httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 31653] - buffer buffer mod_cache.c
Date Thu, 21 Oct 2004 07:02:41 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31653>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31653

buffer buffer mod_cache.c





------- Additional Comments From mmardones@gmail.com  2004-10-21 07:02 -------

[root@cdtboys flawfinder-1.26]# ./flawfinder 
/root/httpd-2.0.50/modules/cache/mod_file_cache.c
Flawfinder version 1.26, (C) 2001-2004 David A. Wheeler.
Number of dangerous functions in C/C++ ruleset: 158
Examining /root/httpd-2.0.50/modules/cache/mod_file_cache.c
/root/httpd-2.0.50/modules/cache/mod_file_cache.c:109:  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length.
/root/httpd-2.0.50/modules/cache/mod_file_cache.c:110:  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length.
/root/httpd-2.0.50/modules/cache/mod_file_cache.c:203:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected).

Hits = 3
Lines analyzed = 415 in 3.01 seconds (165 lines/second)
Physical Source Lines of Code (SLOC) = 256
Hits@level = [0]   0 [1]   1 [2]   2 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]   3 [1+]   3 [2+]   2 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 11.7188 [1+] 11.7188 [2+] 7.8125 [3+]   0 [4+]   0 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!

-----------

[root@cdtboys rats-2.1]# ./rats -i /root/httpd-2.0.50/modules/cache/mod_file_cache.c
Entries in perl database: 33
Entries in python database: 62
Entries in c database: 334
Entries in php database: 55
Analyzing /root/httpd-2.0.50/modules/cache/mod_file_cache.c
/root/httpd-2.0.50/modules/cache/mod_file_cache.c:109: High: fixed size local buffer
/root/httpd-2.0.50/modules/cache/mod_file_cache.c:110: High: fixed size local buffer
Extra care should be taken to ensure that character arrays that are allocated
on the stack are used safely.  They are prime targets for buffer overflow
attacks.

Total lines analyzed: 416
Total time 0.003928 seconds
105906 lines per second

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message