[Ifile-discuss] Ifile

ifile-discuss
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ifile-discuss] Ifile

From:	Preben Randhol
Subject:	[Ifile-discuss] Ifile
Date:	Wed, 16 Apr 2003 16:43:27 +0200
User-agent:	Mutt/1.3.28i
Hi

I'm currently in the progress of changing from spamassassin to ispell.
It looks nice so far. Since ifile is written in C and buffer overflow is
a big security problem I took the liberty to run the ifile 1.3.0 C
source through flawfinder so that it could give warnings. Hope you find
the information useful. The program can be found here:
http://www.dwheeler.com/flawfinder/

The warnings:

Flawfinder version 1.21, (C) 2001-2002 David A. Wheeler.
Number of dangerous functions in C/C++ ruleset: 127
Examining database.c
Examining error.c
Examining hash_table.c
Examining ifile.c
Examining int4str.c
Examining istext.c
Examining lex-define.c
Examining lex-email.c
Examining lex-indirect.c
Examining lex-simple.c
Examining opts.c
Examining primes.c
Examining scan.c
Examining stem.c
Examining stoplist.c
Examining stopwords.c
Examining util.c
error.c:80  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files,
  a race condition results. . Use fchmod( ) instead. 
error.c:58  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
error.c:123  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be
  exploited. Use a constant for the format specification. 
error.c:132  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be
  exploited. Use a constant for the format specification. 
error.c:152  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be
  exploited. Use a constant for the format specification. 
error.c:157  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be
  exploited. Use a constant for the format specification. 
ifile.c:114  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely.
  try using a library call that implements the same functionality if
  available. 
ifile.c:275  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely.
  try using a library call that implements the same functionality if
  available. 
int4str.c:313  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be
  exploited. Use a constant for the format specification. 
lex-email.c:171  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
lex-email.c:181  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
lex-email.c:243  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
lex-email.c:247  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination.
  Consider using strncat or strlcat (warning, strncat is easily misused). 
stem.c:218  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination.
  Consider using strncat or strlcat (warning, strncat is easily misused). 
stoplist.c:62  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. 
util.c:56  [4] (format) vsprintf:
  Potential format string problem. Make format string constant. 
util.c:61  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
util.c:90  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination.
  Consider using strncat or strlcat (warning, strncat is easily misused). 
util.c:157  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
util.c:315  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
error.c:73  [3] (random) srand:
  This function is not sufficiently random for security-related
  functions such as key and nonce creation. use a more secure technique for
  acquiring random values. 
error.c:76  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
ifile.c:99  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
database.c:293  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
database.c:453  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
database.c:463  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk
  is low because the source is a constant string.
database.c:472  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
error.c:42  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
error.c:78  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
ifile.c:152  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
int4str.c:268  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
int4str.c:330  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
int4str.c:369  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
istext.c:42  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
lex-define.c:32  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
stoplist.c:53  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
stoplist.c:56  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
util.c:51  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
util.c:106  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
util.c:220  [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length. 
database.c:323  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
error.c:57  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
int4str.c:337  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop. 
int4str.c:353  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
lex-email.c:135  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for
  invalid pointers. 
lex-email.c:172  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
lex-email.c:179  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for
  invalid pointers. 
lex-email.c:239  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
lex-email.c:246  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination.
  Consider using strncat or strlcat (warning, strncat is easily misused).
  Risk is low because the source is a constant character.
lex-email.c:259  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
lex-simple.c:70  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop. 
lex-simple.c:116  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
lex-simple.c:198  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
lex-simple.c:264  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
scan.c:42  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop. 
scan.c:57  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop. 
scan.c:69  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop. 
scan.c:103  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop. 
scan.c:137  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop. 
scan.c:181  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop. 
scan.c:205  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop. 
scan.c:226  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
stem.c:147  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
util.c:59  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
util.c:81  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
util.c:113  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
util.c:115  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk
  is low because the source is a constant character.
util.c:155  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
util.c:312  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
Number of hits = 69
Number of Lines Analyzed = 4787 in 1.31 seconds (5876 lines/second)
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
[Prev in Thread]
Current Thread
[Next in Thread]
[Ifile-discuss] Ifile, Preben Randhol <=
- Re: [Ifile-discuss] Ifile, Booker Bense, 2003/04/16
- Message not available
  - Re: [Ifile-discuss] Ifile, Preben Randhol, 2003/04/17
    - Re: [Ifile-discuss] Ifile, Jason Rennie, 2003/04/17
    - Re: [Ifile-discuss] Ifile, Preben Randhol, 2003/04/17
    - Re: [Ifile-discuss] Ifile, Jack Bertram, 2003/04/17
    - Re: [Ifile-discuss] Ifile, Preben Randhol, 2003/04/17
    - Re: [Ifile-discuss] Ifile, Jonadab the Unsightly One, 2003/04/19
Prev by Date: Re: [Ifile-discuss] 100% CPU !
Next by Date: Re: [Ifile-discuss] Ifile
Previous by thread: [Ifile-discuss] 100% CPU !
Next by thread: Re: [Ifile-discuss] Ifile
Index(es):
- Date
- Thread