We ran WiX v3.0 GA through a security auditing tool and it reported several
issues:
cabcutil.cpp:531 ( Buffer Overflow )
cabcutil.cpp:577 ( Buffer Overflow )
strutil.cpp:1174 ( Buffer Overflow )
strutil.cpp:337 ( Buffer Overflow )
xmlutil.cpp:650 ( Buffer Overflow: Off-by-One)
I've been asked to pass this to the WiX team for review in terms of remediation
and to ask are any of these files used in CustomActions or are they strictly
design/build time files?
Thanks,
Chris
Details follow:
cabcutil.cpp:531 ( Buffer Overflow )
Abstract: The function AddNDuplicateFile() in cabcutil.cpp writes outside the
bounds of pv on like 531, which could corrupt data, cause the program to crash,
or lead to the execution of malicious code.
cabcutil.cpp:577 ( Buffer Overflow )
Abstract: The function AddNonDuplicateFile() in cabcutil.cpp writes outside
the bounds of pv on like 577, which could corrupt data, cause the program to
crash, or lead to the execution of malicious code.
strutil.cpp:1174 ( Buffer Overflow )
Abstract: The function MultiSzPrepend()() in strutil.cppp writes outside the
bounds of pwzResult on like 1174, which could corrupt data, cause the program
to crash, or lead to the execution of malicious code.
strutil.cpp:337 ( Buffer Overflow )
Abstract: The function StrAllocPrefix()() in strutil.cppp writes outside the
bounds of pwzResult on like 337, which could corrupt data, cause the program to
crash, or lead to the execution of malicious code.
xmlutil.cpp:650 ( Buffer Overflow: Off-by-One)
Abstract: The program writes just past the bounds of allocated memory, which
could corrupt data, crash the program, or lead to the execution of malicious
code.
General Reccomendations From Tool:
Never use inherently unsafe functions, such as gets(), and avoid the use of
functions that are difficult to use safely such as strcpy(). Replace unbounded
functions like strcpy() with their bound equivalents, such as strncpy() or the
WinAPI functions defined in strsafe.h [4]. ( More available from tool )
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users
