The following issues were found
docs/examples/ftpupload.c
1 issues
Line: 88
Column: 12
CWE codes:
362
printf("Local file size: %" CURL_FORMAT_CURL_OFF_T " bytes.\n", fsize);
/* get a FILE * of the same file */
hd_src = fopen(LOCAL_FILE, "rb");
/* In windows, this will init the winsock stuff */
curl_global_init(CURL_GLOBAL_ALL);
/* get a curl handle */
Reported by FlawFinder.
docs/examples/ftpsget.c
1 issues
Line: 43
Column: 19
CWE codes:
362
struct FtpFile *out = (struct FtpFile *)stream;
if(!out->stream) {
/* open file for writing */
out->stream = fopen(out->filename, "wb");
if(!out->stream)
return -1; /* failure, can't open file to write */
}
return fwrite(buffer, size, nmemb, out->stream);
}
Reported by FlawFinder.
tests/unit/unit1621.c
1 issues
Line: 74
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rc = 0;
for(i = 0; tests[i].input; i++) {
url = (char *)tests[i].input;
cleanup = stripcredentials(&url);
printf("Test %u got input \"%s\", output: \"%s\"\n",
i, tests[i].input, url);
if(strcmp(tests[i].output, url)) {
Reported by FlawFinder.
lib/http_digest.c
1 issues
Line: 62
Column: 13
CWE codes:
126
if(!checkprefix("Digest", header) || !ISSPACE(header[6]))
return CURLE_BAD_CONTENT_ENCODING;
header += strlen("Digest");
while(*header && ISSPACE(*header))
header++;
return Curl_auth_decode_digest_http_message(header, digest);
}
Reported by FlawFinder.
lib/sockaddr.h
1 issues
Line: 37
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
struct sockaddr_storage sa_stor;
#else
char cbuf[256]; /* this should be big enough to fit a lot */
#endif
} buffer;
};
#endif /* HEADER_CURL_SOCKADDR_H */
Reported by FlawFinder.
lib/vauth/ntlm_sspi.c
1 issues
Line: 217
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ntlm->input_token = malloc(Curl_bufref_len(type2) + 1);
if(!ntlm->input_token)
return CURLE_OUT_OF_MEMORY;
memcpy(ntlm->input_token, Curl_bufref_ptr(type2), Curl_bufref_len(type2));
ntlm->input_token[Curl_bufref_len(type2)] = '\0';
ntlm->input_token_len = Curl_bufref_len(type2);
return CURLE_OK;
}
Reported by FlawFinder.
lib/vauth/spnego_gssapi.c
1 issues
Line: 112
Column: 24
CWE codes:
126
/* Populate the SPN structure */
spn_token.value = spn;
spn_token.length = strlen(spn);
/* Import the SPN */
major_status = gss_import_name(&minor_status, &spn_token,
GSS_C_NT_HOSTBASED_SERVICE,
&nego->spn);
Reported by FlawFinder.
lib/vauth/vauth.c
1 issues
Line: 133
Column: 50
CWE codes:
126
/* Check we have a domain name or UPN present */
char *p = strpbrk(user, "\\/@");
valid = (p != NULL && p > user && p < user + strlen(user) - 1 ? TRUE :
FALSE);
}
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
else
/* User and domain are obtained from the GSS-API credentials cache or the
Reported by FlawFinder.
lib/non-ascii.c
1 issues
Line: 67
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(!convbuf)
return CURLE_OUT_OF_MEMORY;
memcpy(convbuf, indata, insize);
result = Curl_convert_to_network(data, convbuf, insize);
if(result) {
free(convbuf);
return result;
}
Reported by FlawFinder.
lib/imap.h
1 issues
Line: 79
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct SASL sasl; /* SASL-related parameters */
unsigned int preftype; /* Preferred authentication type */
unsigned int cmdid; /* Last used command ID */
char resptag[5]; /* Response tag to wait for */
bool tls_supported; /* StartTLS capability supported by server */
bool login_disabled; /* LOGIN command disabled by server */
bool ir_supported; /* Initial response supported by server */
char *mailbox; /* The last selected mailbox */
char *mailbox_uidvalidity; /* UIDVALIDITY parsed from select response */
Reported by FlawFinder.