The following issues were found
src/mongo/util/net/sock.cpp
1 issues
Line: 729
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// is a clean hangup.
const int testBufLength = 1024;
char testBuf[testBufLength];
int recvd = ::recv(_fd, testBuf, testBufLength, portRecvFlags);
if (recvd < 0) {
// An error occurred during recv, warn and log errno
Reported by FlawFinder.
src/mongo/util/net/sock_test.cpp
1 issues
Line: 267
FailPoint& _fp;
};
TEST_F(SocketFailPointTest, TestSend) {
ASSERT_TRUE(trySend());
ASSERT_TRUE(tryRecv());
{
const ScopedFailPointEnabler enabled(*_failPoint);
auto expectedEx =
Reported by Cppcheck.
src/mongo/util/net/sockaddr.h
1 issues
Line: 61
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// This won't actually be used on windows
struct sockaddr_un {
short sun_family;
char sun_path[108]; // length from unix header
};
#endif // _WIN32
// Generate a string representation for getaddrinfo return codes
Reported by FlawFinder.
src/mongo/util/net/socket_utils.cpp
1 issues
Line: 219
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
DiagStr& _hostNameCached = *(new DiagStr); // this is also written to from commands/cloud.cpp
std::string getHostName() {
char buf[256];
int ec = gethostname(buf, 127);
if (ec || *buf == 0) {
LOGV2(23202,
"can't get this server's hostname {error}",
"Can't get this server's hostname",
Reported by FlawFinder.
src/mongo/util/net/ssl/detail/engine_apple.hpp
1 issues
Line: 74
Column: 20
CWE codes:
120
20
asio::error_code& ec,
std::size_t& bytes_transferred);
ASIO_DECL want read(const asio::mutable_buffer& data,
asio::error_code& ec,
std::size_t& bytes_transferred);
ASIO_DECL asio::mutable_buffer get_output(const asio::mutable_buffer& data);
Reported by FlawFinder.
src/mongo/util/net/ssl/detail/engine_openssl.hpp
1 issues
Line: 78
Column: 20
CWE codes:
120
20
std::size_t& bytes_transferred);
// Read bytes from the SSL session.
ASIO_DECL want read(const asio::mutable_buffer& data,
asio::error_code& ec,
std::size_t& bytes_transferred);
// Get output data to be written to the transport.
ASIO_DECL asio::mutable_buffer get_output(const asio::mutable_buffer& data);
Reported by FlawFinder.
src/mongo/util/net/ssl/detail/engine_schannel.hpp
1 issues
Line: 91
Column: 20
CWE codes:
120
20
std::size_t& bytes_transferred);
// Read bytes from the SSL session.
ASIO_DECL want read(const asio::mutable_buffer& data,
asio::error_code& ec,
std::size_t& bytes_transferred);
// Get output data to be written to the transport.
ASIO_DECL asio::mutable_buffer get_output(const asio::mutable_buffer& data);
Reported by FlawFinder.
src/mongo/util/net/ssl/detail/read_op.hpp
1 issues
Line: 41
Column: 20
CWE codes:
120
20
asio::detail::buffer_sequence_adapter<asio::mutable_buffer,
MutableBufferSequence>::first(buffers_);
return eng.read(buffer, ec, bytes_transferred);
}
template <typename Handler>
void call_handler(Handler& handler,
const asio::error_code& ec,
Reported by FlawFinder.
src/mongo/util/net/ssl_manager.h
1 issues
Line: 291
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// 120 from the SSL documentation for ERR_error_string
static const size_t msglen = 120;
char msg[msglen];
ERR_error_string_n(code, msg, msglen);
return msg;
}
/**
Reported by FlawFinder.
src/mongo/util/net/ssl_options_client.cpp
1 issues
Line: 49
MONGO_STARTUP_OPTIONS_STORE(SSLClientOptions)(InitializerContext*) {
const auto& params = mongo::optionenvironment::startupOptionsParsed;
if (params.count("tls") && params["tls"].as<bool>() == true) {
sslGlobalParams.sslMode.store(SSLParams::SSLMode_requireSSL);
}
if (params.count("tls.disabledProtocols")) {
uassertStatusOK(
Reported by Cppcheck.