The following issues were found
test/functional/rpc_getblockfilter.py
4 issues
Line: 14
Column: 1
FILTER_TYPES = ["basic"]
class GetBlockFilterTest(BitcoinTestFramework):
def set_test_params(self):
self.setup_clean_chain = True
self.num_nodes = 2
self.extra_args = [["-blockfilterindex"], []]
Reported by Pylint.
Line: 51
Column: 1
# Test getblockfilter with unknown block
bad_block_hash = "0123456789abcdef" * 4
assert_raises_rpc_error(-5, "Block not found", self.nodes[0].getblockfilter, bad_block_hash, "basic")
# Test getblockfilter with undefined filter type
genesis_hash = self.nodes[0].getblockhash(0)
assert_raises_rpc_error(-5, "Unknown filtertype", self.nodes[0].getblockfilter, genesis_hash, "unknown")
Reported by Pylint.
Line: 55
Column: 1
# Test getblockfilter with undefined filter type
genesis_hash = self.nodes[0].getblockhash(0)
assert_raises_rpc_error(-5, "Unknown filtertype", self.nodes[0].getblockfilter, genesis_hash, "unknown")
# Test getblockfilter fails on node without compact block filter index
self.restart_node(0, extra_args=["-blockfilterindex=0"])
for filter_type in FILTER_TYPES:
assert_raises_rpc_error(-1, "Index is not enabled for filtertype {}".format(filter_type),
Reported by Pylint.
Line: 60
Column: 1
# Test getblockfilter fails on node without compact block filter index
self.restart_node(0, extra_args=["-blockfilterindex=0"])
for filter_type in FILTER_TYPES:
assert_raises_rpc_error(-1, "Index is not enabled for filtertype {}".format(filter_type),
self.nodes[0].getblockfilter, genesis_hash, filter_type)
if __name__ == '__main__':
GetBlockFilterTest().main()
Reported by Pylint.
src/util/readwritefile.cpp
3 issues
Line: 15
Column: 25
CWE codes:
362
std::pair<bool,std::string> ReadBinaryFile(const fs::path &filename, size_t maxsize=std::numeric_limits<size_t>::max())
{
FILE *f = fsbridge::fopen(filename, "rb");
if (f == nullptr)
return std::make_pair(false,"");
std::string retval;
char buffer[128];
do {
Reported by FlawFinder.
Line: 19
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (f == nullptr)
return std::make_pair(false,"");
std::string retval;
char buffer[128];
do {
const size_t n = fread(buffer, 1, sizeof(buffer), f);
// Check for reading errors so we don't return any data if we couldn't
// read the entire file (or up to maxsize)
if (ferror(f)) {
Reported by FlawFinder.
Line: 36
Column: 25
CWE codes:
362
bool WriteBinaryFile(const fs::path &filename, const std::string &data)
{
FILE *f = fsbridge::fopen(filename, "wb");
if (f == nullptr)
return false;
if (fwrite(data.data(), 1, data.size(), f) != data.size()) {
fclose(f);
return false;
Reported by FlawFinder.
src/prevector.h
3 issues
Line: 151
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
private:
#pragma pack(push, 1)
union direct_or_indirect {
char direct[sizeof(T) * N];
struct {
char* indirect;
size_type capacity;
} indirect_contents;
};
Reported by FlawFinder.
Line: 176
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
T* indirect = indirect_ptr(0);
T* src = indirect;
T* dst = direct_ptr(0);
memcpy(dst, src, size() * sizeof(T));
free(indirect);
_size -= N + 1;
}
} else {
if (!is_direct()) {
Reported by FlawFinder.
Line: 193
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
assert(new_indirect);
T* src = direct_ptr(0);
T* dst = reinterpret_cast<T*>(new_indirect);
memcpy(dst, src, size() * sizeof(T));
_union.indirect_contents.indirect = new_indirect;
_union.indirect_contents.capacity = new_capacity;
_size += N + 1;
}
}
Reported by FlawFinder.
src/rpc/request.cpp
3 issues
Line: 79
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool GenerateAuthCookie(std::string *cookie_out)
{
const size_t COOKIE_SIZE = 32;
unsigned char rand_pwd[COOKIE_SIZE];
GetRandBytes(rand_pwd, COOKIE_SIZE);
std::string cookie = COOKIEAUTH_USER + ":" + HexStr(rand_pwd);
/** the umask determines what permissions are used to create this file -
* these are set to 077 in init.cpp unless overridden with -sysperms.
Reported by FlawFinder.
Line: 88
Column: 10
CWE codes:
362
*/
fsbridge::ofstream file;
fs::path filepath_tmp = GetAuthCookieFile(true);
file.open(filepath_tmp);
if (!file.is_open()) {
LogPrintf("Unable to open cookie authentication file %s for writing\n", filepath_tmp.string());
return false;
}
file << cookie;
Reported by FlawFinder.
Line: 113
Column: 10
CWE codes:
362
fsbridge::ifstream file;
std::string cookie;
fs::path filepath = GetAuthCookieFile();
file.open(filepath);
if (!file.is_open())
return false;
std::getline(file, cookie);
file.close();
Reported by FlawFinder.
src/secp256k1/contrib/lax_der_parsing.c
3 issues
Line: 15
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t rpos, rlen, spos, slen;
size_t pos = 0;
size_t lenbyte;
unsigned char tmpsig[64] = {0};
int overflow = 0;
/* Hack to initialize sig with a correctly-parsed but invalid signature. */
secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
Reported by FlawFinder.
Line: 124
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rlen > 32) {
overflow = 1;
} else if (rlen) {
memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
}
/* Ignore leading zeroes in S */
while (slen > 0 && input[spos] == 0) {
slen--;
Reported by FlawFinder.
