The following issues were found
src/mongo/util/net/ssl_manager_windows.cpp
3 issues
Line: 1707
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ipAddrStruct.cbData == 4) {
struct sockaddr_in* sa = reinterpret_cast<struct sockaddr_in*>(&ss);
sa->sin_family = AF_INET;
memcpy(&(sa->sin_addr), ipAddrStruct.pbData, ipAddrStruct.cbData);
} else if (ipAddrStruct.cbData == 16) {
struct sockaddr_in6* sa = reinterpret_cast<struct sockaddr_in6*>(&ss);
sa->sin6_family = AF_INET6;
memcpy(&(sa->sin6_addr), ipAddrStruct.pbData, ipAddrStruct.cbData);
}
Reported by FlawFinder.
Line: 1711
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (ipAddrStruct.cbData == 16) {
struct sockaddr_in6* sa = reinterpret_cast<struct sockaddr_in6*>(&ss);
sa->sin6_family = AF_INET6;
memcpy(&(sa->sin6_addr), ipAddrStruct.pbData, ipAddrStruct.cbData);
}
names.push_back(
SockAddr(reinterpret_cast<sockaddr*>(&ss), sizeof(struct sockaddr_storage))
.getAddr());
}
Reported by FlawFinder.
Line: 530
Column: 27
CWE codes:
120
20
size_t bytes_transferred;
asio::error_code ec;
asio::ssl::detail::engine::want want =
conn->_engine.read(asio::mutable_buffer(buf, num), ec, bytes_transferred);
if (ec) {
throwSocketError(SocketErrorKind::RECV_ERROR, ec.message());
}
switch (want) {
Reported by FlawFinder.
src/mongo/util/net/ssl_manager.cpp
3 issues
Line: 617
MONGO_INITIALIZER_WITH_PREREQUISITES(SSLManagerLogger, ("SSLManager"))
(InitializerContext*) {
if (!isSSLServer || (sslGlobalParams.sslMode.load() != SSLParams::SSLMode_disabled)) {
const auto& config = SSLManagerCoordinator::get()->getSSLManager()->getSSLConfiguration();
if (!config.clientSubjectName.empty()) {
LOGV2_DEBUG(23214,
1,
"Client Certificate Name: {name}",
Reported by Cppcheck.
Line: 1045
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lengthBuffer.fill(0);
// Copy the length into the end of the buffer
memcpy(lengthBuffer.data() + (8 - lengthBytesCount), lengthLongFormPtr, lengthBytesCount);
// We now have 0x00..NN in the buffer and it can be properly decoded as BigEndian
derLength = ConstDataView(lengthBuffer.data()).read<BigEndian<uint64_t>>();
} else {
// Length is <= 127 bytes, i.e. short form of length
Reported by FlawFinder.
Line: 1048
Column: 56
CWE codes:
120
20
memcpy(lengthBuffer.data() + (8 - lengthBytesCount), lengthLongFormPtr, lengthBytesCount);
// We now have 0x00..NN in the buffer and it can be properly decoded as BigEndian
derLength = ConstDataView(lengthBuffer.data()).read<BigEndian<uint64_t>>();
} else {
// Length is <= 127 bytes, i.e. short form of length
derLength = initialLengthByte;
}
Reported by FlawFinder.
src/mongo/util/net/sockaddr.cpp
3 issues
Line: 218
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
SockAddr::SockAddr(const sockaddr* other, socklen_t size) : addressSize(size), _hostOrIp(), sa() {
memcpy(&sa, other, size);
_hostOrIp = toString(true);
_isValid = true;
}
SockAddr::SockAddr(const sockaddr* other, socklen_t size, StringData hostOrIp)
Reported by FlawFinder.
Line: 225
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SockAddr::SockAddr(const sockaddr* other, socklen_t size, StringData hostOrIp)
: addressSize(size), _hostOrIp(hostOrIp.toString()), sa() {
memcpy(&sa, other, size);
_isValid = true;
}
bool SockAddr::isIP() const {
return (getType() == AF_INET) || (getType() == AF_INET6);
Reported by FlawFinder.
