The following issues were found
docs/examples/fopen.c
9 issues
Line: 121
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(&url->buffer[url->buffer_pos], buffer, size);
url->buffer_pos += size;
return size;
}
Reported by FlawFinder.
Line: 244
Column: 23
CWE codes:
362
if(!file)
return NULL;
file->handle.file = fopen(url, operation);
if(file->handle.file)
file->type = CFTYPE_FILE; /* marked as URL */
else {
file->type = CFTYPE_CURL; /* marked as URL */
Reported by FlawFinder.
Line: 357
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
want = file->buffer_pos;
/* xfer data to caller */
memcpy(ptr, file->buffer, want);
use_buffer(file, want);
want = want / size; /* number of items */
break;
Reported by FlawFinder.
Line: 405
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* xfer data to caller */
memcpy(ptr, file->buffer, want);
ptr[want] = 0;/* always null terminate */
use_buffer(file, want);
break;
Reported by FlawFinder.
Line: 461
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FILE *outf;
size_t nread;
char buffer[256];
const char *url;
if(argc < 2)
url = "http://192.168.7.3/testfile";/* default to testurl */
else
Reported by FlawFinder.
Line: 470
Column: 10
CWE codes:
362
url = argv[1];/* use passed url */
/* copy from url line by line with fgets */
outf = fopen(FGETSFILE, "wb+");
if(!outf) {
perror("couldn't open fgets output file\n");
return 1;
}
Reported by FlawFinder.
Line: 494
Column: 10
CWE codes:
362
/* Copy from url with fread */
outf = fopen(FREADFILE, "wb+");
if(!outf) {
perror("couldn't open fread output file\n");
return 1;
}
Reported by FlawFinder.
Line: 518
Column: 10
CWE codes:
362
/* Test rewind */
outf = fopen(REWINDFILE, "wb+");
if(!outf) {
perror("couldn't open fread output file\n");
return 1;
}
Reported by FlawFinder.
Line: 485
Column: 23
CWE codes:
126
while(!url_feof(handle)) {
url_fgets(buffer, sizeof(buffer), handle);
fwrite(buffer, 1, strlen(buffer), outf);
}
url_fclose(handle);
fclose(outf);
Reported by FlawFinder.
tests/libtest/lib537.c
9 issues
Line: 54
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int *fd = NULL;
static struct rlimit num_open;
static char msgbuff[256];
static void store_errmsg(const char *msg, int err)
{
if(!err)
msnprintf(msgbuff, sizeof(msgbuff), "%s", msg);
Reported by FlawFinder.
Line: 86
Column: 14
CWE codes:
362
fpa[i] = NULL;
}
for(i = 0; i < 3; i++) {
fpa[i] = fopen(DEV_NULL, FOPEN_READTEXT);
if(!fpa[i]) {
store_errmsg("fopen failed", errno);
fprintf(stderr, "%s\n", msgbuff);
ret = 0;
break;
Reported by FlawFinder.
Line: 108
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *memchunk = NULL;
char *fmt;
struct rlimit rl;
char strbuff[256];
char strbuff1[81];
char fmt_u[] = "%u";
char fmt_lu[] = "%lu";
#ifdef HAVE_LONGLONG
char fmt_llu[] = "%llu";
Reported by FlawFinder.
Line: 109
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *fmt;
struct rlimit rl;
char strbuff[256];
char strbuff1[81];
char fmt_u[] = "%u";
char fmt_lu[] = "%lu";
#ifdef HAVE_LONGLONG
char fmt_llu[] = "%llu";
Reported by FlawFinder.
Line: 133
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#ifdef RLIM_INFINITY
if(rl.rlim_cur == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_cur);
fprintf(stderr, "initial soft limit: %s\n", strbuff);
Reported by FlawFinder.
Line: 141
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#ifdef RLIM_INFINITY
if(rl.rlim_max == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_max);
fprintf(stderr, "initial hard limit: %s\n", strbuff);
Reported by FlawFinder.
