Project Name | CID | Checker | Category | Developer Description |
---|---|---|---|---|
elbing/harvey | 90641 | BUFFER_SIZE_WARNING | Memory - illegal accesses | Oh joy. This is in the key management code which converts passwords. This has also been there forever. |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
/* * This file is part of the UCB release of Plan 9. It is subject to the license * terms in the LICENSE file found in the top-level directory of this * distribution and at http://akaros.cs.berkeley.edu/files/Plan9License. No * part of the UCB release of Plan 9, including this file, may be copied, * modified, propagated, or distributed except according to the terms contained * in the LICENSE file. */ #include <u.h> #include <libc.h> #include <authsrv.h> int opasstokey(char *key, char *p) { uint8_t t[10]; int c, n; n = strlen(p); memset(t, ' ', sizeof t); |
< 1. Condition "n < 5", taking false branch
22 23 |
if(n < 5) return 0; |
< 2. Condition "n > 10", taking true branch
24 25 |
if(n > 10) n = 10; |
<<< CID 90641: Memory - illegal accesses BUFFER_SIZE_WARNING <<< 3. Calling strncpy with a maximum size argument of 10 bytes on destination array "t" of size 10 bytes might leave the destination string unterminated.
26 |
strncpy((char*)t, p, n); |
< 4. Condition "n >= 9", taking true branch
27 28 |
if(n >= 9){ c = p[8] & 0xf; |
< 5. Condition "n == 10", taking true branch
29 30 |
if(n == 10) c += p[9] << 4; |
< 6. Condition "n < 8", taking true branch
< 9. Condition "n < 8", taking true branch
< 12. Condition "n < 8", taking true branch
< 15. Condition "n < 8", taking false branch
31 |
for(n = 0; n < 8; n++) |
< 7. Condition "c & (1 << n)", taking true branch
< 10. Condition "c & (1 << n)", taking true branch
< 13. Condition "c & (1 << n)", taking false branch
32 |
if(c & (1 << n)) |
< 8. Jumping back to the beginning of the loop
< 11. Jumping back to the beginning of the loop
< 14. Jumping back to the beginning of the loop
33 34 |
t[n] -= ' ';
} |
< 16. Condition "n < 7", taking true branch
< 18. Condition "n < 7", taking true branch
< 20. Condition "n < 7", taking false branch
35 |
for(n = 0; n < 7; n++) |
< 17. Jumping back to the beginning of the loop
< 19. Jumping back to the beginning of the loop
36 37 38 |
key[n] = (t[n] >> n) + (t[n+1] << (8 - (n+1))); return 1; } |
3. buffer_size_warning | opasstokey.c:26 |