开放源代码软件Apache 成熟度评估报告 - 开源中国社区- 软件镜像下载
开放源代码软件Apache 成熟度评估报告 - 开源中国社区- 软件镜像下载
开放源代码软件Apache 成熟度评估报告 - 开源中国社区- 软件镜像下载
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
‣ 启 动 和 停 止 Apache。‣ 处 理 配 置 文 件 (config.c)。‣ 接 受 和 处 理 HTTP 连 接 。‣ 读 取 HTTP 请 求 并 对 该 请 求 进 行 处 理 。‣ 处 理 HTTP 协 议 。可 选 功 能 层可 选 功 能 层 通 常 指 Apache 模 块 。 如 前 所 述 , 除 了 mod_core 和 mod_so 模 块 之 外 , 其余 的 模 块 都 属 于 可 选 模 块 , 在 必 要 的 时 候 可 以 被 mod_so 模 块 加 载 到 Apache 中 , 而 在 不需 要 的 时 候 也 可 以 从 Apache 中 卸 载 。 比 如 , 如 果 需 要 Apache 服 务 器 支 持 安 全 套 接 字 层(Secure Socket Layer,SSL), 那 么 毫 无 疑 问 , 我 们 必 须 将 mod_ssl 模 块 加 载 到 核 心中 。 目 前 Apache 中 的 大 部 分 代 码 都 是 使 用 C 语 言 编 写 的 , 如 果 你 要 支 持 使用 Perl 编 写 的 模 块 , 那 么 你 就 必 须 将 mod_perl 模 块 也 加 载 到 服 务 器 中 。第 三 方 支 持 库在 Apache 的 一 些 模 块 中 会 使 用 到 第 三 方 的 开 发 库 , 比 如 mod_ssl 就 使 用 了OpenSSL,mod_perl 则 使 用 了 Perl 开 发 库 。 这 些 第 三 方 支 持 库 虽 然 被 Apache 使 用 , 但严 格 来 说 它 们 并 不 属 于 Apache 的 一 部 分 。分 析 结 论本 软 件 虽 然 由 C 语 言 写 成 , 但 程 序 的 构 造 多 参 考 面 向 对 象 的 设 计 。 整 个 程 序 架 构 完整 , 结 构 灵 活 , 可 移 植 性 较 强 。 软 件 的 设 计 者 不 仅 为 用 户 停 工 了 丰 富 的 功 能 , 而 且 在 各个 层 面 都 为 程 序 的 可 扩 展 性 和 部 署 的 灵 活 性 留 下 接 口 。 在 Apache 中 , 使 用 插 件 的 形 式 来增 加 服 务 的 功 能 。 同 时 ,Apache 提 供 了 一 个 插 件 的 公 共 接 口 给 开 发 者 , 方 便 第 三 方 提 供额 外 的 插 件 。评 测 工 具 介 绍源 代 码 质 量 管 理 工 具 , 可 集 成 各 种 源 代 码 静 态 分 析 工 具 , 支 持 c/c++,java,php,pthyon 等 语 言 , 通 过 该 工 具 可 以 了 解 源 代 码 的 包 括 缺 陷 、 漏 洞 等 质 量 情 况 , 以 及 代 码行 , 架 构 等 软 件 度 量 信 息 , 帮 助 了 解 整 体 代 码 的 成 熟 度 。 主 要 特 点 为 代 码 覆 盖 : 通 过 单元 测 试 , 将 会 显 示 哪 行 代 码 被 选 中 ; 改 善 编 码 规 则 ; 搜 寻 编 码 规 则 : 按 照 名 字 , 插 件 ,激 活 级 别 和 类 别 进 行 查 询 ; 项 目 搜 寻 : 按 照 项 目 的 名 字 进 行 查 询 ; 对 比 数 据 : 比 较 同 一张 表 中 的 任 何 测 量 的 趋 势 ;RATS(Rough Auditing Tool for Security) 是 一 个 开 源 的 静 态 代 码 分 析 工 具 , 它 由Secure Software 公 司 开 发 和 维 护 ,Secure Software 公 司 已 被 Fortify 软 件 公 司 收 购(Fortify 软 件 公 司 现 已 被 HP 公 司 收 购 )。RATS 可 对 C,C++,Perl,PHP,Python 等5
跨 平 台 , 可 以 在 Linux、BSD、Solaris、Windows、Mac OS X 等 多 种 平 台 上 运 行 , 而且 非 常 安 全 性 、 稳 定 。Apache 目 前 已 经 演 变 成 了 “LAMP” 软 件 套 件 , 即 Linux、Apache、MySQL 和PHP 的 联 合 体 , 这 一 web 平 台 开 源 且 稳 定 , 得 到 了 相 当 广 泛 应 用 。Apache 可 用 性 性 研 究‣ 支 持 最 新 的 HTTP/1.1 通 信 协 议 ;‣ 拥 有 简 单 而 强 大 的 基 于 文 件 的 配 置 过 程 ;‣ 支 持 通 用 网 关 接 口 ;‣ 支 持 基 于 IP 和 基 于 域 名 的 虚 拟 主 机 ;‣ 支 持 多 种 方 式 的 HTTP 认 证 ;‣ 集 成 Perl 处 理 模 块 ;‣ 集 成 代 理 服 务 器 模 块 ;‣ 支 持 实 时 监 视 服 务 器 状 态 和 定 制 服 务 器 日 志 ;‣ 支 持 服 务 器 端 包 含 指 令 (SSI);‣ 支 持 安 全 Socket 层 (SSL);‣ 提 供 用 户 会 话 过 程 的 跟 踪 ;‣ 支 持 FastCGI;‣ 通 过 第 三 方 模 块 可 以 支 持 Java Servlets。社 区 及 项 目 组 织Apache 项 目 是 一 个 典 型 的 服 务 器 端 开 源 软 件 , 项 目 由 几 位 在 HA 应 用 集 群 领 域 活跃 的 软 件 作 者 主 持 , 项 目 借 助 网 络 , 如 Mail List,IRC, 论 坛 等 工 具 进 行 交 流 , 吸 引 大量 参 与 者 参 与 开 发 、 测 试 、 书 写 应 用 文 档 。 同 时 , 项 目 也 吸 引 了 一 些 公 司 的 支 持 与 参与 。 该 项 目 在 实 际 环 境 中 有 大 量 应 用 , 一 些 企 业 也 将 其 作 为 自 己 解 决 方 案 的 一 部 分 ,提 供 了 许 多 应 用 案 例 , 取 得 大 量 反 馈 意 见 , 极 大 的 推 动 了 该 软 件 的 应 用 与 发 展 。License 问 题Apache 使 用 Apache License 2.0 协 议 。7
软 件 成 熟 度 评 估软 件 成 熟 度 属 性 定 义 与 量 化IDClass NameWeight01 技 术 架 构 设 计 402 代 码 质 量 403 软 件 易 用 性 104 软 件 可 用 性 405 项 目 建 设 与 管 理 206 项 目 的 活 跃 程 度 407 项 目 测 试 情 况 208 软 件 应 用 支 持 409 软 件 法 律 问 题 1以 下 为 各 属 性 类 的 属 性 定 义 :IDClass NameEntry Weight Value Memo01 技 术 架 构 设计02 技 术 架 构 设计03 技 术 架 构 设计合 理 性 4 5可 扩 展 性 3 5可 移 植 性 2 4040506IDClass NameEntry Weight Value Memo01 代 码 质 量 代 码 错 误 率 4 402 代 码 质 量 代 码 可 读 性 4 403 代 码 质 量 代 码 复 杂 度 2 5048
0506IDClass NameEntry Weight Value Memo01 软 件 易 用 性 易 理 解 性 2 302 软 件 易 用 性 易 学 习 性 2 403 软 件 易 用 性 易 操 作 性 4 3040506IDClass NameEntry Weight Value Memo01 软 件 可 用 性 完 备 性 3 502 软 件 可 用 性 正 确 性 4 503 软 件 可 用 性 可 靠 性 4 404 软 件 可 用 性 安 全 性 2 40506IDClass NameEntry Weight Value Memo01 项 目 建 设 与管 理02 项 目 建 设 与管 理03 项 目 建 设 与管 理组 织 架 构 2 5开 发 管 理 4 4网 站 建 设 3 50405IDClass NameEntry Weight Value Memo01 项 目 的 活 跃程 度版 本 发 布 周期2 502 项 目 的 活 跃程 度软 件 下 载 量 3 59
Apache 软 件 成 熟 度 评 估 结 论按 照 我 们 的 开 放 源 代 码 软 件 评 估 体 系 计 算 模 型 的 公 司 进 行 计 算 , 最 终 该 软 件 的 评 估值 为 :342.16。总 结通 过 对 开 源 软 件 成 熟 度 评 估 体 系 的 描 述 , 以 及 我 们 应 用 该 评 价 模 型 进 行 的 两 个 试验 案 例 。 证 明 了 评 估 模 型 的 正 确 性 和 实 用 性 , 为 我 们 今 后 从 事 开 源 软 件 评 估 工 作 奠 定了 基 础 。参 考1 Apache 服 务 器 官 方 网 站 http://httpd.apache.org2 Apache 软 件 基 金 会 官 方 网 站 http://www.apache.org3 Apache2.2 中 文 手 册 http://apache.blinux.cn4 详 解 Apache 的 安 装 与 配 置 说 明http://technic.xkq.com/20090607/96414.html5 详 解 Apache 的 优 化 设 置 http://technic.xkq.com/20090607/96415.html6 采 用 mod_ssl 让 Apache 更 加 安 全http://www.cangfengzhe.com/wenzhang/article_214.html附 录Apache 软 件 代 码 质 量 评 测 报 告 :RATS 扫 描 结 果 节 选 如 下 :RATS results.Severity: HighIssue: getsGets is unsafe!! No bounds checking is performed, buffer is easilyoverflowable by user. Use fgets(buf, size, stdin) instead. File:httpd-2.2.15//test/test_find.c Line:67[10] if (!gets(line))11
