[Python-bugs-list] [ python-Bugs-429084 ] Results of running Flawfinder

noreply@sourceforge.net noreply@sourceforge.net
Tue, 07 Aug 2001 00:27:10 -0700 

Bugs item #429084, was opened at 2001-05-31 10:31
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=429084&group_id=5470

Category: Python Interpreter Core
Group: None
Status: Open
Resolution: None
Priority: 2
Submitted By: Itamar Shtull-Trauring (itamar)
Assigned to: Nobody/Anonymous (nobody)
Summary: Results of running Flawfinder

Initial Comment:
I tried running Flawfinder
(http://www.dwheeler.com/flawfinder/) on the Python
source code. SInce I'm not nasty I won't paste *all* of
the errors found, but here some:

/usr/src/python-cvs/Modules/flmodule.c:373 [2] (buffer)
sprintf: does not check for buffer overflows. Use
snprintf or vsnprintf. Risk is low because the source
has a constant maximum length
/usr/src/python-cvs/Modules/posixmodule.c:4191 [3]
(tmpfile) tempnam: temporary file race condition. . 
/usr/src/python-cvs/Modules/posixmodule.c:4237 [3]
(tmpfile) tmpnam: temporary file race condition. . 
/usr/src/python-cvs/Modules/_weakref.c:141 [4] (buffer)
sprintf: does not check for buffer overflows. Use
snprintf or vsnprintf. 
/usr/src/python-cvs/Modules/almodule.c:51 [4] (format)
vsprintf: Potential format string problem. Make Format
string constant. 
/usr/src/python-cvs/Modules/getpath.c:169 [4] (buffer)
strcat: does not check for buffer overflows. Consider
using strncat or strlcat. 

There were lots more - try it and see.

----------------------------------------------------------------------

>Comment By: Itamar Shtull-Trauring (itamar)
Date: 2001-08-07 00:27

Message:
Logged In: YES 
user_id=32065

My knowledge of C is rather lacking. However, some cases are
pretty easy to check. For example, here's what my Debian man
pages say about some of the above functions, under the Bugs
subheading:

tempnam: Never use this function. Use tmpfile(3) instead.
tmpnam: Never use this function. Use tmpfile(3) instead.

And it also says tmpfile is part of the POSIX standard, so
using it shouldn't be a problem.

The strcat in getpath.c seems fine since the previous line
checks that the length is less than the allowable max and it
only appends one character.

----------------------------------------------------------------------

Comment By: Jeremy Hylton (jhylton)
Date: 2001-08-06 14:16

Message:
Logged In: YES 
user_id=31392

Itamar-- any interest in figuring out which of these is
really a problem?

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=429084&group_id=5470