The following issues were found
Kernel/Syscalls/execve.cpp
7 issues
Line: 719
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// FIXME: Also take into account things like extended filesystem permissions? That's what linux does...
auxv.append({ ELF::AuxiliaryValue::Secure, ((uid != euid) || (gid != egid)) ? 1 : 0 });
char random_bytes[16] {};
get_fast_random_bytes((u8*)random_bytes, sizeof(random_bytes));
auxv.append({ ELF::AuxiliaryValue::Random, String(random_bytes, sizeof(random_bytes)) });
auxv.append({ ELF::AuxiliaryValue::ExecFilename, executable_path });
Reported by FlawFinder.
Line: 778
Column: 55
CWE codes:
362
if (!interpreter_path.is_empty()) {
dbgln_if(EXEC_DEBUG, "exec({}): Using program interpreter {}", path, interpreter_path);
auto interp_result = VirtualFileSystem::the().open(interpreter_path, O_EXEC, 0, current_directory());
if (interp_result.is_error()) {
dbgln("exec({}): Unable to open program interpreter {}", path, interpreter_path);
return interp_result.error();
}
auto interpreter_description = interp_result.value();
Reported by FlawFinder.
Line: 793
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (interp_metadata.size < (int)sizeof(ElfW(Ehdr)))
return ENOEXEC;
char first_page[PAGE_SIZE] = {};
auto first_page_buffer = UserOrKernelBuffer::for_kernel_buffer((u8*)&first_page);
auto nread_or_error = interpreter_description->read(first_page_buffer, sizeof(first_page));
if (nread_or_error.is_error())
return ENOEXEC;
nread = nread_or_error.value();
Reported by FlawFinder.
Line: 854
Column: 51
CWE codes:
362
// * ET_EXEC binary that just gets loaded
// * ET_DYN binary that requires a program interpreter
//
auto file_or_error = VirtualFileSystem::the().open(path, O_EXEC, 0, current_directory());
if (file_or_error.is_error())
return file_or_error.error();
auto description = file_or_error.release_value();
auto metadata = description->metadata();
Reported by FlawFinder.
Line: 870
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
VERIFY(description->inode());
// Read the first page of the program into memory so we can validate the binfmt of it
char first_page[PAGE_SIZE];
auto first_page_buffer = UserOrKernelBuffer::for_kernel_buffer((u8*)&first_page);
auto nread_or_error = description->read(first_page_buffer, sizeof(first_page));
if (nread_or_error.is_error())
return ENOEXEC;
Reported by FlawFinder.
Line: 795
Column: 56
CWE codes:
120
20
char first_page[PAGE_SIZE] = {};
auto first_page_buffer = UserOrKernelBuffer::for_kernel_buffer((u8*)&first_page);
auto nread_or_error = interpreter_description->read(first_page_buffer, sizeof(first_page));
if (nread_or_error.is_error())
return ENOEXEC;
nread = nread_or_error.value();
if (nread < (int)sizeof(ElfW(Ehdr)))
Reported by FlawFinder.
Line: 872
Column: 40
CWE codes:
120
20
// Read the first page of the program into memory so we can validate the binfmt of it
char first_page[PAGE_SIZE];
auto first_page_buffer = UserOrKernelBuffer::for_kernel_buffer((u8*)&first_page);
auto nread_or_error = description->read(first_page_buffer, sizeof(first_page));
if (nread_or_error.is_error())
return ENOEXEC;
// 1) #! interpreted file
auto shebang_result = find_shebang_interpreter_for_executable(first_page, nread_or_error.value());
Reported by FlawFinder.
Tests/AK/TestString.cpp
6 issues
Line: 245
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
EXPECT_EQ(built.length(), 0u);
}
TEST_CASE(sprintf)
{
char buf1[128];
int ret1 = sprintf(buf1, "%+d", 12);
EXPECT_EQ(ret1, 3);
Reported by FlawFinder.
Line: 247
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST_CASE(sprintf)
{
char buf1[128];
int ret1 = sprintf(buf1, "%+d", 12);
EXPECT_EQ(ret1, 3);
char buf2[128];
int ret2 = sprintf(buf2, "%+d", -12);
Reported by FlawFinder.