File: httpd-2.2.15//test/test_find.c Line:71[12]while (gets(tok)) {File: httpd-2.2.15//test/test_parser.c Line:67[12]while (gets(instr)) {Severity: HighIssue: sprintfCheck to be sure that the format string passed as argument 2 to this functioncall does not come from an untrusted source that could have added formattingcharacters that the code is not prepared to handle. Additionally, the formatstring could contain `%s' without precision that could result in a bufferoverflow.File: httpd-2.2.15//test/cls.c Line:123[9]sprintf(path, "%s/%s", argv[1], s); File:httpd-2.2.15//test/zb.c Line:456[3]sprintf(request,"GET %s HTTP/1.0\r\nUser-Agent: ZeusBench/1.0\r\n"File: httpd-2.2.15//srclib/apr-util/dbd/apr_dbd_freetds.c Line:478[5]sprintf(pquery, "CREATE PROC apr.%s", label);File: httpd-2.2.15//srclib/apr-util/xml/apr_xml.c Line:765[19]len = sprintf(s, "name, attr->value); File: httpd-2.2.15//srclib/apr-util/xml/apr_xml.c Line:778[23] len =sprintf(s, " ns%d:%s=\"%s\"", ns, attr->name, attr->value); File:httpd-2.2.15//srclib/apr-util/xml/apr_xml.c Line:788[19] len =sprintf(s, " xml:lang=\"%s\"", elem->lang);File: httpd-2.2.15//srclib/apr-util/xml/apr_xml.c Line:797[23]len = sprintf(s, " xmlns:ns%d=\"%s\"", i,File: httpd-2.2.15//srclib/apr-util/xml/apr_xml.c Line:832[19]len = sprintf(s, "", elem->name);File: httpd-2.2.15//srclib/apr-util/xml/apr_xml.c Line:836[19]len = sprintf(s, "", ns, elem->name);File: httpd-2.2.15//srclib/apr-util/test/testbuckets.c Line:103[5]sprintf(msg, "%s: flatten brigade", ctx);File: httpd-2.2.15//srclib/apr-util/test/testbuckets.c Line:105[5]sprintf(msg, "%s: length match (%ld not %ld)", ctx,12
File: httpd-2.2.15//srclib/apr-util/test/testbuckets.c Line:108[5]sprintf(msg, "%s: result match", msg);File: httpd-2.2.15//srclib/apr-util/test/testutil.c Line:34[9]sprintf(buf, "%s (%d): %s\n", context, rv,File: httpd-2.2.15//srclib/apr-util/test/testdate.c Line:128[5]sprintf(ts, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", days[tms->tm_wday],File: httpd-2.2.15//srclib/pcre/pcreposix.c Line:176[5]sprintf(errbuf, "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);File: httpd-2.2.15//srclib/apr/test/testutil.c Line:33[9]sprintf(buf, "%s (%d): %s\n", context, rv,File: httpd-2.2.15//srclib/apr/test/testglobalmutex.c Line:100[9]sprintf(buf, "global mutex '%s' failed: %d not %d", File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:27[5] sprintf(buf, "%"APR_SSIZE_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:38[5]sprintf(buf, "%" APR_SIZE_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:49[5]sprintf(buf, "%" APR_OFF_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:60[5]sprintf(buf, "%" APR_PID_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:71[5]sprintf(buf, "%" APR_INT64_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:82[5]sprintf(buf, "%" APR_UINT64_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:93[5]sprintf(buf, "%" APR_UINT64_T_HEX_FMT, var);File: httpd-2.2.15//srclib/apr/dso/unix/dso.c Line:193[5]sprintf(symname2, "_%s", symname);File: httpd-2.2.15//srclib/apr/dso/unix/dso.c Line:221[5]sprintf(symbol, "_%s", symname);File: httpd-2.2.15//support/suexec.c Line:228[5]sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH); File:httpd-2.2.15//support/htdigest.c Line:147[5]sprintf(string, "%s:%s:%s", user, realm, pw);File: httpd-2.2.15//support/rotatelogs.c13
Line:251[17] sprintf(buf2, "%s.%010d", szLogRoot,tLogStart);File: httpd-2.2.15//modules/dav/main/util_lock.c Line:120[9]sprintf(tmp, "%s" DEBUG_CR,File: httpd-2.2.15//modules/dav/fs/repos.c Line:302[5]sprintf(buf,File: httpd-2.2.15//modules/dav/fs/repos.c Line:1868[16](void) sprintf(buf, "%" APR_OFF_T_FMT, resource->info->finfo.size);Severity: HighIssue: printfCheck to be sure that the non-constant format string passed as argument 1to this function call does not come from an untrusted source that couldhave added formatting characters that the code is not prepared to handle.File: httpd-2.2.15//test/time-sem.c Line:148[5] printf("opening " FNAME "in current directory\n"); File: httpd-2.2.15//srclib/apr/test/sendfile.cLine:292[9] printf("bytes really sent: %" APR_SIZE_T_FMT "\n", File:httpd-2.2.15//srclib/apr/test/sockperf.c Line:234[13] printf("%6"APR_TIME_T_FMT, results[i].msecs[j]); File: httpd-2.2.15//srclib/apr/test/sockperf.c Line:238[9] printf("\t Average: %6"APR_TIME_T_FMT "\n",File: httpd-2.2.15//srclib/apr/test/testlockperf.c Line:121[5]printf("microseconds: %" APR_INT64_T_FMT " usec\n",File: httpd-2.2.15//srclib/apr/test/testlockperf.c Line:169[5]printf("microseconds: %" APR_INT64_T_FMT " usec\n",File: httpd-2.2.15//srclib/apr/test/testlockperf.c Line:217[5]printf("microseconds: %" APR_INT64_T_FMT " usec\n", File:httpd-2.2.15//srclib/apr/build/jlibtool.c Line:564[9]printf("Version " VERSION "\n");File: httpd-2.2.15//support/htpasswd.c Line:531[13] printf("%s" NL,record);File: httpd-2.2.15//support/win32/wintty.c Line:142[21] printf(options,arg0);File: httpd-2.2.15//support/ab.c Line:758[5]printf("Document Length: %" APR_SIZE_T_FMT " bytes\n", doclen); File:httpd-2.2.15//support/ab.c Line:772[5] printf("Total transferred: %"APR_INT64_T_FMT " bytes\n", totalread);14
