Use of Insecure functions/Potential dangerous functions "strlen()" in GCDAsyncSocket.m

App & System Services Core OS
puneet.taneja OP
Created Aug ’20
Replies 2
Boosts 0
Views 2k
Participants 3
https://opensource.apple.com/source/HTTPServer/HTTPServer-11/CocoaHTTPServer/Vendor/CocoaAsyncSocket/GCDAsyncSocket.m.auto.html

In GCDAsyncSocket.m class file

There is one line with strlen() function

  • sizet peerLen = strlen(peer);

in sslstartTLS() method , which is causing Security issue in our project as security team highlighted it as an insecure function in this class with a reference link of CWE-676: Use of Potentially Dangerous Function

Need to provide a fix for this.

Please provide solution for this as soon as possible as it is very urgent.


Replies  2
Boosts  0
Views  2k
Participants  3
Claude31 OP
Aug ’20
I looked here

https :// cwe.mitre. org/data/definitions/676.html

and did not find any reference to strlen (only to strcopy).

Where did you see that strlen() was a risk ?


with a reference link of CWE-676: Use of Potentially Dangerous Function


Coud you provide the link ?
0
DTS Engineer OP
Apple
Aug ’20

Use of Insecure functions/Potential dangerous functions strlen() in GCDAsyncSocket.m

You’ve asked three questions that all have the same answer. I’m going to respond on this one.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@apple.com"

0
Use of Insecure functions/Potential dangerous functions "strlen()" in GCDAsyncSocket.m
First post date Last post date
 
 
Q