Security threat due to insecure function "strncpy()" in UDPEcho.m class

App & System Services Core OS
puneet.taneja OP
Created Aug ’20
Replies 1
Boosts 0
Views 701
Participants 2
Hi,

I am getting security threat in UDPEcho.m class file 

There are 1 occurrence of strncpy function which is an insecure function acc to security tool.

static WCINLINE unsigned int mypskclientcallback(WOLFSSL* ssl, const char* hint,
                         char* identity, unsigned int idmaxlen, unsigned char* key,
                         unsigned int keymaxlen)
{
  (void)ssl;
  (void)hint;
  (void)keymaxlen;

  /* identity is OpenSSL testing default for openssl sclient, keep same */
  strncpy(identity, wolfsslPSKIdentityHint, idmaxlen);
  for(int i = 0; i < wolfsslMasterToken.length; i++)
  {
    key[i] = [wolfsslMasterToken characterAtIndex:i];
  }
  return 16; /* length of key in octets or 0 for error */
}

Below is the issue description and reference links from security team.
Issue description : Use of insecure functions/potential dangerous functions
Reference link: CWE-676: Use of Potentially Dangerous Function
This would explain why SECURITY TEAM is recommending the change of these functions.

Please provide solution for this as soon as possible as it is very urgent.

Thanks and Regards,
Priya Mehndiratta
Replies  1
Boosts  0
Views  701
Participants  2
DTS Engineer OP
Apple
Aug ’20

The answer here is pretty much the same as the answer to all your other questions, so I’ve responded to the overall issue on this thread.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@apple.com"

0
Security threat due to insecure function "strncpy()" in UDPEcho.m class
First post date Last post date
 
 
Q