Line: 193
Column: 7
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#ifdef RLIM_INFINITY
if(rl.rlim_cur == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_cur);
fprintf(stderr, "current soft limit: %s\n", strbuff);
Reported by FlawFinder.
Line: 201
Column: 7
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#ifdef RLIM_INFINITY
if(rl.rlim_max == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_max);
fprintf(stderr, "current hard limit: %s\n", strbuff);
Reported by FlawFinder.
Line: 318
Column: 11
CWE codes:
362
/* open a dummy descriptor */
fd[0] = open(DEV_NULL, O_RDONLY);
if(fd[0] < 0) {
msnprintf(strbuff, sizeof(strbuff), "opening of %s failed", DEV_NULL);
store_errmsg(strbuff, errno);
fprintf(stderr, "%s\n", msgbuff);
free(fd);
Reported by FlawFinder.
lib/curl_printf.h
9 issues
Line: 32
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#include <curl/mprintf.h>
# undef printf
# undef fprintf
# undef msnprintf
# undef vprintf
# undef vfprintf
# undef vsnprintf
Reported by FlawFinder.
Line: 33
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#include <curl/mprintf.h>
# undef printf
# undef fprintf
# undef msnprintf
# undef vprintf
# undef vfprintf
# undef vsnprintf
# undef aprintf
Reported by FlawFinder.
Line: 35
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
# undef printf
# undef fprintf
# undef msnprintf
# undef vprintf
# undef vfprintf
# undef vsnprintf
# undef aprintf
# undef vaprintf
# define printf curl_mprintf
Reported by FlawFinder.
Line: 36
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
# undef fprintf
# undef msnprintf
# undef vprintf
# undef vfprintf
# undef vsnprintf
# undef aprintf
# undef vaprintf
# define printf curl_mprintf
# define fprintf curl_mfprintf
Reported by FlawFinder.
Line: 37
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
# undef msnprintf
# undef vprintf
# undef vfprintf
# undef vsnprintf
# undef aprintf
# undef vaprintf
# define printf curl_mprintf
# define fprintf curl_mfprintf
# define msnprintf curl_msnprintf
Reported by FlawFinder.
Line: 40
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
# undef vsnprintf
# undef aprintf
# undef vaprintf
# define printf curl_mprintf
# define fprintf curl_mfprintf
# define msnprintf curl_msnprintf
# define vprintf curl_mvprintf
# define vfprintf curl_mvfprintf
# define mvsnprintf curl_mvsnprintf
Reported by FlawFinder.
Line: 41
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
# undef aprintf
# undef vaprintf
# define printf curl_mprintf
# define fprintf curl_mfprintf
# define msnprintf curl_msnprintf
# define vprintf curl_mvprintf
# define vfprintf curl_mvfprintf
# define mvsnprintf curl_mvsnprintf
# define aprintf curl_maprintf
Reported by FlawFinder.
Line: 43
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define printf curl_mprintf
# define fprintf curl_mfprintf
# define msnprintf curl_msnprintf
# define vprintf curl_mvprintf
# define vfprintf curl_mvfprintf
# define mvsnprintf curl_mvsnprintf
# define aprintf curl_maprintf
# define vaprintf curl_mvaprintf
#endif /* HEADER_CURL_PRINTF_H */
Reported by FlawFinder.
Line: 44
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define fprintf curl_mfprintf
# define msnprintf curl_msnprintf
# define vprintf curl_mvprintf
# define vfprintf curl_mvfprintf
# define mvsnprintf curl_mvsnprintf
# define aprintf curl_maprintf
# define vaprintf curl_mvaprintf
#endif /* HEADER_CURL_PRINTF_H */
Reported by FlawFinder.
src/tool_paramhlp.c
8 issues
Line: 70
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct curlx_dynbuf dyn;
curlx_dyn_init(&dyn, MAX_FILE2STRING);
if(file) {
char buffer[256];
while(fgets(buffer, sizeof(buffer), file)) {
char *ptr = strchr(buffer, '\r');
if(ptr)
*ptr = '\0';
Reported by FlawFinder.
