Post

Replies

Boosts

Views

Activity

Coverity issues in UDPEcho
Hi Below are the Coverity issues that are raise on the UDPEcho class.1. Excessive stack use may cause stack overflow in embedded applications. Stack size limits are configurable.In -[UDPEcho readData]: Excessive use of stack memory by local variables or parametersThis issue exist in UDPEcho.m class on line no. 225. Please help us to provide a appropriate solution as this need urgently for Security purpose.Thanks and Regards,Puneet Taneja
0
0
439
May ’20
Use of Insecure functions/Potential dangerous functions "strlen()" in GCDAsyncSocket.m
https://opensource.apple.com/source/HTTPServer/HTTPServer-11/CocoaHTTPServer/Vendor/CocoaAsyncSocket/GCDAsyncSocket.m.auto.html In GCDAsyncSocket.m class file There is one line with strlen() function sizet peerLen = strlen(peer); in sslstartTLS() method , which is causing Security issue in our project as security team highlighted it as an insecure function in this class with a reference link of CWE-676: Use of Potentially Dangerous Function Need to provide a fix for this. Please provide solution for this as soon as possible as it is very urgent.
2
0
2k
Aug ’20
Security threat due to insecure function "memcpy()" in GCDAsyncSocket.m
Hi, https://opensource.apple.com/source/HTTPServer/HTTPServer-11/CocoaHTTPServer/Vendor/CocoaAsyncSocket/GCDAsyncSocket.m.auto.html I am getting security threat in GCDAsyncSocket.m class file  There are 13 occurrences of memcpy() function which is an insecure function acc to security tool. Below is the issue description and reference links from security team. Issue description : Use of insecure functions/potential dangerous functions Reference link: CWE-676: Use of Potentially Dangerous Function This would explain why SECURITY TEAM is recommending the change of these functions. Please provide solution for this as soon as possible as it is very urgent. Thanks and Regards, Priya Mehndiratta
5
0
3.3k
Aug ’20
Security threat due to insecure function "strncpy()" in UDPEcho.m class
Hi, I am getting security threat in UDPEcho.m class file  There are 1 occurrence of strncpy function which is an insecure function acc to security tool. static WCINLINE unsigned int mypskclientcallback(WOLFSSL* ssl, const char* hint,                          char* identity, unsigned int idmaxlen, unsigned char* key,                          unsigned int keymaxlen) {   (void)ssl;   (void)hint;   (void)keymaxlen;   /* identity is OpenSSL testing default for openssl sclient, keep same */   strncpy(identity, wolfsslPSKIdentityHint, idmaxlen);   for(int i = 0; i < wolfsslMasterToken.length; i++)   {     key[i] = [wolfsslMasterToken characterAtIndex:i];   }   return 16; /* length of key in octets or 0 for error */ } Below is the issue description and reference links from security team. Issue description : Use of insecure functions/potential dangerous functions Reference link: CWE-676: Use of Potentially Dangerous Function This would explain why SECURITY TEAM is recommending the change of these functions. Please provide solution for this as soon as possible as it is very urgent. Thanks and Regards, Priya Mehndiratta
1
0
701
Aug ’20
Security threat due to insecure function "malloc()" in GCDAsyncSocket.m
Hi, https://opensource.apple.com/source/HTTPServer/HTTPServer-11/CocoaHTTPServer/Vendor/CocoaAsyncSocket/GCDAsyncSocket.m.auto.html I am getting security threat in GCDAsyncSocket.m class file  There is  occurrences of malloc() function which is an insecure function acc to security tool. preBuffer = malloc(preBufferSize); Below is the issue description and reference links from security team. Issue description :  Use of insecure functions/potential dangerous functions Reference links:  CWE-676: Use of Potentially Dangerous Function CWE-789 - Uncontrolled Memory Allocation This would explain why SECURITY TEAM is recommending the change of these functions. Please provide solution for this as soon as possible as it is very urgent. Thanks and Regards, Priya Mehndiratta
1
0
1.5k
Aug ’20
Security threat due to insecure function "malloc()" in GCDAsyncSocket.m
https://github.com/robbiehanson/CocoaAsyncSocket/blob/master/Source/GCD/GCDAsyncUdpSocket.m I am getting security threat in GCDAsyncUdpSocke.m class file  There is occurrences of malloc() function which is an insecure function acc to security tool. void *buf = malloc(bufSize); void *buf = malloc(bufSize); Below is the issue description and reference links from security team. Issue description:   Use of insecure functions/potential dangerous functions Reference links:   CWE-676: Use of Potentially Dangerous Function CWE-789 - Uncontrolled Memory Allocation  This would explain why SECURITY TEAM is recommending the change of these functions. Thanks and Regards
1
0
2.1k
Aug ’20