Line: 248
Column: 16
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
TEST_CASE(sprintf)
{
char buf1[128];
int ret1 = sprintf(buf1, "%+d", 12);
EXPECT_EQ(ret1, 3);
char buf2[128];
int ret2 = sprintf(buf2, "%+d", -12);
EXPECT_EQ(ret2, 3);
Reported by FlawFinder.
Line: 251
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret1 = sprintf(buf1, "%+d", 12);
EXPECT_EQ(ret1, 3);
char buf2[128];
int ret2 = sprintf(buf2, "%+d", -12);
EXPECT_EQ(ret2, 3);
EXPECT_EQ(String(buf1), String("+12"));
EXPECT_EQ(String(buf2), String("-12"));
Reported by FlawFinder.
Line: 252
Column: 16
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
EXPECT_EQ(ret1, 3);
char buf2[128];
int ret2 = sprintf(buf2, "%+d", -12);
EXPECT_EQ(ret2, 3);
EXPECT_EQ(String(buf1), String("+12"));
EXPECT_EQ(String(buf2), String("-12"));
}
Reported by FlawFinder.
Line: 33
Column: 37
CWE codes:
126
EXPECT(!test_string.is_empty());
EXPECT(!test_string.is_null());
EXPECT_EQ(test_string.length(), 6u);
EXPECT_EQ(test_string.length(), strlen(test_string.characters()));
EXPECT(test_string.characters() != nullptr);
EXPECT(!strcmp(test_string.characters(), "ABCDEF"));
EXPECT(test_string == "ABCDEF");
EXPECT(test_string != "ABCDE");
Reported by FlawFinder.
Userland/Applications/PixelPaint/Image.cpp
6 issues
Line: 90
Column: 11
CWE codes:
362
Result<NonnullRefPtr<Image>, String> Image::try_create_from_pixel_paint_fd(int fd, String const& file_path)
{
auto file = Core::File::construct();
file->open(fd, Core::OpenMode::ReadOnly, Core::File::ShouldCloseFileDescriptor::No);
if (file->has_error())
return String { file->error_string() };
return try_create_from_pixel_paint_file(file, file_path);
}
Reported by FlawFinder.
Line: 99
Column: 38
CWE codes:
362
Result<NonnullRefPtr<Image>, String> Image::try_create_from_pixel_paint_path(String const& file_path)
{
auto file_or_error = Core::File::open(file_path, Core::OpenMode::ReadOnly);
if (file_or_error.is_error())
return String { file_or_error.error().string() };
return try_create_from_pixel_paint_file(*file_or_error.value(), file_path);
}
Reported by FlawFinder.
Line: 224
Column: 11
CWE codes:
362
json.finish();
auto file = Core::File::construct();
file->open(fd, Core::OpenMode::WriteOnly | Core::OpenMode::Truncate, Core::File::ShouldCloseFileDescriptor::Yes);
if (file->has_error())
return String { file->error_string() };
if (!file->write(builder.string_view()))
return String { file->error_string() };
Reported by FlawFinder.
Line: 257
Column: 38
CWE codes:
362
}
json.finish();
auto file_or_error = Core::File::open(file_path, (Core::OpenMode)(Core::OpenMode::WriteOnly | Core::OpenMode::Truncate));
if (file_or_error.is_error())
return String { file_or_error.error().string() };
if (!file_or_error.value()->write(builder.string_view()))
return String { file_or_error.value()->error_string() };
Reported by FlawFinder.
Line: 279
Column: 11
CWE codes:
362
Result<void, String> Image::export_bmp_to_fd_and_close(int fd, bool preserve_alpha_channel)
{
auto file = Core::File::construct();
file->open(fd, Core::OpenMode::WriteOnly | Core::OpenMode::Truncate, Core::File::ShouldCloseFileDescriptor::Yes);
if (file->has_error())
return String { file->error_string() };
auto bitmap_format = preserve_alpha_channel ? Gfx::BitmapFormat::BGRA8888 : Gfx::BitmapFormat::BGRx8888;
auto bitmap = try_compose_bitmap(bitmap_format);
Reported by FlawFinder.
Line: 300
Column: 11
CWE codes:
362
Result<void, String> Image::export_png_to_fd_and_close(int fd, bool preserve_alpha_channel)
{
auto file = Core::File::construct();
file->open(fd, Core::OpenMode::WriteOnly | Core::OpenMode::Truncate, Core::File::ShouldCloseFileDescriptor::Yes);
if (file->has_error())
return String { file->error_string() };
auto bitmap_format = preserve_alpha_channel ? Gfx::BitmapFormat::BGRA8888 : Gfx::BitmapFormat::BGRx8888;
auto bitmap = try_compose_bitmap(bitmap_format);
Reported by FlawFinder.