Line: 96
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct curlx_dynbuf dyn;
curlx_dyn_init(&dyn, MAX_FILE2MEMORY);
do {
char buffer[4096];
nread = fread(buffer, 1, sizeof(buffer), file);
if(nread)
if(curlx_dyn_addn(&dyn, buffer, nread))
return PARAM_NO_MEM;
} while(nread);
Reported by FlawFinder.
Line: 456
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(!psep && **userpwd != ';') {
/* no password present, prompt for one */
char passwd[2048] = "";
char prompt[256];
struct curlx_dynbuf dyn;
curlx_dyn_init(&dyn, MAX_USERPWDLENGTH);
if(osep)
Reported by FlawFinder.
Line: 457
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(!psep && **userpwd != ';') {
/* no password present, prompt for one */
char passwd[2048] = "";
char prompt[256];
struct curlx_dynbuf dyn;
curlx_dyn_init(&dyn, MAX_USERPWDLENGTH);
if(osep)
*osep = '\0';
Reported by FlawFinder.
Line: 119
Column: 18
CWE codes:
126
* argument out so that the username:password isn't displayed in the
* system process list */
if(str) {
size_t len = strlen(str);
memset(str, ' ', len);
}
#else
(void)str;
#endif
Reported by FlawFinder.
Line: 144
Column: 44
CWE codes:
126
num = strtol(str, &endptr, base);
if(errno == ERANGE)
return PARAM_NUMBER_TOO_LARGE;
if((endptr != str) && (endptr == str + strlen(str))) {
*val = num;
return PARAM_OK; /* Ok */
}
}
return PARAM_BAD_NUMERIC; /* badness */
Reported by FlawFinder.
Line: 237
Column: 44
CWE codes:
126
/* too large */
return PARAM_NUMBER_TOO_LARGE;
}
if((endptr != str) && (endptr == str + strlen(str))) {
*val = num;
return PARAM_OK; /* Ok */
}
}
return PARAM_BAD_NUMERIC; /* badness */
Reported by FlawFinder.
Line: 430
Column: 42
CWE codes:
126
if((*val == LONG_MIN || *val == LONG_MAX) && errno == ERANGE)
return PARAM_NUMBER_TOO_LARGE;
#endif
if((endptr != str) && (endptr == str + strlen(str)))
return PARAM_OK;
return PARAM_BAD_NUMERIC;
}
Reported by FlawFinder.
tests/libtest/lib1900.c
8 issues
Line: 33
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_BLOCKLIST 20
static int urltime[MAX_URLS];
static char *urlstring[MAX_URLS];
static CURL *handles[MAX_URLS];
static char *site_blocklist[MAX_BLOCKLIST];
static char *server_blocklist[MAX_BLOCKLIST];
static int num_handles;
static int blocklist_num_servers;
Reported by FlawFinder.
Line: 35
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int urltime[MAX_URLS];
static char *urlstring[MAX_URLS];
static CURL *handles[MAX_URLS];
static char *site_blocklist[MAX_BLOCKLIST];
static char *server_blocklist[MAX_BLOCKLIST];
static int num_handles;
static int blocklist_num_servers;
static int blocklist_num_sites;
Reported by FlawFinder.
Line: 36
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *urlstring[MAX_URLS];
static CURL *handles[MAX_URLS];
static char *site_blocklist[MAX_BLOCKLIST];
static char *server_blocklist[MAX_BLOCKLIST];
static int num_handles;
static int blocklist_num_servers;
static int blocklist_num_sites;
static size_t
Reported by FlawFinder.
Line: 55
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
FILE *f;
int filetime;
char buf[200];
num_handles = 0;
blocklist_num_sites = 0;
blocklist_num_servers = 0;
Reported by FlawFinder.
