Codekhana

src/third_party/boost/boost/random/detail/const_mod.hpp

1 issues

random - This function is not sufficiently random for security-related functions such as key and nonce creation

Security

Line: 28 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values

              #include <boost/random/detail/disable_warnings.hpp>

namespace boost {
namespace random {

template<class IntType, IntType m>
class const_mod
{
public:

Reported by FlawFinder.

src/third_party/icu4c-57.1/source/i18n/utrans.cpp

1 issues

There is an unknown macro here somewhere. Configuration is required. If UOBJECT_DEFINE_RTTI_IMPLEMENTATION is a macro then please configure it.

Error

Line: 86

                  virtual UChar32 getChar32At(int32_t offset) const;
};

UOBJECT_DEFINE_RTTI_IMPLEMENTATION(ReplaceableGlue)

ReplaceableGlue::ReplaceableGlue(UReplaceable *replaceable,
                                 UReplaceableCallbacks *funcCallback)
  : Replaceable()
{

Reported by Cppcheck.

src/third_party/icu4c-57.1/source/stubdata/stubdata.c

1 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 29 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  uint16_t headerSize;
    uint8_t magic1, magic2;
    UDataInfo info;
    char padding[8];
    uint32_t count, reserved;
    /*
    const struct {
    const char *const name; 
    const void *const data;

Reported by FlawFinder.

src/third_party/kms-message/src/hexlify.c

1 issues

sprintf - Does not check for buffer overflows

Security

Line: 33 Column: 12 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

                 size_t i;

   for (i = 0; i < len; i++) {
      p += sprintf (p, "%02x", buf[i]);
   }

   *p = '\0';

   return hex_chars;

Reported by FlawFinder.

src/third_party/kms-message/src/kms_crypto_apple.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 141 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                 if (!signature_ref) {
      goto cleanup;
   }
   memcpy (signature_out,
           CFDataGetBytePtr (signature_ref),
           CFDataGetLength (signature_ref));

   ret = true;
cleanup:

Reported by FlawFinder.

src/third_party/kms-message/src/kms_message.c

1 issues

vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate

Security

Line: 32 Column: 11 CWE codes: 134
Suggestion: Use a constant for the format specification

                 va_list va;

   va_start (va, fmt);
   (void) vsnprintf (error, size, fmt, va);
   va_end (va);
}

int
kms_message_init (void)

Reported by FlawFinder.

src/third_party/kms-message/src/kms_port.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 28 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                    return 0;
   }

   memcpy (dst, src, len);
   dst[len] = '\0';

   return dst;
}
#endif

Reported by FlawFinder.

src/third_party/kms-message/src/kms_response_parser.c

1 issues

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]

Security

Line: 107 Column: 4 CWE codes: 120

              
   bool ret;

   strncpy (num_str, str + start, end - start);
   num_str[end - start] = '\0';
   ret = _parse_int (num_str, result);
   free (num_str);
   return ret;
}

Reported by FlawFinder.

src/third_party/boost/boost/random/beta_distribution.hpp

1 issues

random - This function is not sufficiently random for security-related functions such as key and nonce creation

Security

Line: 23 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values

              #include <boost/random/gamma_distribution.hpp>

namespace boost {
namespace random {

/**
 * The beta distribution is a real-valued distribution which produces
 * values in the range [0, 1].  It has two parameters, alpha and beta.
 *

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/public/Principals.h

1 issues

read - Check buffer boundaries if used in a loop including recursive loops

Security

Line: 129 Column: 65 CWE codes: 120 20

               * buffer. The initialization can be done only once per JS runtime.
 */
extern JS_PUBLIC_API(void)
JS_InitReadPrincipalsCallback(JSContext* cx, JSReadPrincipalsOp read);


#endif  /* js_Principals_h */

Reported by FlawFinder.

Modal title

The following issues were found

src/third_party/boost/boost/random/detail/const_mod.hpp

1 issues

src/third_party/icu4c-57.1/source/i18n/utrans.cpp

1 issues

src/third_party/icu4c-57.1/source/stubdata/stubdata.c

1 issues

src/third_party/kms-message/src/hexlify.c

1 issues

src/third_party/kms-message/src/kms_crypto_apple.c

1 issues

src/third_party/kms-message/src/kms_message.c

1 issues

src/third_party/kms-message/src/kms_port.c

1 issues

src/third_party/kms-message/src/kms_response_parser.c

1 issues

src/third_party/boost/boost/random/beta_distribution.hpp

1 issues

src/third_party/mozjs-60/extract/js/public/Principals.h

1 issues