The following issues were found
src/tool_easysrc.c
1 issues
Line: 181
Column: 11
CWE codes:
362
FILE *out;
bool fopened = FALSE;
if(strcmp(o, "-")) {
out = fopen(o, FOPEN_WRITETEXT);
fopened = TRUE;
}
else
out = stdout;
if(!out)
Reported by FlawFinder.
lib/curl_ctype.c
1 issues
Line: 44
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#undef _B
#define _B (1<<7) /* blank */
static const unsigned char ascii[128] = {
_C, _C, _C, _C, _C, _C, _C, _C,
_C, _C|_S, _C|_S, _C|_S, _C|_S, _C|_S, _C, _C,
_C, _C, _C, _C, _C, _C, _C, _C,
_C, _C, _C, _C, _C, _C, _C, _C,
_S|_B, _P, _P, _P, _P, _P, _P, _P,
Reported by FlawFinder.
tests/unit/unit1600.c
1 issues
Line: 52
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(USE_NTLM) && (!defined(USE_WINDOWS_SSPI) || \
defined(USE_WIN32_CRYPTO))
unsigned char output[21];
unsigned char *testp = output;
Curl_ntlm_core_mk_nt_hash(easy, "1", output);
verify_memory(testp,
"\x69\x94\x3c\x5e\x63\xb4\xd2\xc1\x04\xdb"
Reported by FlawFinder.
docs/examples/ftp-wildcard.c
1 issues
Line: 120
Column: 20
CWE codes:
362
return CURL_CHUNK_BGN_FUNC_SKIP;
}
data->output = fopen(finfo->filename, "wb");
if(!data->output) {
return CURL_CHUNK_BGN_FUNC_FAIL;
}
}
Reported by FlawFinder.
lib/bufref.c
1 issues
Line: 121
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(!cpy)
return CURLE_OUT_OF_MEMORY;
if(len)
memcpy(cpy, ptr, len);
cpy[len] = '\0';
}
Curl_bufref_set(br, cpy, len, curl_free);
return CURLE_OK;
Reported by FlawFinder.
src/tool_operate.h
1 issues
Line: 53
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct HdrCbData hdrcbdata;
long num_headers;
bool was_last_header_empty;
char errorbuffer[CURL_ERROR_SIZE];
bool added; /* set TRUE when added to the multi handle */
time_t startat; /* when doing parallel transfers, this is a retry transfer
that has been set to sleep until this time before it
should get started (again) */
Reported by FlawFinder.
src/tool_operhlp.c
1 issues
Line: 184
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char *tdir = curlx_getenv("CURL_TESTDIR");
if(tdir) {
char buffer[512]; /* suitably large */
msnprintf(buffer, sizeof(buffer), "%s/%s", tdir, *filename);
Curl_safefree(*filename);
*filename = strdup(buffer); /* clone the buffer */
curl_free(tdir);
if(!*filename)
Reported by FlawFinder.
docs/examples/xmlstream.c
1 issues
Line: 81
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
mem->memory = ptr;
memcpy(&(mem->memory[mem->size]), s, len);
mem->size += len;
mem->memory[mem->size] = 0;
}
static void endElement(void *userData, const XML_Char *name)
Reported by FlawFinder.
docs/examples/url2file.c
1 issues
Line: 67
Column: 14
CWE codes:
362
curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, write_data);
/* open the file */
pagefile = fopen(pagefilename, "wb");
if(pagefile) {
/* write the page body to this file handle */
curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, pagefile);
Reported by FlawFinder.
docs/examples/sslbackend.c
1 issues
Line: 60
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return 0;
}
else if(isdigit((int)(unsigned char)*name)) {
int id = atoi(name);
result = curl_global_sslset((curl_sslbackend)id, NULL, NULL);
}
else
result = curl_global_sslset((curl_sslbackend)-1, name, NULL);
Reported by FlawFinder.