Line: 61
Column: 7
CWE codes:
362
blocklist_num_sites = 0;
blocklist_num_servers = 0;
f = fopen(filename, "rb");
if(!f)
return 0;
while(!feof(f)) {
if(fscanf(f, "%d %199s\n", &filetime, buf)) {
Reported by FlawFinder.
Line: 114
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void setup_handle(char *base_url, CURLM *m, int handlenum)
{
char urlbuf[256];
msnprintf(urlbuf, sizeof(urlbuf), "%s%s", base_url, urlstring[handlenum]);
curl_easy_setopt(handles[handlenum], CURLOPT_URL, urlbuf);
curl_easy_setopt(handles[handlenum], CURLOPT_VERBOSE, 1L);
curl_easy_setopt(handles[handlenum], CURLOPT_FAILONERROR, 1L);
Reported by FlawFinder.
Line: 66
Column: 8
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
return 0;
while(!feof(f)) {
if(fscanf(f, "%d %199s\n", &filetime, buf)) {
urltime[num_handles] = filetime;
urlstring[num_handles] = strdup(buf);
num_handles++;
continue;
}
Reported by FlawFinder.
Line: 73
Column: 8
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
continue;
}
if(fscanf(f, "blocklist_site %199s\n", buf)) {
site_blocklist[blocklist_num_sites] = strdup(buf);
blocklist_num_sites++;
continue;
}
Reported by FlawFinder.
src/tool_parsecfg.c
8 issues
Line: 50
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef WIN32
static FILE *execpath(const char *filename)
{
char filebuffer[512];
/* Get the filename of our executable. GetModuleFileName is already declared
* via inclusions done in setup header file. We assume that we are using
* the ASCII version here.
*/
unsigned long len = GetModuleFileNameA(0, filebuffer, sizeof(filebuffer));
Reported by FlawFinder.
Line: 66
Column: 16
CWE codes:
362
remaining = sizeof(filebuffer) - strlen(filebuffer);
if(strlen(filename) < remaining - 1) {
msnprintf(lastdirchar, remaining, "%s%s", DIR_CHAR, filename);
return fopen(filebuffer, FOPEN_READTEXT);
}
}
}
return NULL;
Reported by FlawFinder.
Line: 113
Column: 16
CWE codes:
362
}
/* Check if the file exists - if not, try _curlrc */
file = fopen(pathalloc, FOPEN_READTEXT);
if(file) {
filename = pathalloc;
break;
}
prefix = '_';
Reported by FlawFinder.
Line: 134
Column: 14
CWE codes:
362
if(!file && filename) { /* no need to fopen() again */
if(strcmp(filename, "-"))
file = fopen(filename, FOPEN_READTEXT);
else
file = stdin;
}
if(file) {
Reported by FlawFinder.
Line: 353
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool my_get_line(FILE *fp, struct curlx_dynbuf *db,
bool *error)
{
char buf[4096];
*error = FALSE;
do {
/* fgets() returns s on success, and NULL on error or when end of file
occurs while no characters have been read. */
if(!fgets(buf, sizeof(buf), fp))
Reported by FlawFinder.
Line: 63
Column: 40
CWE codes:
126
size_t remaining;
*lastdirchar = 0;
/* If we have enough space, build the RC filename */
remaining = sizeof(filebuffer) - strlen(filebuffer);
if(strlen(filename) < remaining - 1) {
msnprintf(lastdirchar, remaining, "%s%s", DIR_CHAR, filename);
return fopen(filebuffer, FOPEN_READTEXT);
}
}
Reported by FlawFinder.
Line: 64
Column: 10
CWE codes:
126
*lastdirchar = 0;
/* If we have enough space, build the RC filename */
remaining = sizeof(filebuffer) - strlen(filebuffer);
if(strlen(filename) < remaining - 1) {
msnprintf(lastdirchar, remaining, "%s%s", DIR_CHAR, filename);
return fopen(filebuffer, FOPEN_READTEXT);
}
}
}
Reported by FlawFinder.
