Project

General

Profile

Actions

Bug #5080

closed

eve/dnp3: coverity warnings for string handling

Added by Victor Julien about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

I don't think these are very serious.

** CID 1499368:    (TAINTED_SCALAR)
/src/output-json-dnp3-objects.c: 1391 in OutputJsonDNP3SetItem()
/src/output-json-dnp3-objects.c: 1339 in OutputJsonDNP3SetItem()
/src/output-json-dnp3-objects.c: 1328 in OutputJsonDNP3SetItem()

________________________________________________________________________________________________________
*** CID 1499368:    (TAINTED_SCALAR)
/src/output-json-dnp3-objects.c: 1391 in OutputJsonDNP3SetItem()
1385                 jb_set_uint(js, "maximum_block_size", data->maximum_block_size);
1386                 jb_set_uint(js, "request_id", data->request_id);
1387                 if (data->filename_size > 0) {
1388                     /* First create a null terminated string as not all versions
1389                      * of jansson have json_stringn. */
1390                     char tmpbuf[data->filename_size + 1];
>>>     CID 1499368:    (TAINTED_SCALAR)
>>>     Passing tainted expression "data->filename_size" to "memcpy", which uses it as an offset.
1391                     memcpy(tmpbuf, data->filename, data->filename_size);
1392                     tmpbuf[data->filename_size] = '\0';
1393                     jb_set_string(js, "filename", tmpbuf);
1394                 } else {
1395                     jb_set_string(js, "filename", "");
1396                 }
/src/output-json-dnp3-objects.c: 1339 in OutputJsonDNP3SetItem()
1333                 }
1334                 jb_set_uint(js, "data_size", data->data_size);
1335                 if (data->data_size > 0) {
1336                     /* First create a null terminated string as not all versions
1337                      * of jansson have json_stringn. */
1338                     char tmpbuf[data->data_size + 1];
>>>     CID 1499368:    (TAINTED_SCALAR)
>>>     Passing tainted expression "data->data_size" to "memcpy", which uses it as an offset.
1339                     memcpy(tmpbuf, data->data, data->data_size);
1340                     tmpbuf[data->data_size] = '\0';
1341                     jb_set_string(js, "data", tmpbuf);
1342                 } else {
1343                     jb_set_string(js, "data", "");
1344                 }
/src/output-json-dnp3-objects.c: 1328 in OutputJsonDNP3SetItem()
1322                 jb_set_uint(js, "file_function_code", data->file_function_code);
1323                 jb_set_uint(js, "status_code", data->status_code);
1324                 if (data->filename_size > 0) {
1325                     /* First create a null terminated string as not all versions
1326                      * of jansson have json_stringn. */
1327                     char tmpbuf[data->filename_size + 1];
>>>     CID 1499368:    (TAINTED_SCALAR)
>>>     Passing tainted expression "data->filename_size" to "memcpy", which uses it as an offset.
1328                     memcpy(tmpbuf, data->filename, data->filename_size);
1329                     tmpbuf[data->filename_size] = '\0';
1330                     jb_set_string(js, "filename", tmpbuf);
1331                 } else {
1332                     jb_set_string(js, "filename", "");
1333                 }
Actions #1

Updated by Victor Julien about 2 years ago

  • Status changed from New to Closed
  • Target version changed from TBD to 7.0.0-beta1
Actions

Also available in: Atom PDF