Fri, 11/16/2007 - 22:26
Hello;
I r am using the FreeBSD OpenCascade pórt and, just for fun, I tried running flawfinder (http://www.dwheeler.com/flawfinder ) to see what would come out.
As a result I wrote a small patch to fix a level 5 buffer vulnerability here:
--- ros/src/Draw/Draw_Window.cxx.orig Fri Nov 9 22:39:02 2007
+++ ros/src/Draw/Draw_Window.cxx Fri Nov 9 23:27:11 2007
@@ -2077,7 +2077,8 @@
//* threads sinchronization *//
DWORD dwMainThreadId;
console_semaphore_value volatile console_semaphore = WAIT_CONSOLE_COMMAND;
-char console_command[1000];
+#define COMMAND_SIZE 1000 /* Console Command size */
+char console_command[COMMAND_SIZE];
bool volatile isTkLoopStarted = false;
@@ -2157,7 +2158,7 @@
while (1) {
while (console_semaphore != WAIT_CONSOLE_COMMAND)
Sleep(100);
- if (gets(console_command))
+ if (fgets(console_command,COMMAND_SIZE,stdin))
{
console_semaphore = HAS_CONSOLE_COMMAND;
}
__________
I also did an unportable chmod --> lchmod change in the following
files/line:
opencascade-6.2/ros/src/CGM/Gestfic.cxx:19
opencascade-6.2/ros/src/CGM/Gestfic.cxx:29
opencascade-6.2/ros/src/OSD/OSD_File.cxx:675
opencascade-6.2/ros/src/WOKStep/WOKStep_Include.cxx:180
but someone with better knowledge of the code (and C) should replace those with fchmod instead.
I didn't really look at any of the level 4 issues; OpenCascade authors/developers should give flawfinder a try, especially with the "-I" option to avoid some false positives.
best regards,
Pedro.