Userland/Libraries/LibTLS/HandshakeClient.cpp
6 issues
Line: 45
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (is_aead) {
iv_size = 4; // Explicit IV size.
} else {
memcpy(m_context.crypto.local_mac, key + offset, mac_size);
offset += mac_size;
memcpy(m_context.crypto.remote_mac, key + offset, mac_size);
offset += mac_size;
}
Reported by FlawFinder.
Line: 47
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(m_context.crypto.local_mac, key + offset, mac_size);
offset += mac_size;
memcpy(m_context.crypto.remote_mac, key + offset, mac_size);
offset += mac_size;
}
auto client_key = key + offset;
offset += key_size;
Reported by FlawFinder.
Line: 81
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CipherAlgorithm::AES_128_CBC:
case CipherAlgorithm::AES_256_CBC: {
VERIFY(!is_aead);
memcpy(m_context.crypto.local_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
Reported by FlawFinder.
Line: 82
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CipherAlgorithm::AES_256_CBC: {
VERIFY(!is_aead);
memcpy(m_context.crypto.local_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
}
Reported by FlawFinder.
Line: 91
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CipherAlgorithm::AES_128_GCM:
case CipherAlgorithm::AES_256_GCM: {
VERIFY(is_aead);
memcpy(m_context.crypto.local_aead_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_aead_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
Reported by FlawFinder.
Line: 92
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CipherAlgorithm::AES_256_GCM: {
VERIFY(is_aead);
memcpy(m_context.crypto.local_aead_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_aead_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
}
Reported by FlawFinder.
Userland/Libraries/LibTLS/Socket.cpp
6 issues
Line: 15
Column: 30
CWE codes:
120
20
namespace TLS {
Optional<ByteBuffer> TLSv12::read()
{
if (m_context.application_buffer.size()) {
auto buf = m_context.application_buffer.slice(0, m_context.application_buffer.size());
m_context.application_buffer.clear();
return buf;
Reported by FlawFinder.
Line: 25
Column: 20
CWE codes:
120
20
return {};
}
ByteBuffer TLSv12::read(size_t max_size)
{
if (m_context.application_buffer.size()) {
auto length = min(m_context.application_buffer.size(), max_size);
auto buf = m_context.application_buffer.slice(0, length);
m_context.application_buffer = m_context.application_buffer.slice(length, m_context.application_buffer.size() - length);
Reported by FlawFinder.
Line: 159
Column: 27
CWE codes:
120
20
if (!check_connection_state(true))
return;
consume(Core::Socket::read(4096));
// If anything new shows up, tell the client about the event.
notify_client_for_app_data();
}
Reported by FlawFinder.
Line: 182
Column: 42
CWE codes:
120
20
on_tls_ready_to_write(*this);
}
bool TLSv12::check_connection_state(bool read)
{
if (!Core::Socket::is_open() || !Core::Socket::is_connected() || Core::Socket::eof()) {
// an abrupt closure (the server is a jerk)
dbgln_if(TLS_DEBUG, "Socket not open, assuming abrupt closure");
m_context.connection_finished = true;
Reported by FlawFinder.
Line: 196
Column: 11
CWE codes:
120
20
on_tls_error((AlertDescription)m_context.critical_error);
return false;
}
if (((read && m_context.application_buffer.size() == 0) || !read) && m_context.connection_finished) {
if (m_context.application_buffer.size() == 0 && m_context.connection_status != ConnectionStatus::Disconnected) {
if (on_tls_finished)
on_tls_finished();
}
if (m_context.tls_buffer.size()) {
Reported by FlawFinder.
Line: 196
Column: 65
CWE codes:
120
20
on_tls_error((AlertDescription)m_context.critical_error);
return false;
}
if (((read && m_context.application_buffer.size() == 0) || !read) && m_context.connection_finished) {
if (m_context.application_buffer.size() == 0 && m_context.connection_status != ConnectionStatus::Disconnected) {
if (on_tls_finished)
on_tls_finished();
}
if (m_context.tls_buffer.size()) {
Reported by FlawFinder.