File: httpd-2.2.15//support/ab.c Line:774[9]printf("Total POSTed: %" APR_INT64_T_FMT "\n", totalposted); File:httpd-2.2.15//support/ab.c Line:776[9]printf("Total PUT: %" APR_INT64_T_FMT "\n", totalposted); File:httpd-2.2.15//support/ab.c Line:777[5]printf("HTML transferred: %" APR_INT64_T_FMT " bytes\n", totalbread);File: httpd-2.2.15//support/ab.c Line:911[13]printf("Connect: " CONF_FMT_STRING, File:httpd-2.2.15//support/ab.c Line:913[13]printf("Processing: " CONF_FMT_STRING, File:httpd-2.2.15//support/ab.c Line:915[13]printf("Waiting: " CONF_FMT_STRING, File:httpd-2.2.15//support/ab.c Line:917[13]printf("Total: " CONF_FMT_STRING, File:httpd-2.2.15//support/ab.c Line:940[13]printf("Connect: " CONF_FMT_STRING, mincon, meancon, maxcon);File: httpd-2.2.15//support/ab.c Line:941[13]printf("Processing: " CONF_FMT_STRING, mintot - mincon, File:httpd-2.2.15//support/ab.c Line:944[13]printf("Total: " CONF_FMT_STRING, mintot, meantot, maxtot); File:httpd-2.2.15//support/ab.c Line:956[21]printf(" 100%% %5" APR_TIME_T_FMT " (longest request)\n",File: httpd-2.2.15//support/ab.c Line:959[21]printf(" %d%% %5" APR_TIME_T_FMT "\n", percs[i], File:httpd-2.2.15//support/ab.c Line:1031[5] printf("DocumentLength:"File: httpd-2.2.15//support/ab.c Line:1057[5] printf("Totaltransferred:"File: httpd-2.2.15//support/ab.c Line:1061[9] printf("TotalPOSTed:"File: httpd-2.2.15//support/ab.c Line:1065[9] printf("TotalPUT:"File: httpd-2.2.15//support/ab.c Line:1068[5] printf("HTMLtransferred:"File: httpd-2.2.15//support/ab.c Line:1122[13]printf("Connect:"15
File: httpd-2.2.15//support/ab.c Line:1127[13]printf("Processing:"File: httpd-2.2.15//support/ab.c Line:1133[13]printf("Total:"File: httpd-2.2.15//server/main.c Line:118[5]printf(" -D OS=\"" OS "\"\n");File: httpd-2.2.15//server/main.c Line:122[5] printf("-D APACHE_MPM_DIR=\"" APACHE_MPM_DIR "\"\n"); File:httpd-2.2.15//server/main.c Line:221[5] printf(" -DHTTPD_ROOT=\"" HTTPD_ROOT "\"\n"); File: httpd-2.2.15//server/main.c Line:225[5] printf(" -DSUEXEC_BIN=\"" SUEXEC_BIN "\"\n"); File: httpd-2.2.15//server/main.c Line:229[5]printf(" -D SHARED_CORE_DIR=\"" SHARED_CORE_DIR "\"\n");File: httpd-2.2.15//server/main.c Line:233[5] printf(" -DDEFAULT_PIDLOG=\"" DEFAULT_PIDLOG "\"\n"); File: httpd-2.2.15//server/main.c Line:237[5]printf(" -D DEFAULT_SCOREBOARD=\"" DEFAULT_SCOREBOARD "\"\n"); File:httpd-2.2.15//server/main.c Line:241[5]printf(" -D DEFAULT_LOCKFILE=\"" DEFAULT_LOCKFILE "\"\n"); File:httpd-2.2.15//server/main.c Line:245[5]printf(" -D DEFAULT_ERRORLOG=\"" DEFAULT_ERRORLOG "\"\n"); File:httpd-2.2.15//server/main.c Line:249[5]printf(" -D AP_TYPES_CONFIG_FILE=\"" AP_TYPES_CONFIG_FILE "\"\n");File: httpd-2.2.15//server/main.c Line:253[5]printf(" -D SERVER_CONFIG_FILE=\"" SERVER_CONFIG_FILE "\"\n"); File:httpd-2.2.15//server/mpm_common.c Line:1046[9] printf("httpd MPM \""MPM_NAME "\" does not support gracefulstop\n");Severity: HighIssue: gethostbynameDNS results can easily be forged by an attacker (or arbitrarily set tolarge values, etc), and should not be trusted. File: httpd-2.2.15//test/zb.c Line:440[10]he = gethostbyname(machine);File: httpd-2.2.15//test/test_limits.c Line:123[15]if ((he = gethostbyname(addr)) == NULL) {File: httpd-2.2.15//srclib/apr/network_io/unix/sockaddr.c Line:510[14]16
hp = gethostbyname(hostname);File: httpd-2.2.15//support/logresolve.c Line:194[28]hostdata = gethostbyname(name);File: httpd-2.2.15//modules/arch/netware/mod_nw_ssl.c Line:183[11]hep = gethostbyname(w);Severity: HighIssue: getoptTruncate all input strings to a reasonable length before passing them to thisfunctionFile: httpd-2.2.15//test/zb.c Line:530[15] while ((c= getopt(argc,argv,"p:n:c:d:t:d:k"))>0) { File:httpd-2.2.15//test/test_limits.c Line:94[17] while((o = getopt(argc, argv, "t:a:p:n:")) != EOF)Severity: HighIssue: strcpyCheck to be sure that argument 2 passed to this function call will not copymore data than can be handled, resulting in a buffer overflow.File: httpd-2.2.15//srclib/apr-util/crypto/apr_md5.c Line:602[5]strcpy(passwd, apr1_id);File: httpd-2.2.15//srclib/apr-util/dbd/apr_dbd_freetds.c Line:239[5]strcpy(p_out, p_in);File: httpd-2.2.15//srclib/apr-util/dbd/apr_dbd_odbc.c Line:894[9]strcpy(dbc->lastError, successMsg);File: httpd-2.2.15//srclib/apr-util/dbd/apr_dbd_odbc.c Line:1327[9]strcpy(data, p);File: httpd-2.2.15//srclib/apr/threadproc/win32/proc.c Line:705[17]strcpy(pNext, env[i]);File: httpd-2.2.15//srclib/apr/threadproc/os2/proc.c Line:380[9]strcpy(interpreter, "#!" SHELL_PATH);File: httpd-2.2.15//srclib/apr/threadproc/os2/proc.c Line:406[29]strcpy(interpreter+2, buffer);File: httpd-2.2.15//srclib/apr/threadproc/os2/proc.c Line:410[33]strcpy(interpreter+2, buffer);File: httpd-2.2.15//srclib/apr/threadproc/os2/proc.c Line:467[9]strcpy(cmdline_pos, a);17