Line: 309
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
case AF_INET:
case AF_INET6: {
const int buflen = 128;
char buffer[buflen];
int ret = getnameinfo(raw(), addressSize, buffer, buflen, nullptr, 0, NI_NUMERICHOST);
massert(
13082, str::stream() << "getnameinfo error " << getAddrInfoStrError(ret), ret == 0);
return buffer;
}
Reported by FlawFinder.
buildscripts/resmokelib/undodb/fetch.py
3 issues
Line: 81
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b310-urllib-urlopen
return out_file
try:
print(f"Downloading to '{out_file}'")
with urlopen(url) as fsrc, open(out_file, "wb") as fdst:
copyfileobj(fsrc, fdst) # type: ignore
except Exception as ex:
if ex is KeyboardInterrupt:
print("Cancelled download")
Reported by Bandit.
Line: 4
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
"""Subcommand for fetching UndoDB recordings from Evergreen."""
import os
from typing import List, Optional
import subprocess
import tempfile
from urllib.request import urlopen
from shutil import copyfileobj
import tarfile
Reported by Bandit.
Line: 41
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
if self._ticket:
raise NotImplementedError("Fetching recordings from JIRA tickets not yet implemented")
assert self._task_id
evg = RetryingEvergreenApi.get_api(use_config_file=True)
artifacts = evg.task_by_id(self._task_id).artifacts
url = _find_undodb_artifact_url(artifacts)
if not url:
Reported by Bandit.
src/third_party/mozjs-60/extract/js/src/jit/PerfSpewer.cpp
3 issues
Line: 77
Column: 27
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
void
js::jit::CheckPerf() {
if (!PerfChecked) {
const char* env = getenv("IONPERF");
if (env == nullptr) {
PerfMode = PERF_MODE_NONE;
fprintf(stderr, "Warning: JIT perf reporting requires IONPERF set to \"block\" or \"func\". ");
fprintf(stderr, "Perf mapping will be deactivated.\n");
} else if (!strcmp(env, "none")) {
Reported by FlawFinder.
Line: 60
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
openPerfMap(const char* dir)
{
const ssize_t bufferSize = 256;
char filenameBuffer[bufferSize];
if (snprintf(filenameBuffer, bufferSize, "%sperf-%d.map", dir, getpid()) >= bufferSize)
return false;
MOZ_ASSERT(!PerfFilePtr);
Reported by FlawFinder.
Line: 66
Column: 19
CWE codes:
362
return false;
MOZ_ASSERT(!PerfFilePtr);
PerfFilePtr = fopen(filenameBuffer, "a");
if (!PerfFilePtr)
return false;
return true;
Reported by FlawFinder.
src/mongo/util/md5main.cpp
3 issues
Line: 90
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < 7 * 2; i += 2) {
md5_state_t state;
md5_byte_t digest[16];
char hex_output[16 * 2 + 1];
int di;
md5_init(&state);
md5_append(&state, (const md5_byte_t*)test[i], strlen(test[i]));
md5_finish(&state, digest);
Reported by FlawFinder.
Line: 97
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
md5_append(&state, (const md5_byte_t*)test[i], strlen(test[i]));
md5_finish(&state, digest);
for (di = 0; di < 16; ++di)
sprintf(hex_output + di * 2, "%02x", digest[di]);
if (strcmp(hex_output, test[i + 1])) {
printf("MD5 (\"%s\") = ", test[i]);
puts(hex_output);
printf("**** ERROR, should be: %s\n", test[i + 1]);
status = 1;
Reported by FlawFinder.
Line: 94
Column: 56
CWE codes:
126
int di;
md5_init(&state);
md5_append(&state, (const md5_byte_t*)test[i], strlen(test[i]));
md5_finish(&state, digest);
for (di = 0; di < 16; ++di)
sprintf(hex_output + di * 2, "%02x", digest[di]);
if (strcmp(hex_output, test[i + 1])) {
printf("MD5 (\"%s\") = ", test[i]);
Reported by FlawFinder.
src/mongo/util/md5.cpp
3 issues
Line: 167
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
X = (const md5_word_t*)data;
} else {
/* not aligned */
memcpy(xbuf, data, 64);
X = xbuf;
}
}
#endif
#if BYTE_ORDER == 0
Reported by FlawFinder.
