Your message dated Sun, 27 Mar 2005 07:17:23 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#271287: fixed in flawfinder 1.26-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Sep 2004 12:34:22 +0000
>From [EMAIL PROTECTED] Sun Sep 12 05:34:22 2004
Return-path: <[EMAIL PROTECTED]>
Received: from (mx01.hinterhof.net) [83.137.99.112]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1C6TYk-00012y-00; Sun, 12 Sep 2004 05:34:22 -0700
Received: from localhost (localhost [127.0.0.1])
by mx01.hinterhof.net (Postfix) with ESMTP id 97F47106CF
for <[EMAIL PROTECTED]>; Sun, 12 Sep 2004 14:34:47 +0200 (CEST)
Received: from nautile.roam.hinterhof.net (pD9E76399.dip.t-dialin.net
[217.231.99.153])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "nautile.roam.hinterhof.net", Issuer
"hinterhofCertificateAuthority" (verified OK))
by mx01.hinterhof.net (Postfix) with ESMTP id DFDC9106BD
for <[EMAIL PROTECTED]>; Sun, 12 Sep 2004 14:34:43 +0200 (CEST)
Received: by nautile.roam.hinterhof.net (Postfix, from userid 1000)
id D665410A82D; Sun, 12 Sep 2004 14:34:01 +0200 (CEST)
Date: Sun, 12 Sep 2004 14:34:01 +0200
From: Max Vozeler <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: flawfinder: shows wrong line numbers for this code snippet
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040818i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package: flawfinder
Version: 1.24-1
Severity: normal
flawfinder gets confused with this code snippet from gkermit-1.0/gwart.c
and shows wrong line numbers for the later warnings.
1
2 char *txt2 = "()\n\
3 {\n\
4 int c,actno;\n\
5 extern ";
6
7 /* Data type of state table is inserted here (short or int) */
8
9 char *txt2a =
10 " tbl[];\n\
11 while (1) {\n\
12 c = input() - 32;\n\
13 if (c < 0 || c > 95) c = 0;\n";
14
15 char *txt2b = " if ((actno = tbl[c + state*96]) != -1)\n\
16 switch(actno) {\n";
17
18 /* this program's output goes here, followed by final text... */
19
20 char *txt3 = "\n }\n }\n}\n\n";
21
22 int main(int argc, char **argv)
23 {
24 char buf[128];
25 strcpy(buf, argv[1]);
26 return 0;
27 }
28
/tmp/test.c:17: [2] (buffer) char:
Statically-sized arrays can be overflowed. Perform bounds checking,
use functions that limit length, or ensure that the size is larger than
the maximum possible length.
/tmp/test.c:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination.
Consider using strncpy or strlcpy (warning, strncpy is easily misused).
Cheers,
Max
--
308E81E7B97963BCA0E6ED889D5BD511B7CDA2DC
--EVF5PPMfhYS0aIcm
Content-Type: text/x-csrc; charset=us-ascii
Content-Disposition: attachment; filename="test.c"
char *txt2 = "()\n\
{\n\
int c,actno;\n\
extern ";
/* Data type of state table is inserted here (short or int) */
char *txt2a =
" tbl[];\n\
while (1) {\n\
c = input() - 32;\n\
if (c < 0 || c > 95) c = 0;\n";
char *txt2b = " if ((actno = tbl[c + state*96]) != -1)\n\
switch(actno) {\n";
/* this program's output goes here, followed by final text... */
char *txt3 = "\n }\n }\n}\n\n";
int main(int argc, char **argv)
{
char buf[128];
strcpy(buf, argv[1]);
return 0;
}
--EVF5PPMfhYS0aIcm--
---------------------------------------
Received: (at 271287-close) by bugs.debian.org; 27 Mar 2005 12:27:21 +0000
>From [EMAIL PROTECTED] Sun Mar 27 04:27:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DFWrR-0002zJ-00; Sun, 27 Mar 2005 04:27:21 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DFWhn-0004zz-00; Sun, 27 Mar 2005 07:17:23 -0500
From: Steve Kemp <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#271287: fixed in flawfinder 1.26-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 27 Mar 2005 07:17:23 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: flawfinder
Source-Version: 1.26-2
We believe that the bug you reported is fixed in the latest version of
flawfinder, which is due to be installed in the Debian FTP archive:
flawfinder_1.26-2.diff.gz
to pool/main/f/flawfinder/flawfinder_1.26-2.diff.gz
flawfinder_1.26-2.dsc
to pool/main/f/flawfinder/flawfinder_1.26-2.dsc
flawfinder_1.26-2_all.deb
to pool/main/f/flawfinder/flawfinder_1.26-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Kemp <[EMAIL PROTECTED]> (supplier of updated flawfinder package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 27 Mar 2005 13:04:46 +0000
Source: flawfinder
Binary: flawfinder
Architecture: source all
Version: 1.26-2
Distribution: unstable
Urgency: low
Maintainer: Steve Kemp <[EMAIL PROTECTED]>
Changed-By: Steve Kemp <[EMAIL PROTECTED]>
Description:
flawfinder - examines source code and looks for security weaknesses
Closes: 271287
Changes:
flawfinder (1.26-2) unstable; urgency=low
.
* Patches from Charles Morgan
Improve the handling of non-existant files.
Keep better track of line numbers. (Closes: #271287)
Files:
195b51a53e5feecd156d6a9243fc082c 572 utils optional flawfinder_1.26-2.dsc
860288db74e311f1aa9a9b2962c4b48b 2998 utils optional flawfinder_1.26-2.diff.gz
450f9c41dfd608d4ea00d5dac887ec0e 55882 utils optional flawfinder_1.26-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCRqGswM/Gs81MDZ0RAihiAKCr6lA4L2uNmgnG50U+tw45vxf12QCgsGlf
x/YQ+RgizwKN3oV5l3X8NWg=
=CA4s
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