Line: 199
Column: 24
CWE codes:
126
if(*line == '\"') {
/* quoted parameter, do the quote dance */
line++;
param = malloc(strlen(line) + 1); /* parameter */
if(!param) {
/* out of memory */
rc = 1;
break;
}
Reported by FlawFinder.
lib/sendf.c
8 issues
Line: 272
Column: 7
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
len = mvsnprintf(error, CURL_ERROR_SIZE, fmt, ap);
if(data->set.errorbuffer && !data->state.errorbuf) {
strcpy(data->set.errorbuffer, error);
data->state.errorbuf = TRUE; /* wrote error string */
}
error[len++] = '\n';
error[len] = '\0';
Curl_debug(data, CURLINFO_TEXT, error, len);
Reported by FlawFinder.
Line: 308
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
{
/* Allow debug builds to override this logic to force short sends
*/
char *p = getenv("CURL_SMALLSENDS");
if(p) {
size_t altsize = (size_t)strtoul(p, NULL, 10);
if(altsize)
len = CURLMIN(len, altsize);
}
Reported by FlawFinder.
Line: 207
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(psnd->recv_size > psnd->recv_processed) {
DEBUGASSERT(psnd->bindsock == conn->sock[num]);
copysize = CURLMIN(len, psnd->recv_size - psnd->recv_processed);
memcpy(buf, psnd->buffer + psnd->recv_processed, copysize);
psnd->recv_processed += copysize;
}
else
copysize = 0; /* buffer was allocated, but nothing was received */
Reported by FlawFinder.
Line: 247
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(data && data->set.verbose) {
va_list ap;
size_t len;
char buffer[MAXINFO + 2];
va_start(ap, fmt);
len = mvsnprintf(buffer, MAXINFO, fmt, ap);
va_end(ap);
buffer[len++] = '\n';
buffer[len] = '\0';
Reported by FlawFinder.
Line: 267
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(data->set.verbose || data->set.errorbuffer) {
va_list ap;
size_t len;
char error[CURL_ERROR_SIZE + 2];
va_start(ap, fmt);
len = mvsnprintf(error, CURL_ERROR_SIZE, fmt, ap);
if(data->set.errorbuffer && !data->state.errorbuf) {
strcpy(data->set.errorbuffer, error);
Reported by FlawFinder.
Line: 391
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*code = CURLE_AGAIN;
}
else {
char buffer[STRERROR_LEN];
failf(data, "Send failure: %s",
Curl_strerror(err, buffer, sizeof(buffer)));
data->state.os_errno = err;
*code = CURLE_SEND_ERROR;
}
Reported by FlawFinder.
Line: 462
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*code = CURLE_AGAIN;
}
else {
char buffer[STRERROR_LEN];
failf(data, "Recv failure: %s",
Curl_strerror(err, buffer, sizeof(buffer)));
data->state.os_errno = err;
*code = CURLE_RECV_ERROR;
}
Reported by FlawFinder.
Line: 715
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int rc = 0;
if(data->set.verbose) {
static const char s_infotype[CURLINFO_END][3] = {
"* ", "< ", "> ", "{ ", "} ", "{ ", "} " };
#ifdef CURL_DOES_CONVERSIONS
char *buf = NULL;
size_t conv_size = 0;
Reported by FlawFinder.
lib/setopt.c
8 issues
Line: 104
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(blob->flags & CURL_BLOB_COPY) {
/* put the data after the blob struct in memory */
nblob->data = (char *)nblob + sizeof(struct curl_blob);
memcpy(nblob->data, blob->data, blob->len);
}
*blobp = nblob;
return CURLE_OK;
}
Reported by FlawFinder.
Line: 482
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
result = CURLE_OUT_OF_MEMORY;
else {
if(data->set.postfieldsize)
memcpy(p, argptr, (size_t)data->set.postfieldsize);
data->set.str[STRING_COPYPOSTFIELDS] = p;
}
}
}
Reported by FlawFinder.
