Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 39071 Details for
Bug 36210
new ebuild for mplayerd 0.1.12
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Rats security analysis for mplayerd
vuln.txt (text/plain), 5.89 KB, created by
Chris White (RETIRED)
on 2004-09-06 10:50:44 UTC
(
hide
)
Description:
Rats security analysis for mplayerd
Filename:
MIME Type:
Creator:
Chris White (RETIRED)
Created:
2004-09-06 10:50:44 UTC
Size:
5.89 KB
patch
obsolete
>Entries in perl database: 33 >Entries in python database: 62 >Entries in c database: 334 >Entries in php database: 55 >Analyzing src/ll.c >Analyzing src/mplayer_command.c >Analyzing src/client.c >Analyzing src/mplayerd.c >Analyzing src/history.c >Analyzing src/xmemory.c >Analyzing src/parse_config.c >Analyzing src/client_request.c >Analyzing src/fileops.c >Analyzing src/debug.c >Analyzing src/tab_comp.c >Analyzing src/instance.c >src/mplayer_command.c:89: High: fixed size local buffer >src/mplayer_command.c:254: High: fixed size local buffer >src/mplayer_command.c:545: High: fixed size local buffer >src/client.c:43: High: fixed size local buffer >src/client.c:159: High: fixed size local buffer >src/parse_config.c:41: High: fixed size local buffer >src/client_request.c:58: High: fixed size local buffer >src/client_request.c:383: High: fixed size local buffer >src/client_request.c:392: High: fixed size local buffer >src/client_request.c:394: High: fixed size local buffer >src/tab_comp.c:113: High: fixed size local buffer >src/tab_comp.c:148: High: fixed size local buffer >src/tab_comp.c:196: High: fixed size local buffer >src/tab_comp.c:197: High: fixed size local buffer >Extra care should be taken to ensure that character arrays that are allocated >on the stack are used safely. They are prime targets for buffer overflow >attacks. > >src/mplayer_command.c:131: High: strcpy >src/mplayerd.c:90: High: strcpy >src/mplayerd.c:95: High: strcpy >src/mplayerd.c:177: High: strcpy >src/xmemory.c:68: High: strcpy >src/parse_config.c:73: High: strcpy >src/parse_config.c:76: High: strcpy >src/parse_config.c:79: High: strcpy >src/parse_config.c:99: High: strcpy >src/parse_config.c:102: High: strcpy >src/client_request.c:145: High: strcpy >src/client_request.c:165: High: strcpy >src/client_request.c:309: High: strcpy >src/client_request.c:721: High: strcpy >src/client_request.c:888: High: strcpy >src/tab_comp.c:262: High: strcpy >Check to be sure that argument 2 passed to this function call will not copy >more data than can be handled, resulting in a buffer overflow. > >src/mplayer_command.c:365: High: sprintf >src/mplayer_command.c:387: High: sprintf >src/mplayer_command.c:409: High: sprintf >src/mplayerd.c:285: High: sprintf >src/client_request.c:725: High: sprintf >src/client_request.c:727: High: sprintf >src/client_request.c:743: High: sprintf >src/client_request.c:746: High: sprintf >src/client_request.c:780: High: sprintf >src/client_request.c:807: High: sprintf >src/client_request.c:838: High: sprintf >src/client_request.c:873: High: sprintf >src/client_request.c:876: High: sprintf >src/client_request.c:944: High: sprintf >src/client_request.c:948: High: sprintf >src/tab_comp.c:168: High: sprintf >src/tab_comp.c:226: High: sprintf >src/tab_comp.c:231: High: sprintf >src/tab_comp.c:234: High: sprintf >src/tab_comp.c:282: High: sprintf >src/tab_comp.c:295: High: sprintf >Check to be sure that the format string passed as argument 2 to this function >call does not come from an untrusted source that could have added formatting >characters that the code is not prepared to handle. Additionally, the format >string could contain `%s' without precision that could result in a buffer >overflow. > >src/client.c:168: High: strcat >src/client.c:185: High: strcat >src/client_request.c:253: High: strcat >src/client_request.c:301: High: strcat >src/client_request.c:306: High: strcat >src/client_request.c:307: High: strcat >src/tab_comp.c:86: High: strcat >src/tab_comp.c:280: High: strcat >src/tab_comp.c:300: High: strcat >Check to be sure that argument 2 passed to this function call will not copy >more data than can be handled, resulting in a buffer overflow. > >src/mplayerd.c:95: High: getenv >Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. > >src/parse_config.c:70: High: sscanf >src/parse_config.c:90: High: sscanf >Check to be sure that the format string passed as argument 2 to this function >call does not come from an untrusted source that could have added formatting >characters that the code is not prepared to handle. Additionally, the format >string could contain `%s' without precision that could result in a buffer >overflow. > >src/client_request.c:730: High: realpath >src/client_request.c:808: High: realpath >src/client_request.c:840: High: realpath >src/client_request.c:879: High: realpath >src/tab_comp.c:259: High: realpath >src/tab_comp.c:284: High: realpath >Be sure the destination buffer is at least MAXPATHLEN big. This function may still internally overflow a static buffer, try to avoid using it. If you must, check the size the path your pass in is no longer than MAXPATHLEN > >src/mplayer_command.c:576: Medium: read >Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space. > >src/client.c:261: Medium: realloc >src/debug.c:59: Medium: realloc >Don't use on memory intended to be secure, because the old structure will not be zeroed out. > >src/mplayerd.c:132: Medium: signal >src/mplayerd.c:133: Medium: signal >When setting signal handlers, do not use the same function to handle multiple signals. There exists the possibility a race condition will result if 2 or more different signals are sent to the process at nearly the same time. Also, when writing signal handlers, it is best to do as little as possible in them. The best strategy is to use the signal handler to set a flag, that another part of the program tests and performs the appropriate action(s) when it is set. >See also: http://razor.bindview.com/publish/papers/signals.txt > >src/fileops.c:88: Medium: stat >A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is >the first line where a check has occured. >The following line(s) contain uses that may match up with this check: >43 (opendir), 66 (opendir) > >Total lines analyzed: 3721 >Total time 0.013641 seconds >272780 lines per second
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=39071">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 36210
:
22508
|
34112
| 39071
