Hi Below are the Coverity issues that are raise on the UDPEcho class.1. Excessive stack use may cause stack overflow in embedded applications. Stack size limits are configurable.In -[UDPEcho readData]: Excessive use of stack memory by local variables or parametersThis issue exist in UDPEcho.m class on line no. 225. Please help us to provide a appropriate solution as this need urgently for Security purpose.Thanks and Regards,Puneet Taneja
Post
Replies
Boosts
Views
Activity
https://opensource.apple.com/source/HTTPServer/HTTPServer-11/CocoaHTTPServer/Vendor/CocoaAsyncSocket/GCDAsyncSocket.m.auto.html
In GCDAsyncSocket.m class file
There is one line with strlen() function sizet peerLen = strlen(peer);
in sslstartTLS() method , which is causing Security issue in our project as security team highlighted it as an insecure function in this class with a reference link of CWE-676: Use of Potentially Dangerous Function
Need to provide a fix for this.
Please provide solution for this as soon as possible as it is very urgent.
Hi,
https://opensource.apple.com/source/HTTPServer/HTTPServer-11/CocoaHTTPServer/Vendor/CocoaAsyncSocket/GCDAsyncSocket.m.auto.html
I am getting security threat in GCDAsyncSocket.m class file
There are 13 occurrences of memcpy() function which is an insecure function acc to security tool.
Below is the issue description and reference links from security team.
Issue description : Use of insecure functions/potential dangerous functions
Reference link: CWE-676: Use of Potentially Dangerous Function
This would explain why SECURITY TEAM is recommending the change of these functions.
Please provide solution for this as soon as possible as it is very urgent.
Thanks and Regards,
Priya Mehndiratta
Hi,
I am getting security threat in UDPEcho.m class file
There are 1 occurrence of strncpy function which is an insecure function acc to security tool.
static WCINLINE unsigned int mypskclientcallback(WOLFSSL* ssl, const char* hint,
char* identity, unsigned int idmaxlen, unsigned char* key,
unsigned int keymaxlen)
{
(void)ssl;
(void)hint;
(void)keymaxlen;
/* identity is OpenSSL testing default for openssl sclient, keep same */
strncpy(identity, wolfsslPSKIdentityHint, idmaxlen);
for(int i = 0; i < wolfsslMasterToken.length; i++)
{
key[i] = [wolfsslMasterToken characterAtIndex:i];
}
return 16; /* length of key in octets or 0 for error */
}
Below is the issue description and reference links from security team.
Issue description : Use of insecure functions/potential dangerous functions
Reference link: CWE-676: Use of Potentially Dangerous Function
This would explain why SECURITY TEAM is recommending the change of these functions.
Please provide solution for this as soon as possible as it is very urgent.
Thanks and Regards,
Priya Mehndiratta
Hi,
https://opensource.apple.com/source/HTTPServer/HTTPServer-11/CocoaHTTPServer/Vendor/CocoaAsyncSocket/GCDAsyncSocket.m.auto.html
I am getting security threat in GCDAsyncSocket.m class file
There is occurrences of malloc() function which is an insecure function acc to security tool.
preBuffer = malloc(preBufferSize);
Below is the issue description and reference links from security team.
Issue description : Use of insecure functions/potential dangerous functions
Reference links: CWE-676: Use of Potentially Dangerous Function
CWE-789 - Uncontrolled Memory Allocation
This would explain why SECURITY TEAM is recommending the change of these functions.
Please provide solution for this as soon as possible as it is very urgent.
Thanks and Regards,
Priya Mehndiratta
https://github.com/robbiehanson/CocoaAsyncSocket/blob/master/Source/GCD/GCDAsyncUdpSocket.m
I am getting security threat in GCDAsyncUdpSocke.m class file
There is occurrences of malloc() function which is an insecure function acc to security tool.
void *buf = malloc(bufSize);
void *buf = malloc(bufSize);
Below is the issue description and reference links from security team.
Issue description: Use of insecure functions/potential dangerous functions
Reference links: CWE-676: Use of Potentially Dangerous Function
CWE-789 - Uncontrolled Memory Allocation
This would explain why SECURITY TEAM is recommending the change of these functions.
Thanks and Regards