Line: 337
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (offset) {
int copy = (offset + nbytes > 64 ? 64 - offset : nbytes);
memcpy(pms->buf + offset, p, copy);
if (offset + copy < 64)
return;
p += copy;
left -= copy;
md5_process(pms, pms->buf);
Reported by FlawFinder.
Line: 351
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Process a final partial block. */
if (left)
memcpy(pms->buf, p, left);
}
void md5_finish(md5_state_t* pms, md5_byte_t digest[16]) {
static const md5_byte_t pad[64] = {0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/irregexp/RegExpEngine.cpp
3 issues
Line: 3282
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MOZ_ASSERT((ranges[i] & ~kMask) == base);
MOZ_ASSERT(start_index == 0 || (ranges[start_index - 1] & ~kMask) <= base);
char templ[kSize];
jit::Label* on_bit_set;
jit::Label* on_bit_clear;
int bit;
if (even_label == fall_through) {
on_bit_set = odd_label;
Reported by FlawFinder.
Line: 543
Column: 69
CWE codes:
120
20
do {
num_canonical = InsertRangeInCanonicalList(character_ranges,
num_canonical,
character_ranges[read]);
read++;
} while (read < n);
while (character_ranges.length() > num_canonical)
character_ranges.popBack();
Reported by FlawFinder.
Line: 545
Column: 14
CWE codes:
120
20
num_canonical,
character_ranges[read]);
read++;
} while (read < n);
while (character_ranges.length() > num_canonical)
character_ranges.popBack();
MOZ_ASSERT(CharacterRange::IsCanonical(character_ranges));
Reported by FlawFinder.
src/mongo/util/itoa.cpp
3 issues
Line: 91
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// {4, {'9','9','9','9'}} // 9999
struct Entry {
std::uint8_t width; // Number of digits to be printed when not zero-padded.
char s[kTableDigits];
};
template <int D0, int... Dn>
constexpr uint8_t printedWidth() {
const int kMag = sizeof...(Dn);
Reported by FlawFinder.
Line: 130
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
val /= kTableSize;
const auto& e = gTable[idx];
p -= kTableDigits;
memcpy(p, std::end(e.s) - kTableDigits, kTableDigits);
}
const auto& e = gTable[val];
auto n = e.width;
p -= n;
memcpy(p, std::end(e.s) - n, n);
Reported by FlawFinder.
Line: 135
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const auto& e = gTable[val];
auto n = e.width;
p -= n;
memcpy(p, std::end(e.s) - n, n);
_str = StringData(p, std::end(_buf) - p);
}
} // namespace mongo
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/ds/MemoryProtectionExceptionHandler.cpp
3 issues
Line: 454
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(dst.old_state) + stateSize);\
dst.flavor = flavor;\
dst.old_state_count = stateCount;\
memcpy(dst.old_state, state, stateSize);
# define COPY_EXCEPTION_REQUEST(bits)\
static void\
CopyExceptionRequest##bits(ExceptionRequest64& src,\
ExceptionRequest##bits& dst)\
Reported by FlawFinder.
Line: 142
Column: 26
CWE codes:
126
# if defined(XP_WIN)
DWORD bytesWritten;
BOOL ret = WriteFile(GetStdHandle(STD_ERROR_HANDLE), aStr,
strlen(aStr) + 1, &bytesWritten, nullptr);
# elif defined(ANDROID)
int ret = __android_log_write(ANDROID_LOG_FATAL, "MOZ_CRASH", aStr);
# else
ssize_t ret = write(STDERR_FILENO, aStr, strlen(aStr) + 1);
# endif
Reported by FlawFinder.
Line: 146
Column: 46
CWE codes:
126
# elif defined(ANDROID)
int ret = __android_log_write(ANDROID_LOG_FATAL, "MOZ_CRASH", aStr);
# else
ssize_t ret = write(STDERR_FILENO, aStr, strlen(aStr) + 1);
# endif
(void)ret; // Ignore failures; we're already crashing anyway.
#endif
}
Reported by FlawFinder.