Chris, do you mind me asking which tool you used to find this. I have been asked to validate WiX for a large company and this is the sort of thing that would look good in my report.
Neil -----Original Message----- From: Christopher Painter [mailto:chr...@deploymentengineering.com] Sent: 16 July 2009 17:12 To: wix-users@lists.sourceforge.net Subject: [WiX-users] Fortify 360 Security Scan We ran WiX v3.0 GA through a security auditing tool and it reported several issues: cabcutil.cpp:531 ( Buffer Overflow ) cabcutil.cpp:577 ( Buffer Overflow ) strutil.cpp:1174 ( Buffer Overflow ) strutil.cpp:337 ( Buffer Overflow ) xmlutil.cpp:650 ( Buffer Overflow: Off-by-One) I've been asked to pass this to the WiX team for review in terms of remediation and to ask are any of these files used in CustomActions or are they strictly design/build time files? Thanks, Chris Details follow: cabcutil.cpp:531 ( Buffer Overflow ) Abstract: The function AddNDuplicateFile() in cabcutil.cpp writes outside the bounds of pv on like 531, which could corrupt data, cause the program to crash, or lead to the execution of malicious code. cabcutil.cpp:577 ( Buffer Overflow ) Abstract: The function AddNonDuplicateFile() in cabcutil.cpp writes outside the bounds of pv on like 577, which could corrupt data, cause the program to crash, or lead to the execution of malicious code. strutil.cpp:1174 ( Buffer Overflow ) Abstract: The function MultiSzPrepend()() in strutil.cppp writes outside the bounds of pwzResult on like 1174, which could corrupt data, cause the program to crash, or lead to the execution of malicious code. strutil.cpp:337 ( Buffer Overflow ) Abstract: The function StrAllocPrefix()() in strutil.cppp writes outside the bounds of pwzResult on like 337, which could corrupt data, cause the program to crash, or lead to the execution of malicious code. xmlutil.cpp:650 ( Buffer Overflow: Off-by-One) Abstract: The program writes just past the bounds of allocated memory, which could corrupt data, crash the program, or lead to the execution of malicious code. General Reccomendations From Tool: Never use inherently unsafe functions, such as gets(), and avoid the use of functions that are difficult to use safely such as strcpy(). Replace unbounded functions like strcpy() with their bound equivalents, such as strncpy() or the WinAPI functions defined in strsafe.h [4]. ( More available from tool ) ------------------------------------------------------------------------ ------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