Line: 68
Column: 20
CWE codes:
126
char *str = strdup(s);
if(str) {
size_t len = strlen(str);
if(len > CURL_MAX_INPUT_LENGTH) {
free(str);
return CURLE_BAD_FUNCTION_ARGUMENT;
}
}
Reported by FlawFinder.
Line: 123
Column: 47
CWE codes:
126
/* Parse the login details if specified. It not then we treat NULL as a hint
to clear the existing data */
if(option) {
result = Curl_parse_login_details(option, strlen(option),
(userp ? &user : NULL),
(passwdp ? &passwd : NULL),
NULL);
}
Reported by FlawFinder.
Line: 745
Column: 10
CWE codes:
126
if(argptr) {
struct curl_slist *cl;
/* general protection against mistakes and abuse */
if(strlen(argptr) > CURL_MAX_INPUT_LENGTH)
return CURLE_BAD_FUNCTION_ARGUMENT;
/* append the cookie file name to the list of file names, and deal with
them later */
cl = curl_slist_append(data->state.cookielist, argptr);
if(!cl) {
Reported by FlawFinder.
Line: 846
Column: 10
CWE codes:
126
data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE);
/* general protection against mistakes and abuse */
if(strlen(argptr) > CURL_MAX_INPUT_LENGTH)
return CURLE_BAD_FUNCTION_ARGUMENT;
argptr = strdup(argptr);
if(!argptr || !data->cookies) {
result = CURLE_OUT_OF_MEMORY;
free(argptr);
Reported by FlawFinder.
Line: 2777
Column: 39
CWE codes:
126
case CURLOPT_TLSAUTH_TYPE:
argptr = va_arg(param, char *);
if(!argptr ||
strncasecompare(argptr, "SRP", strlen("SRP")))
data->set.ssl.authtype = CURL_TLSAUTH_SRP;
else
data->set.ssl.authtype = CURL_TLSAUTH_NONE;
break;
#ifndef CURL_DISABLE_PROXY
Reported by FlawFinder.
Line: 2786
Column: 39
CWE codes:
126
case CURLOPT_PROXY_TLSAUTH_TYPE:
argptr = va_arg(param, char *);
if(!argptr ||
strncasecompare(argptr, "SRP", strlen("SRP")))
data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP;
else
data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE;
break;
#endif
Reported by FlawFinder.
lib/pop3.c
8 issues
Line: 432
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pop3_conn *pop3c = &conn->proto.pop3c;
size_t i;
struct MD5_context *ctxt;
unsigned char digest[MD5_DIGEST_LEN];
char secret[2 * MD5_DIGEST_LEN + 1];
/* Check we have a username and password to authenticate with and end the
connect phase if we don't */
if(!conn->bits.user_passwd) {
Reported by FlawFinder.
Line: 433
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t i;
struct MD5_context *ctxt;
unsigned char digest[MD5_DIGEST_LEN];
char secret[2 * MD5_DIGEST_LEN + 1];
/* Check we have a username and password to authenticate with and end the
connect phase if we don't */
if(!conn->bits.user_passwd) {
state(data, POP3_STOP);
Reported by FlawFinder.
Line: 658
Column: 11
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
/* Copy the timestamp */
memcpy(pop3c->apoptimestamp, line + i, timestamplen);
pop3c->apoptimestamp[timestamplen] = '\0';
/* If the timestamp does not contain '@' it is not (as required by
RFC-1939) conformant to the RFC-822 message id syntax, and we
therefore do not use APOP authentication. */
Reported by FlawFinder.
Line: 256
Column: 16
CWE codes:
126
*/
static void pop3_get_message(char *buffer, char **outptr)
{
size_t len = strlen(buffer);
char *message = NULL;
if(len > 2) {
/* Find the start of the message */
len -= 2;
Reported by FlawFinder.