File: httpd-2.2.15//srclib/apr/threadproc/os2/proc.c Line:488[13]strcpy(env_block_pos, env[e]);File: httpd-2.2.15//srclib/apr/network_io/unix/inet_ntop.cLine:240[5] strcpy(dst, tmp);File: httpd-2.2.15//srclib/apr/network_io/unix/sockaddr.c Line:807[9]strcpy(buf, network);File: httpd-2.2.15//srclib/apr/test/testtime.c Line:191[5]strcpy(libc_str, ctime(&posix_sec));File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:532[9]strcpy(value, equal_pos + 1);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:534[9] strcpy(var,arg);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:660[9]strcpy(newname, newname + 4);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:665[9]strcpy(newname + 8, strchr(newname, '.'));File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:808[9]strcpy(newext, STATIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:811[9]strcpy(newext, DYNAMIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:814[9]strcpy(newext, MODULE_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:861[13]strcpy(ext, OBJECT_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:900[5]strcpy(newarg, arg);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:909[5]strcpy(newarg+newpathlen, arg+pathlen);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:921[17]strcpy(ext, DYNAMIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:928[13]strcpy(ext, STATIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:932[13]strcpy(ext, MODULE_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:936[13]strcpy(ext, OBJECT_EXT);18
File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:989[5]strcpy(newarg, arg);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1063[5]strcpy(tmp, LINKER_FLAG_PREFIX);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1066[5]strcpy(tmp, RPATH);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1126[5]strcpy(exp_argument, install_path);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1131[5]strcpy(exp_argument+cur_len, DYNAMIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1134[5]strcpy(exp_argument+cur_len, current_path);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1139[5]strcpy(exp_argument+cur_len, DYNAMIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1178[5]strcpy(newarg, LINKER_FLAG_PREFIX);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1399[13]strcpy(cmd_data->basename, arg);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1449[9]strcpy(newarg, arg);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1487[9]strcpy(newarg, arg);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1489[9]strcpy(ext, OBJECT_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1589[9]strcpy(def_file, cmd_data->output_name);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1605[13]strcpy(cmd, GEN_EXPORTS);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1953[13]strcpy(fullname, dirname);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:157[9]strcpy(value, equal_pos + 1);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:159[9]strcpy(var, arg);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:258[9]strcpy(newarg, arg);19
File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:267[9]strcpy(newarg, arg);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:279[11]strcpy(ext, DYNAMIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:282[11]strcpy(ext, STATIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:292[13]strcpy(cmd_data->stub_name, arg);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:331[9]strcpy(newarg, arg);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:354[9]strcpy(newext, shared ? DYNAMIC_LIB_EXT : STATIC_LIB_EXT); File:httpd-2.2.15//srclib/apr/build/aplibtool.c Line:371[9]strcpy(newarg, arg);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:373[9]strcpy(ext, OBJECT_EXT);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:555[5]strcpy(tmpdir, lib);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:565[5]strcpy(cmd, LIBRARIAN " x ");File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:582[13]strcpy(cmd, tmpdir);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:608[13]strcpy(fullname, dirname);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:644[9]strcpy(def_file, cmd_data->output_name);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:660[13]strcpy(cmd, GEN_EXPORTS);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:719[5]strcpy(buffer, name);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:746[9]strcpy(newname, newname + 4);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:751[9]strcpy(newname + 8, strchr(newname, '.'));File: httpd-2.2.15//srclib/apr/tables/apr_tables.c Line:1148[21]strcpy(val_dst, (*next)->val);20