Userland/Libraries/LibWasm/Types.h
6 issues
Line: 82
Column: 12
CWE codes:
120
20
void unread(ReadonlyBytes data) { m_buffer.append(data.data(), data.size()); }
private:
size_t read(Bytes bytes) override
{
size_t bytes_read_from_buffer = 0;
if (!m_buffer.is_empty()) {
auto read_size = min(bytes.size(), m_buffer.size());
m_buffer.span().slice(0, read_size).copy_to(bytes);
Reported by FlawFinder.
Line: 94
Column: 25
CWE codes:
120
20
bytes_read_from_buffer = read_size;
}
return m_stream.read(bytes) + bytes_read_from_buffer;
}
bool unreliable_eof() const override
{
return m_buffer.is_empty() && m_stream.unreliable_eof();
}
Reported by FlawFinder.
Line: 102
Column: 13
CWE codes:
120
20
}
bool read_or_error(Bytes bytes) override
{
if (read(bytes))
return true;
set_recoverable_error();
return false;
}
bool discard_or_error(size_t count) override
Reported by FlawFinder.
Line: 133
Column: 12
CWE codes:
120
20
}
private:
size_t read(Bytes bytes) override
{
auto to_read = min(m_bytes_left, bytes.size());
auto nread = m_stream.read(bytes.slice(0, to_read));
m_bytes_left -= nread;
return nread;
Reported by FlawFinder.
Line: 136
Column: 31
CWE codes:
120
20
size_t read(Bytes bytes) override
{
auto to_read = min(m_bytes_left, bytes.size());
auto nread = m_stream.read(bytes.slice(0, to_read));
m_bytes_left -= nread;
return nread;
}
bool unreliable_eof() const override
{
Reported by FlawFinder.
Line: 146
Column: 13
CWE codes:
120
20
}
bool read_or_error(Bytes bytes) override
{
if (read(bytes))
return true;
set_recoverable_error();
return false;
}
bool discard_or_error(size_t count) override
Reported by FlawFinder.
Kernel/FileSystem/ext2_fs.h
6 issues
Line: 532
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 s_feature_incompat; /* incompatible feature set */
__u32 s_feature_ro_compat; /* readonly-compatible feature set */
__u8 s_uuid[16]; /* 128-bit uuid for volume */
char s_volume_name[16]; /* volume name */
char s_last_mounted[64]; /* directory where last mounted */
__u32 s_algorithm_usage_bitmap; /* For compression */
/*
* Performance hints. Directory preallocation should only
* happen if the EXT2_FEATURE_COMPAT_DIR_PREALLOC flag is on.
Reported by FlawFinder.
Line: 533
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 s_feature_ro_compat; /* readonly-compatible feature set */
__u8 s_uuid[16]; /* 128-bit uuid for volume */
char s_volume_name[16]; /* volume name */
char s_last_mounted[64]; /* directory where last mounted */
__u32 s_algorithm_usage_bitmap; /* For compression */
/*
* Performance hints. Directory preallocation should only
* happen if the EXT2_FEATURE_COMPAT_DIR_PREALLOC flag is on.
*/
Reported by FlawFinder.
Line: 667
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 inode; /* Inode number */
__u16 rec_len; /* Directory entry length */
__u16 name_len; /* Name length */
char name[EXT2_NAME_LEN]; /* Filename */
};
/*
* The new version of the directory entry. Since EXT2 structures are
* stored in intel byte order, and the name_len field could never be
Reported by FlawFinder.
Line: 681
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 rec_len; /* Directory entry length */
__u8 name_len; /* Name length */
__u8 file_type;
char name[EXT2_NAME_LEN]; /* Filename */
};
/*
* Ext2 directory file types. Only the low 3 bits are used. The
* other bits are reserved for now.
Reported by FlawFinder.
Line: 721
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 mmp_magic;
__u32 mmp_seq;
__u64 mmp_time;
char mmp_nodename[64];
char mmp_bdevname[32];
__u16 mmp_interval;
__u16 mmp_pad1;
__u32 mmp_pad2;
};
Reported by FlawFinder.
Line: 722
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 mmp_seq;
__u64 mmp_time;
char mmp_nodename[64];
char mmp_bdevname[32];
__u16 mmp_interval;
__u16 mmp_pad1;
__u32 mmp_pad2;
};
Reported by FlawFinder.