Line: 449
Column: 32
CWE codes:
126
return CURLE_OUT_OF_MEMORY;
Curl_MD5_update(ctxt, (const unsigned char *) pop3c->apoptimestamp,
curlx_uztoui(strlen(pop3c->apoptimestamp)));
Curl_MD5_update(ctxt, (const unsigned char *) conn->passwd,
curlx_uztoui(strlen(conn->passwd)));
/* Finalise the digest */
Reported by FlawFinder.
Line: 452
Column: 32
CWE codes:
126
curlx_uztoui(strlen(pop3c->apoptimestamp)));
Curl_MD5_update(ctxt, (const unsigned char *) conn->passwd,
curlx_uztoui(strlen(conn->passwd)));
/* Finalise the digest */
Curl_MD5_final(ctxt, digest);
/* Convert the calculated 16 octet digest into a 32 byte hex string */
Reported by FlawFinder.
Line: 630
Column: 16
CWE codes:
126
struct connectdata *conn = data->conn;
struct pop3_conn *pop3c = &conn->proto.pop3c;
const char *line = data->state.buffer;
size_t len = strlen(line);
(void)instate; /* no use for this yet */
if(pop3code != '+') {
failf(data, "Got unexpected pop3-server response");
Reported by FlawFinder.
Line: 689
Column: 16
CWE codes:
126
struct connectdata *conn = data->conn;
struct pop3_conn *pop3c = &conn->proto.pop3c;
const char *line = data->state.buffer;
size_t len = strlen(line);
(void)instate; /* no use for this yet */
/* Do we have a untagged continuation response? */
if(pop3code == '*') {
Reported by FlawFinder.
lib/vtls/mbedtls.c
8 issues
Line: 86
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mbedtls_x509_crl crl;
mbedtls_pk_context pk;
mbedtls_ssl_config config;
const char *protocols[3];
};
/* apply threading? */
#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
#define THREADING_SUPPORT
Reported by FlawFinder.
Line: 284
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const long int port = SSL_HOST_PORT();
#endif
int ret = -1;
char errorbuf[128];
if((SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) ||
(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv3)) {
failf(data, "Not supported SSL version");
return CURLE_NOT_BUILT_IN;
Reported by FlawFinder.
Line: 616
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return CURLE_OK;
}
else if(ret) {
char errorbuf[128];
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
failf(data, "ssl_handshake returned - mbedTLS: (-0x%04X) %s",
-ret, errorbuf);
return CURLE_SSL_CONNECT_ERROR;
}
Reported by FlawFinder.
Line: 672
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int size;
CURLcode result;
mbedtls_x509_crt *p;
unsigned char pubkey[PUB_DER_MAX_BYTES];
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
if(!peercert || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p) ||
!peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len)) {
#else
Reported by FlawFinder.
Line: 851
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
char buf[32];
(void) data;
/* Maybe the server has already sent a close notify alert.
Read it to avoid an RST on the TCP connection. */
(void)mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, sizeof(buf));
Reported by FlawFinder.
Line: 920
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
#if defined(MBEDTLS_CTR_DRBG_C)
int ret = -1;
char errorbuf[128];
mbedtls_entropy_context ctr_entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_init(&ctr_entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
Reported by FlawFinder.
Line: 404
Column: 43
CWE codes:
126
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
ret = mbedtls_pk_parse_key(&backend->pk, key_data, ssl_key_blob->len,
(const unsigned char *)passwd,
passwd ? strlen(passwd) : 0,
mbedtls_ctr_drbg_random,
&backend->ctr_drbg);
#else
ret = mbedtls_pk_parse_key(&backend->pk, key_data, ssl_key_blob->len,
(const unsigned char *)passwd,
Reported by FlawFinder.
Line: 410
Column: 43
CWE codes:
126
#else
ret = mbedtls_pk_parse_key(&backend->pk, key_data, ssl_key_blob->len,
(const unsigned char *)passwd,
passwd ? strlen(passwd) : 0);
#endif
if(ret) {
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
failf(data, "Error parsing private key - mbedTLS: (-0x%04X) %s",
Reported by FlawFinder.