File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:297[17]strcpy(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:468[9]strcpy(errbuf, strerror(errno));File: httpd-2.2.15//support/htdigest.c Line:261[9]strcpy(l, line);File: httpd-2.2.15//support/htpasswd.c Line:227[5]strcpy(record, user);File: httpd-2.2.15//support/htpasswd.c Line:567[13]strcpy(cp, line);File: httpd-2.2.15//support/ab.c Line:1654[9] strcpy(buff,request);File: httpd-2.2.15//support/ab.c Line:2114[17] strcpy(content_type,optarg);File: httpd-2.2.15//support/ab.c Line:2185[21]strcpy(proxyhost, optarg);File: httpd-2.2.15//modules/metadata/mod_headers.c Line:571[5]strcpy(ret + pmatch[0].rm_so, subs);File: httpd-2.2.15//modules/proxy/mod_proxy_balancer.c Line:754[17]strcpy(wsel->s->route, val);File: httpd-2.2.15//modules/proxy/mod_proxy_balancer.c Line:760[17]strcpy(wsel->s->redirect, val);File: httpd-2.2.15//modules/proxy/proxy_util.c Line:1227[17]strcpy(ret + doffs + pdiff + l2, domaine);File: httpd-2.2.15//modules/proxy/proxy_util.c Line:1234[17]strcpy(ret + poffs + ddiff + l1, pathe);File: httpd-2.2.15//modules/proxy/proxy_util.c Line:1240[13]strcpy(ret + poffs + l1, pathe);File: httpd-2.2.15//modules/proxy/proxy_util.c Line:1249[13]strcpy(ret + doffs+l2, domaine);File: httpd-2.2.15//modules/proxy/proxy_util.c Line:1843[9]strcpy(worker->s->route, worker->route);File: httpd-2.2.15//modules/proxy/proxy_util.c Line:1849[9]strcpy(worker->s->redirect, worker->redirect);File: httpd-2.2.15//modules/ldap/util_ldap_cache_mgr.c Line:123[13]strcpy(buf, s);21
File: httpd-2.2.15//modules/aaa/mod_authnz_ldap.c Line:906[9]strcpy(p, urld->lud_host);File: httpd-2.2.15//modules/dav/main/mod_dav.c Line:1778[9] strcpy(s,elts[i].key);File: httpd-2.2.15//modules/arch/win32/mod_isapi.c Line:521[17]strcpy(buf_data, elts[i].key);File: httpd-2.2.15//modules/arch/win32/mod_isapi.c Line:524[17]strcpy(buf_data, elts[i].val);File: httpd-2.2.15//modules/arch/win32/mod_isapi.c Line:556[13]strcpy(buf_data, elts[i].key);File: httpd-2.2.15//modules/arch/win32/mod_isapi.c Line:560[13]strcpy(buf_data, elts[i].val);22
File: httpd-2.2.15//modules/arch/win32/mod_isapi.c Line:580[9]strcpy(buf_data, result);File: httpd-2.2.15//modules/arch/netware/mod_nw_ssl.c Line:537[5]strcpy(new->key, key);File: httpd-2.2.15//modules/arch/netware/mod_nw_ssl.c Line:588[5]strcpy(new->key, key);File: httpd-2.2.15//modules/loggers/mod_log_forensic.c Line:214[5]strcpy(h.pos, id);File: httpd-2.2.15//server/log.c Line:695[9]strcpy(errstr + len, APR_EOL_STR);File: httpd-2.2.15//server/util_script.c Line:535[13]strcpy(malformed, MALFORMED_MESSAGE);File: httpd-2.2.15//server/mpm/winnt/mpm_winnt.c Line:667[9]strcpy(args[0], cmd);File: httpd-2.2.15//server/request.c Line:1034[17] strcpy(seg_name,thisinfo.name);Severity: High Issue: strncatConsider using strlcat() instead.File: httpd-2.2.15//srclib/apr-util/crypto/apr_md5.c Line:603[5]strncat(passwd, sp, sl);File: httpd-2.2.15//server/util_script.c Line:536[13]strncat(malformed, w, MALFORMED_HEADER_LENGTH_TO_SHOW);Severity: HighIssue: strncatCheck to be sure that argument 1 passed to this function call will notcopy more data than can be handled, resulting in a buffer overflow. File:httpd-2.2.15//srclib/apr-util/crypto/apr_md5.c Line:603[5] strncat(passwd,sp, sl);File: httpd-2.2.15//server/util_script.c Line:536[13]strncat(malformed, w, MALFORMED_HEADER_LENGTH_TO_SHOW);Severity: HighIssue: strcatCheck to be sure that argument 2 passed to this function call will notcopy more data than can be handled, resulting in a buffer overflow.File:
File: httpd-2.2.15//srclib/apr-util/dbd/apr_dbd_freetds.c Line:486[5]strcat(pquery, stmt->fmt);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:391[13]strcat(newval, cc->vals[i]);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:798[9]strcat(newarg, jlibtool_basename(name));File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:801[9]strcat(newarg, name); httpd-2.2.15//srclib/apr/build/jlibtool.cLine:1064[5] strcat(tmp, RPATH);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1071[5]strcat(tmp, path);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1164[9]strcat(newarg, file);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1179[5]strcat(newarg, arg);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1452[9]strcat(newarg, EXE_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1609[17]strcat(cmd, cmd_data->obj_files[a] );File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1613[13]strcat(cmd, def_file);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1628[13]strcat(implib_file, cmd_data->basename);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1635[13]strcat(implib_file, STATIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1653[5]strcat(newpath, foo);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1655[5]strcat(newpath, relpath);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1685[13]strcat(tmp, c->install_path);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1686[13]strcat(tmp, strrchr(c->shared_name.normal, '/')); File:httpd-2.2.15//srclib/apr/build/jlibtool.c Line:1955[13]strcat(fullname, entry->d_name);File:
File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:275[9]strcat(newarg, name);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:332[9]strcat(newarg, EXE_EXT);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:352[9]strcat(newarg, arg);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:499[13]strcat(command, cmd_data->arglist[a]);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:575[5]strcat(cmd, name);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:584[13]strcat(cmd, entry->d_name);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:610[13]strcat(fullname, entry->d_name);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:664[17]strcat(cmd, cmd_data->obj_files[a] ); httpd-2.2.15//srclib/apr/build/aplibtool.c Line:668[13] strcat(cmd,def_file);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:683[13]strcat(implib_file, cmd_data->stub_name);File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:690[13]strcat(implib_file, STATIC_LIB_EXT);File: httpd-2.2.15//srclib/apr/file_io/win32/filepath.c Line:86[13]strcat(newpath, seperator);File: httpd-2.2.15//srclib/apr/dso/os2/dso.c Line:101[9]strcat(message, dso->failed_module);File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:268[9]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:274[9]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:287[9]strcat(errbuf, path);File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:305[13]strcat(errbuf, strerror(errno));File:
File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:315[9]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:329[17]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:389[9]strcat(errbuf, p);File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:393[9]strcat(errbuf, p);File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:397[9]strcat(errbuf, p);File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:401[9]strcat(errbuf, p);File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:404[9]strcat(errbuf, strerror(atoi(++p)));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:407[9]strcat(errbuf, s);File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:427[5]strcat(errbuf, symbol);File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:523[9]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:532[13]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:539[9]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:566[9]strcat(errbuf, strerror(errno)); httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:599[9]File:
strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:630[9]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:683[9]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:692[13]strcat(errbuf, strerror(errno));File: httpd-2.2.15//srclib/apr/dso/aix/dso.c Line:699[9]strcat(errbuf, strerror(errno));File: httpd-2.2.15//support/htpasswd.c Line:229[5]strcat(record, cpw);File: httpd-2.2.15//modules/metadata/mod_headers.c Line:572[5]strcat(ret, value + pmatch[0].rm_eo);File: httpd-2.2.15//modules/aaa/mod_authnz_ldap.c Line:908[9]strcat(p, sec->host);Severity: HighIssue: vfprintfCheck to be sure that the non-constant format string passed as argument 2to this function call does not come from an untrusted source that couldhave added formatting characters that the code is not prepared to handle.File: httpd-2.2.15//srclib/apr-util/test/abts.c Line:220[9]vfprintf(stderr, fmt, args);File: httpd-2.2.15//srclib/apr/test/abts.c Line:218[9]vfprintf(stderr, fmt, args);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:304[14]res = vfprintf( f, fmt, ap );File: httpd-2.2.15//support/suexec.c Line:173[5] vfprintf(log, fmt,ap);Severity: HighIssue: getenvEnvironment variables are highly untrustable input. They may be of anylength, and contain any data. Do not make any assumptions regardingcontent or length. If at all possible avoid using them, and if it isnecessary, sanitize them and truncate them to a reasonable length.
