commit | c1a4b3f179e6e8bf42ba5fe8d8a49fc4c042699f | [log] [tgz] |
---|---|---|
author | Simo Sorce <simo@redhat.com> | Tue May 11 14:24:15 2021 -0400 |
committer | Simo Sorce <simo@redhat.com> | Tue May 11 14:26:32 2021 -0400 |
tree | 5a1b45658ebe542f14f38b068d938aead43678d0 | |
parent | c54e523d9dacdb7eec7f20964df12df9b80f467c [diff] |
Fix potential buffer overflow via fscanf Scanner Output -------------- Error: DC.STREAM_BUFFER (CWE-120): [#def4] libtasn1-4.16.0/src/asn1Coding.c:75: dont_call: "fscanf" assumes an arbitrarily long string, so callers must use correct precision specifiers or never use "fscanf". libtasn1-4.16.0/src/asn1Coding.c:75: remediation: Use correct precision specifiers or implement your own parsing. # 73| int ret; # 74| # 75|-> ret = fscanf (file, "%s", varName); # 76| if (ret == EOF) # 77| return ASSIGNMENT_EOF; Error: DC.STREAM_BUFFER (CWE-120): [#def5] libtasn1-4.16.0/src/asn1Coding.c:81: dont_call: "fscanf" assumes an arbitrarily long string, so callers must use correct precision specifiers or never use "fscanf". libtasn1-4.16.0/src/asn1Coding.c:81: remediation: Use correct precision specifiers or implement your own parsing. # 79| varName[0] = 0; # 80| # 81|-> ret = fscanf (file, "%s", value); # 82| if (ret == EOF) # 83| return ASSIGNMENT_ERROR; Signed-off-by: Simo Sorce <simo@redhat.com>
Branch | CI system | Status |
---|---|---|
Master | Gitlab |
This is GNU Libtasn1, a small ASN.1 library.
The C library (libtasn1.*) is licensed under the GNU Lesser General Public License version 2.1 or later. See the file COPYING.LIB.
The command line tool, self tests, examples, and other auxilliary files, are licensed under the GNU General Public License version 3.0 or later. See the file COPYING.
We require several tools to build the software, including:
The required software is typically distributed with your operating system, and the instructions for installing them differ. Here are some hints:
Debian/Ubuntu:
sudo apt-get install make git autoconf automake libtool bison sudo apt-get install texinfo texlive texlive-extra-utils sudo apt-get install help2man gtk-doc-tools valgrind abigail-tools
Debian <= stretch:
sudo apt-get install texlive-generic-recommended
Debian >= buster:
sudo apt-get install texlive-plain-generic
The next step is to run autoreconf, ./configure, etc:
$ ./bootstrap
Then build the project normally:
$ make $ make check
Happy hacking!
The manual is in the doc/
directory of the release. You can also browse the manual online at:
The coverage report is at:
The project homepage at the gnu site is at: