder.
lib/sha256.c
2 issues
Line: 263
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned __int64 length;
#endif
unsigned long state[8], curlen;
unsigned char buf[64];
};
typedef struct sha256_state SHA256_CTX;
/* The K array */
static const unsigned long K[64] = {
Reported by FlawFinder.
Line: 382
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
else {
n = CURLMIN(inlen, (block_size - md->curlen));
memcpy(md->buf + md->curlen, in, n);
md->curlen += n;
in += n;
inlen -= n;
if(md->curlen == block_size) {
if(sha256_compress(md, md->buf) < 0)
Reported by FlawFinder.
lib/pingpong.c
2 issues
Line: 304
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
failf(data, "cached response data too big to handle");
return CURLE_RECV_ERROR;
}
memcpy(ptr, pp->cache, pp->cache_size);
gotbytes = (ssize_t)pp->cache_size;
free(pp->cache); /* free the cache */
pp->cache = NULL; /* clear the pointer */
pp->cache_size = 0; /* zero the size just in case */
}
Reported by FlawFinder.
Line: 437
Column: 11
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pp->cache_size = clipamount;
pp->cache = malloc(pp->cache_size);
if(pp->cache)
memcpy(pp->cache, pp->linestart_resp, pp->cache_size);
else
return CURLE_OUT_OF_MEMORY;
}
if(restart) {
/* now reset a few variables to start over nicely from the start of
Reported by FlawFinder.
lib/parsedate.h
2 issues
Line: 25
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*
***************************************************************************/
extern const char * const Curl_wkday[7];
extern const char * const Curl_month[12];
CURLcode Curl_gmtime(time_t intime, struct tm *store);
/* Curl_getdate_capped() differs from curl_getdate() in that this will return
Reported by FlawFinder.
Line: 26
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
***************************************************************************/
extern const char * const Curl_wkday[7];
extern const char * const Curl_month[12];
CURLcode Curl_gmtime(time_t intime, struct tm *store);
/* Curl_getdate_capped() differs from curl_getdate() in that this will return
TIME_T_MAX in case the parsed time value was too big, instead of an
Reported by FlawFinder.