File: httpd-2.2.15//srclib/apr-util/test/nw_misc.c Line:11[7]if (getenv("_IN_NETWARE_BASH_") == NULL) {File: httpd-2.2.15//srclib/apr/threadproc/win32/proc.c Line:541[26]char *shellcmd = getenv("COMSPEC");File: httpd-2.2.15//srclib/apr/threadproc/win32/proc.c Line:583[30]char *shellcmd = getenv("COMSPEC");File: httpd-2.2.15//srclib/apr/misc/unix/env.c Line:37[17]char *val = getenv(envvar);File: httpd-2.2.15//modules/metadata/mod_env.c Line:99[15]env_var = getenv(arg);File: httpd-2.2.15//modules/mappers/mod_rewrite.c Line:1729[26]result = getenv(var);File: httpd-2.2.15//modules/ssl/ssl_expr_parse.c Line:302[25]if ((ssl_expr_yys = getenv("YYDEBUG")))File: httpd-2.2.15//modules/ssl/ssl_engine_vars.c Line:262[26]result = getenv(var+4);File: httpd-2.2.15//modules/arch/netware/mod_nw_ssl.c Line:1124[26]result = getenv(var+4);File: httpd-2.2.15//server/util_script.c Line:92[14]tz = getenv("TZ");File: httpd-2.2.15//server/util_script.c Line:184[22]if (!(env_path = getenv("PATH"))) {File: httpd-2.2.15//server/util_script.c Line:190[20]if (env_temp = getenv("SystemRoot")) {File: httpd-2.2.15//server/util_script.c Line:193[20]if (env_temp = getenv("COMSPEC")) {File: httpd-2.2.15//server/util_script.c Line:196[20]if (env_temp = getenv("PATHEXT")) {File: httpd-2.2.15//server/util_script.c Line:199[20]if (env_temp = getenv("WINDIR")) {File: httpd-2.2.15//server/util_script.c Line:205[21]if ((env_temp = getenv("COMSPEC")) != NULL) { File:httpd-2.2.15//server/util_script.c Line:208[21] if((env_temp = getenv("ETC")) != NULL) {File: httpd-2.2.15//server/util_script.c Line:211[21]if ((env_temp = getenv("DPATH")) != NULL) {
Severity: High Issue:getpassTruncate all input strings to a reasonable length before passing them tothis functionFile: httpd-2.2.15//srclib/apr/passwd/apr_getpass.c Line:232[20]char *pw_got = getpass(prompt);Severity: HighIssue: EnterCriticalSectionThis function can throw exceptions in low memory conditions. UseInitialCriticalSectionAndSpinCount instead.File: httpd-2.2.15//srclib/apr/threadproc/win32/proc.c Line:791[9]EnterCriticalSection(&proc_lock);File: httpd-2.2.15//srclib/apr/locks/win32/thread_mutex.c Line:85[9]EnterCriticalSection(&mutex->section);File: httpd-2.2.15//srclib/apr/locks/win32/thread_cond.c Line:73[5]EnterCriticalSection(&cond->csection);File: httpd-2.2.15//srclib/apr/locks/win32/thread_cond.c Line:83[9]EnterCriticalSection(&cond->csection);File: httpd-2.2.15//srclib/apr/locks/win32/thread_cond.c Line:134[5]EnterCriticalSection(&cond->csection);File: httpd-2.2.15//srclib/apr/locks/win32/thread_cond.c Line:153[5]EnterCriticalSection(&cond->csection);File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:1550[13]EnterCriticalSection(&g_stcSection);File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:1577[13]EnterCriticalSection(&g_stcSection);Severity: HighIssue: gethostbyaddrDNS results can easily be forged by an attacker (or arbitrarily set tolarge values, etc), and should not be trusted.File: httpd-2.2.15//srclib/apr/network_io/unix/sockaddr.cLine:690[12]hptr = gethostbyaddr((char *)&sockaddr->sa.sin.sin_addr, File:httpd-2.2.15//support/logresolve.c Line:175[20] hostdata =gethostbyaddr((const char *) &ipnum, sizeof(struct in_addr),
Severity: HighIssue: sprintfCheck to be sure that the non-constant format string passed as argument 2to this function call does not come from an untrusted source that couldhave added formatting characters that the code is not prepared to handle.File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:27[5] sprintf(buf, "%"APR_SSIZE_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:38[5]sprintf(buf, "%" APR_SIZE_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:49[5]sprintf(buf, "%" APR_OFF_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:60[5]sprintf(buf, "%" APR_PID_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:71[5]sprintf(buf, "%" APR_INT64_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:82[5]sprintf(buf, "%" APR_UINT64_T_FMT, var);File: httpd-2.2.15//srclib/apr/test/testfmt.c Line:93[5]sprintf(buf, "%" APR_UINT64_T_HEX_FMT, var);File: httpd-2.2.15//modules/dav/main/util_lock.c Line:120[9]sprintf(tmp, "%s" DEBUG_CR,File: httpd-2.2.15//modules/dav/fs/repos.c Line:1868[16](void) sprintf(buf, "%" APR_OFF_T_FMT, resource->info->finfo.size);Severity: HighIssue: vsprintfCheck to be sure that the non-constant format string passed as argument 2to this function call does not come from an untrusted source that couldhave added formatting characters that the code is not prepared to handle.File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:307[22] res =vsprintf( str, fmt, ap );Severity: HighIssue: vsprintfCheck to be sure that the format string passed as argument 2 to thisfunction call does not come from an untrusted source that could have addedformatting characters that the code is not prepared to handle.