Kernel/FileSystem/VirtualFileSystem.h
6 issues
Line: 58
Column: 13
CWE codes:
362
Suggestion:
Use fchmod( ) instead
KResult unlink(StringView path, Custody& base);
KResult symlink(StringView target, StringView linkpath, Custody& base);
KResult rmdir(StringView path, Custody& base);
KResult chmod(StringView path, mode_t, Custody& base);
KResult chmod(Custody&, mode_t);
KResult chown(StringView path, uid_t, gid_t, Custody& base);
KResult chown(Custody&, uid_t, gid_t);
KResult access(StringView path, int mode, Custody& base);
KResultOr<InodeMetadata> lookup_metadata(StringView path, Custody& base, int options = 0);
Reported by FlawFinder.
Line: 59
Column: 13
CWE codes:
362
Suggestion:
Use fchmod( ) instead
KResult symlink(StringView target, StringView linkpath, Custody& base);
KResult rmdir(StringView path, Custody& base);
KResult chmod(StringView path, mode_t, Custody& base);
KResult chmod(Custody&, mode_t);
KResult chown(StringView path, uid_t, gid_t, Custody& base);
KResult chown(Custody&, uid_t, gid_t);
KResult access(StringView path, int mode, Custody& base);
KResultOr<InodeMetadata> lookup_metadata(StringView path, Custody& base, int options = 0);
KResult utime(StringView path, Custody& base, time_t atime, time_t mtime);
Reported by FlawFinder.
Line: 60
Column: 13
CWE codes:
362
Suggestion:
Use fchown( ) instead
KResult rmdir(StringView path, Custody& base);
KResult chmod(StringView path, mode_t, Custody& base);
KResult chmod(Custody&, mode_t);
KResult chown(StringView path, uid_t, gid_t, Custody& base);
KResult chown(Custody&, uid_t, gid_t);
KResult access(StringView path, int mode, Custody& base);
KResultOr<InodeMetadata> lookup_metadata(StringView path, Custody& base, int options = 0);
KResult utime(StringView path, Custody& base, time_t atime, time_t mtime);
KResult rename(StringView oldpath, StringView newpath, Custody& base);
Reported by FlawFinder.
Line: 61
Column: 13
CWE codes:
362
Suggestion:
Use fchown( ) instead
KResult chmod(StringView path, mode_t, Custody& base);
KResult chmod(Custody&, mode_t);
KResult chown(StringView path, uid_t, gid_t, Custody& base);
KResult chown(Custody&, uid_t, gid_t);
KResult access(StringView path, int mode, Custody& base);
KResultOr<InodeMetadata> lookup_metadata(StringView path, Custody& base, int options = 0);
KResult utime(StringView path, Custody& base, time_t atime, time_t mtime);
KResult rename(StringView oldpath, StringView newpath, Custody& base);
KResult mknod(StringView path, mode_t, dev_t, Custody& base);
Reported by FlawFinder.
Line: 62
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
KResult chmod(Custody&, mode_t);
KResult chown(StringView path, uid_t, gid_t, Custody& base);
KResult chown(Custody&, uid_t, gid_t);
KResult access(StringView path, int mode, Custody& base);
KResultOr<InodeMetadata> lookup_metadata(StringView path, Custody& base, int options = 0);
KResult utime(StringView path, Custody& base, time_t atime, time_t mtime);
KResult rename(StringView oldpath, StringView newpath, Custody& base);
KResult mknod(StringView path, mode_t, dev_t, Custody& base);
KResultOr<NonnullRefPtr<Custody>> open_directory(StringView path, Custody& base);
Reported by FlawFinder.
Line: 51
Column: 47
CWE codes:
362
KResult remount(Custody& mount_point, int new_flags);
KResult unmount(Inode& guest_inode);
KResultOr<NonnullRefPtr<FileDescription>> open(StringView path, int options, mode_t mode, Custody& base, Optional<UidAndGid> = {});
KResultOr<NonnullRefPtr<FileDescription>> create(StringView path, int options, mode_t mode, Custody& parent_custody, Optional<UidAndGid> = {});
KResult mkdir(StringView path, mode_t mode, Custody& base);
KResult link(StringView old_path, StringView new_path, Custody& base);
KResult unlink(StringView path, Custody& base);
KResult symlink(StringView target, StringView linkpath, Custody& base);
Reported by FlawFinder.
