[Python-bugs-list] [ python-Bugs-429084 ] Results of running Flawfinder
noreply@sourceforge.net
noreply@sourceforge.net
Tue, 07 Aug 2001 00:27:10 -0700
Bugs item #429084, was opened at 2001-05-31 10:31
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=429084&group_id=5470
Category: Python Interpreter Core
Group: None
Status: Open
Resolution: None
Priority: 2
Submitted By: Itamar Shtull-Trauring (itamar)
Assigned to: Nobody/Anonymous (nobody)
Summary: Results of running Flawfinder
Initial Comment:
I tried running Flawfinder
(http://www.dwheeler.com/flawfinder/) on the Python
source code. SInce I'm not nasty I won't paste *all* of
the errors found, but here some:
/usr/src/python-cvs/Modules/flmodule.c:373 [2] (buffer)
sprintf: does not check for buffer overflows. Use
snprintf or vsnprintf. Risk is low because the source
has a constant maximum length
/usr/src/python-cvs/Modules/posixmodule.c:4191 [3]
(tmpfile) tempnam: temporary file race condition. .
/usr/src/python-cvs/Modules/posixmodule.c:4237 [3]
(tmpfile) tmpnam: temporary file race condition. .
/usr/src/python-cvs/Modules/_weakref.c:141 [4] (buffer)
sprintf: does not check for buffer overflows. Use
snprintf or vsnprintf.
/usr/src/python-cvs/Modules/almodule.c:51 [4] (format)
vsprintf: Potential format string problem. Make Format
string constant.
/usr/src/python-cvs/Modules/getpath.c:169 [4] (buffer)
strcat: does not check for buffer overflows. Consider
using strncat or strlcat.
There were lots more - try it and see.
----------------------------------------------------------------------
>Comment By: Itamar Shtull-Trauring (itamar)
Date: 2001-08-07 00:27
Message:
Logged In: YES
user_id=32065
My knowledge of C is rather lacking. However, some cases are
pretty easy to check. For example, here's what my Debian man
pages say about some of the above functions, under the Bugs
subheading:
tempnam: Never use this function. Use tmpfile(3) instead.
tmpnam: Never use this function. Use tmpfile(3) instead.
And it also says tmpfile is part of the POSIX standard, so
using it shouldn't be a problem.
The strcat in getpath.c seems fine since the previous line
checks that the length is less than the allowable max and it
only appends one character.
----------------------------------------------------------------------
Comment By: Jeremy Hylton (jhylton)
Date: 2001-08-06 14:16
Message:
Logged In: YES
user_id=31392
Itamar-- any interest in figuring out which of these is
really a problem?
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=429084&group_id=5470