Additionally, the format string could contain `%s' without precision thatcould result in a buffer overflow.File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:307[22]res = vsprintf( str, fmt, ap );Severity: HighIssue: umaskumask() can easily be used to create files with unsafe priviledges. Itshould be set to restrictive values.File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:690[17]old_umask = umask(0);File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:691[5]umask(old_umask);File: httpd-2.2.15//support/suexec.c Line:597[5]umask(AP_SUEXEC_UMASK);File: httpd-2.2.15//modules/generators/mod_cgid.c Line:628[13]omask = umask(0077); /* so that only Apache can use socket */ File:httpd-2.2.15//modules/generators/mod_cgid.c Line:630[5]umask(omask); /* can't fail, so can't clobber errno */Severity: HighIssue: realpathBe sure the destination buffer is at least MAXPATHLEN big. This functionmay still internally overflow a static buffer, try to avoid using it. Ifyou must, check the size the path your pass in is no longer thanMAXPATHLEN File: httpd-2.2.15//srclib/apr/build/jlibtool.c Line:999[21]expanded_path = realpath(newarg, expanded_path);Severity: HighIssue: systemArgument 1 to this function call should be checked to ensure that it doesnot come from an untrusted source without first verifying that it containsnothing dangerous.File: httpd-2.2.15//srclib/apr/build/aplibtool.c Line:576[5]system(cmd); Severity: HighIssue: LoadLibraryALoadLibrary will search several places for a library if no path isspecified, allowing trojan DLL's to be inserted elsewhere even if the
intended DLL is correctly protected from overwriting. Make sure to specifythe full path.File: httpd-2.2.15//srclib/apr/misc/win32/misc.c Line:171[32]lateDllHandle[fnLib] = LoadLibraryA(lateDllName[fnLib]);Severity: HighIssue: wcscpyCheck to be sure that argument 2 passed to this function call will notcopy more data than can be handled, resulting in a buffer overflow. File:httpd-2.2.15//srclib/apr/file_io/win32/dir.c Line:230[13] wcscpy(eos,thedir->w.entry->cFileName);File: httpd-2.2.15//srclib/apr/file_io/win32/open.c Line:73[13]wcscpy (retstr, L"\\\\?\\");File: httpd-2.2.15//srclib/apr/file_io/win32/open.c Line:83[13]wcscpy (retstr, L"\\\\?\\UNC\\");File: httpd-2.2.15//srclib/apr/file_io/win32/open.c Line:170[9]wcscpy(wfile, wpre);File: httpd-2.2.15//srclib/apr/file_io/win32/filesys.c Line:102[9]wcscpy(wdrive, L"D:.");Severity: HighIssue: LoadLibraryExLoadLibrary will search several places for a library if no path isspecified, allowing trojan DLL's to be inserted elsewhere even if theintended DLL is correctly protected from overwriting. Make sure to specifythe full path.File: httpd-2.2.15//srclib/apr/dso/win32/dso.c Line:103[21] os_handle= LoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);File: httpd-2.2.15//srclib/apr/dso/win32/dso.c Line:105[25]os_handle = LoadLibraryEx(path, NULL, 0);Severity: HighIssue: CreateProcessMany program execution commands under Windows will search the path for aprogram if you do not explicitly specify a full path to the file. This canallow trojans to be executed instead. Also, be sure to specify a fileextension, since otherwise multiple extensions will be tried by theoperating system, providing another opportunity for trojans. File: httpd-
2.2.15//support/win32/wintty.c Line:269[13] if (CreateProcess(appname,cmdline, NULL, NULL, TRUE, File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:658[15] bResult =CreateProcess(NULL,File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:707[15]bResult = CreateProcess(NULL,File: httpd-2.2.15//server/mpm/winnt/service.c Line:1179[13]if (CreateProcess(NULL, exe_cmd, NULL, NULL, FALSE,Severity: HighIssue: CreateProcessArgument 3 to this function call should be checked to ensure that it doesnot come from an untrusted source without first verifying that it containsnothing dangerous.File: httpd-2.2.15//support/win32/wintty.c Line:269[13] if(CreateProcess(appname, cmdline, NULL, NULL, TRUE, File:httpd-2.2.15//support/win32/ApacheMonitor.c Line:658[15]bResult = CreateProcess(NULL,File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:707[15]bResult = CreateProcess(NULL,File: httpd-2.2.15//server/mpm/winnt/service.c Line:1179[13]if (CreateProcess(NULL, exe_cmd, NULL, NULL, FALSE,Severity: HighIssue: ShellExecuteMany program execution commands under Windows will search the path for aprogram if you do not explicitly specify a full path to the file. This canallow trojans to be executed instead. Also, be sure to specify a fileextension, since otherwise multiple extensions will be tried by theoperating system, providing another opportunity for trojans. File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:242[10] if (!ShellExecute(hwnd,_T("runas"), __targv[0], args, NULL,SW_NORMAL)) {File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:1475[17]ShellExecute(hDlg, _T("open"), _T("services.msc"), _T("/s"),File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:1688[17]ShellExecute(NULL, _T("open"), _T("services.msc"), _T("/s"),Severity: Medium
Change language