Userland/Libraries/LibC/string.h
6 issues
Line: 32
Column: 87
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
__attribute__((malloc)) char* strdup(const char*);
__attribute__((malloc)) char* strndup(const char*, size_t);
__attribute__((deprecated("use strlcpy or String::copy_characters_to_buffer"))) char* strcpy(char* dest, const char* src);
__attribute__((deprecated("use strlcpy or String::copy_characters_to_buffer"))) char* strncpy(char* dest, const char* src, size_t);
__attribute__((warn_unused_result)) size_t strlcpy(char* dest, const char* src, size_t);
char* strchr(const char*, int c);
char* strchrnul(const char*, int c);
Reported by FlawFinder.
Line: 41
Column: 50
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
char* strstr(const char* haystack, const char* needle);
char* strrchr(const char*, int c);
__attribute__((deprecated("use strncat"))) char* strcat(char* dest, const char* src);
char* strncat(char* dest, const char* src, size_t);
size_t strspn(const char*, const char* accept);
size_t strcspn(const char*, const char* reject);
int strerror_r(int, char*, size_t);
Reported by FlawFinder.
Line: 21
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int strncmp(const char*, const char*, size_t);
int memcmp(const void*, const void*, size_t);
void* memcpy(void*, const void*, size_t);
void* memmove(void*, const void*, size_t);
void* memchr(const void*, int c, size_t);
const void* memmem(const void* haystack, size_t, const void* needle, size_t);
void* memset(void*, int, size_t);
Reported by FlawFinder.
Line: 14
Column: 8
CWE codes:
126
__BEGIN_DECLS
size_t strlen(const char*);
size_t strnlen(const char*, size_t maxlen);
int strcmp(const char*, const char*);
int strncmp(const char*, const char*, size_t);
Reported by FlawFinder.
Line: 33
Column: 87
CWE codes:
120
__attribute__((malloc)) char* strndup(const char*, size_t);
__attribute__((deprecated("use strlcpy or String::copy_characters_to_buffer"))) char* strcpy(char* dest, const char* src);
__attribute__((deprecated("use strlcpy or String::copy_characters_to_buffer"))) char* strncpy(char* dest, const char* src, size_t);
__attribute__((warn_unused_result)) size_t strlcpy(char* dest, const char* src, size_t);
char* strchr(const char*, int c);
char* strchrnul(const char*, int c);
char* strstr(const char* haystack, const char* needle);
Reported by FlawFinder.
Line: 42
Column: 7
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
char* strrchr(const char*, int c);
__attribute__((deprecated("use strncat"))) char* strcat(char* dest, const char* src);
char* strncat(char* dest, const char* src, size_t);
size_t strspn(const char*, const char* accept);
size_t strcspn(const char*, const char* reject);
int strerror_r(int, char*, size_t);
char* strerror(int errnum);
Reported by FlawFinder.
Userland/Libraries/LibC/time.cpp
6 issues
Line: 183
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char* asctime(const struct tm* tm)
{
static char buffer[69];
return asctime_r(tm, buffer);
}
char* asctime_r(const struct tm* tm, char* buffer)
{
Reported by FlawFinder.
Line: 202
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
//FIXME: Some formats are not supported.
size_t strftime(char* destination, size_t max_size, const char* format, const struct tm* tm)
{
const char wday_short_names[7][4] = {
"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
};
const char wday_long_names[7][10] = {
"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"
};
Reported by FlawFinder.
Line: 205
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char wday_short_names[7][4] = {
"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
};
const char wday_long_names[7][10] = {
"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"
};
const char mon_short_names[12][4] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
Reported by FlawFinder.
Line: 208
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char wday_long_names[7][10] = {
"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"
};
const char mon_short_names[12][4] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
const char mon_long_names[12][10] = {
"January", "February", "March", "April", "May", "June",
Reported by FlawFinder.
Line: 212
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
const char mon_long_names[12][10] = {
"January", "February", "March", "April", "May", "June",
"July", "August", "September", "October", "November", "December"
};
StringBuilder builder { max_size };
Reported by FlawFinder.
Line: 219
Column: 28
CWE codes:
126
StringBuilder builder { max_size };
const int format_len = strlen(format);
for (int i = 0; i < format_len; ++i) {
if (format[i] != '%') {
builder.append(format[i]);
} else {
if (++i >= format_len)
Reported by FlawFinder.