Line: 136
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (slen > 32) {
overflow = 1;
} else if (slen) {
memcpy(tmpsig + 64 - slen, input + spos, slen);
}
if (!overflow) {
overflow = !secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig);
}
Reported by FlawFinder.
src/secp256k1/src/bench_recover.c
3 issues
Line: 14
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct {
secp256k1_context *ctx;
unsigned char msg[32];
unsigned char sig[64];
} bench_recover_data;
void bench_recover(void* arg, int iters) {
int i;
Reported by FlawFinder.
Line: 15
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct {
secp256k1_context *ctx;
unsigned char msg[32];
unsigned char sig[64];
} bench_recover_data;
void bench_recover(void* arg, int iters) {
int i;
bench_recover_data *data = (bench_recover_data*)arg;
Reported by FlawFinder.
Line: 22
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
bench_recover_data *data = (bench_recover_data*)arg;
secp256k1_pubkey pubkey;
unsigned char pubkeyc[33];
for (i = 0; i < iters; i++) {
int j;
size_t pubkeylen = 33;
secp256k1_ecdsa_recoverable_signature sig;
Reported by FlawFinder.
src/secp256k1/src/bench_schnorrsig.c
3 issues
Line: 31
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void bench_schnorrsig_sign(void* arg, int iters) {
bench_schnorrsig_data *data = (bench_schnorrsig_data *)arg;
int i;
unsigned char msg[MSGLEN] = {0};
unsigned char sig[64];
for (i = 0; i < iters; i++) {
msg[0] = i;
msg[1] = i >> 8;
Reported by FlawFinder.
Line: 32
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bench_schnorrsig_data *data = (bench_schnorrsig_data *)arg;
int i;
unsigned char msg[MSGLEN] = {0};
unsigned char sig[64];
for (i = 0; i < iters; i++) {
msg[0] = i;
msg[1] = i >> 8;
CHECK(secp256k1_schnorrsig_sign_custom(data->ctx, sig, msg, MSGLEN, data->keypairs[i], NULL));
Reported by FlawFinder.
Line: 65
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CHECK(MSGLEN >= 4);
for (i = 0; i < iters; i++) {
unsigned char sk[32];
unsigned char *msg = (unsigned char *)malloc(MSGLEN);
unsigned char *sig = (unsigned char *)malloc(64);
secp256k1_keypair *keypair = (secp256k1_keypair *)malloc(sizeof(*keypair));
unsigned char *pk_char = (unsigned char *)malloc(32);
secp256k1_xonly_pubkey pk;
Reported by FlawFinder.
src/secp256k1/src/bench_sign.c
3 issues
Line: 13
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct {
secp256k1_context* ctx;
unsigned char msg[32];
unsigned char key[32];
} bench_sign_data;
static void bench_sign_setup(void* arg) {
int i;
Reported by FlawFinder.
Line: 14
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct {
secp256k1_context* ctx;
unsigned char msg[32];
unsigned char key[32];
} bench_sign_data;
static void bench_sign_setup(void* arg) {
int i;
bench_sign_data *data = (bench_sign_data*)arg;
Reported by FlawFinder.
Line: 33
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
bench_sign_data *data = (bench_sign_data*)arg;
unsigned char sig[74];
for (i = 0; i < iters; i++) {
size_t siglen = 74;
int j;
secp256k1_ecdsa_signature signature;
CHECK(secp256k1_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL));
Reported by FlawFinder.
src/node/blockstorage.cpp
3 issues
Line: 88
Column: 13
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
// start removing block files.
int nContigCounter = 0;
for (const std::pair<const std::string, fs::path>& item : mapBlockFiles) {
if (atoi(item.first) == nContigCounter) {
nContigCounter++;
continue;
}
remove(item.second);
}
Reported by FlawFinder.
Line: 530
Column: 36
CWE codes:
362
// -loadblock=
for (const fs::path& path : vImportFiles) {
FILE* file = fsbridge::fopen(path, "rb");
if (file) {
LogPrintf("Importing blocks file %s...\n", path.string());
chainman.ActiveChainstate().LoadExternalBlockFile(file);
if (ShutdownRequested()) {
LogPrintf("Shutdown requested. Exit %s\n", __func__);
Reported by FlawFinder.
Line: 440
Column: 16
CWE codes:
120
20
}
block.resize(blk_size); // Zeroing of memory is intentional here
filein.read((char*)block.data(), blk_size);
} catch (const std::exception& e) {
return error("%s: Read from block file failed: %s for %s", __func__, e.what(), pos.ToString());
}
return true;
Reported by FlawFinder.
src/test/compilerbug_tests.cpp
3 issues
Line: 7
#include <boost/test/unit_test.hpp>
BOOST_AUTO_TEST_SUITE(compilerbug_tests)
#if defined(__GNUC__)
// This block will also be built under clang, which is fine (as it supports noinline)
void __attribute__ ((noinline)) set_one(unsigned char* ptr)
{
Reported by Cppcheck.
Line: 25
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
void set_one_on_stack() {
unsigned char buf[1];
set_one(buf);
}
BOOST_AUTO_TEST_CASE(gccbug_90348) {
// Test for GCC bug 90348. See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90348
Reported by FlawFinder.
Line: 32
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BOOST_AUTO_TEST_CASE(gccbug_90348) {
// Test for GCC bug 90348. See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90348
for (int i = 0; i <= 4; ++i) {
unsigned char in[4];
for (int j = 0; j < i; ++j) {
in[j] = 0;
set_one_on_stack(); // Apparently modifies in[0]
}
BOOST_CHECK(check_zero(in, i));
Reported by FlawFinder.