开放源代码软件Apache 成熟度评估报告 - 开源中国社区- 软件镜像下载

More documents

Recommendations

Info

File: httpd-2.2.15//srclib/apr-util/test/nw_misc.c Line:11[7]if (getenv("_IN_NETWARE_BASH_") == NULL) {File: httpd-2.2.15//srclib/apr/threadproc/win32/proc.c Line:541[26]char *shellcmd = getenv("COMSPEC");File: httpd-2.2.15//srclib/apr/threadproc/win32/proc.c Line:583[30]char *shellcmd = getenv("COMSPEC");File: httpd-2.2.15//srclib/apr/misc/unix/env.c Line:37[17]char *val = getenv(envvar);File: httpd-2.2.15//modules/metadata/mod_env.c Line:99[15]env_var = getenv(arg);File: httpd-2.2.15//modules/mappers/mod_rewrite.c Line:1729[26]result = getenv(var);File: httpd-2.2.15//modules/ssl/ssl_expr_parse.c Line:302[25]if ((ssl_expr_yys = getenv("YYDEBUG")))File: httpd-2.2.15//modules/ssl/ssl_engine_vars.c Line:262[26]result = getenv(var+4);File: httpd-2.2.15//modules/arch/netware/mod_nw_ssl.c Line:1124[26]result = getenv(var+4);File: httpd-2.2.15//server/util_script.c Line:92[14]tz = getenv("TZ");File: httpd-2.2.15//server/util_script.c Line:184[22]if (!(env_path = getenv("PATH"))) {File: httpd-2.2.15//server/util_script.c Line:190[20]if (env_temp = getenv("SystemRoot")) {File: httpd-2.2.15//server/util_script.c Line:193[20]if (env_temp = getenv("COMSPEC")) {File: httpd-2.2.15//server/util_script.c Line:196[20]if (env_temp = getenv("PATHEXT")) {File: httpd-2.2.15//server/util_script.c Line:199[20]if (env_temp = getenv("WINDIR")) {File: httpd-2.2.15//server/util_script.c Line:205[21]if ((env_temp = getenv("COMSPEC")) != NULL) { File:httpd-2.2.15//server/util_script.c Line:208[21] if((env_temp = getenv("ETC")) != NULL) {File: httpd-2.2.15//server/util_script.c Line:211[21]if ((env_temp = getenv("DPATH")) != NULL) {
Severity: High Issue:getpassTruncate all input strings to a reasonable length before passing them tothis functionFile: httpd-2.2.15//srclib/apr/passwd/apr_getpass.c Line:232[20]char *pw_got = getpass(prompt);Severity: HighIssue: EnterCriticalSectionThis function can throw exceptions in low memory conditions. UseInitialCriticalSectionAndSpinCount instead.File: httpd-2.2.15//srclib/apr/threadproc/win32/proc.c Line:791[9]EnterCriticalSection(&proc_lock);File: httpd-2.2.15//srclib/apr/locks/win32/thread_mutex.c Line:85[9]EnterCriticalSection(&mutex->section);File: httpd-2.2.15//srclib/apr/locks/win32/thread_cond.c Line:73[5]EnterCriticalSection(&cond->csection);File: httpd-2.2.15//srclib/apr/locks/win32/thread_cond.c Line:83[9]EnterCriticalSection(&cond->csection);File: httpd-2.2.15//srclib/apr/locks/win32/thread_cond.c Line:134[5]EnterCriticalSection(&cond->csection);File: httpd-2.2.15//srclib/apr/locks/win32/thread_cond.c Line:153[5]EnterCriticalSection(&cond->csection);File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:1550[13]EnterCriticalSection(&g_stcSection);File: httpd-2.2.15//support/win32/ApacheMonitor.c Line:1577[13]EnterCriticalSection(&g_stcSection);Severity: HighIssue: gethostbyaddrDNS results can easily be forged by an attacker (or arbitrarily set tolarge values, etc), and should not be trusted.File: httpd-2.2.15//srclib/apr/network_io/unix/sockaddr.cLine:690[12]hptr = gethostbyaddr((char *)&sockaddr->sa.sin.sin_addr, File:httpd-2.2.15//support/logresolve.c Line:175[20] hostdata =gethostbyaddr((const char *) &ipnum, sizeof(struct in_addr),
Page 5: ‣ 启动和停止 Apache。
Page 8 and 9: 软件成熟度评估软件
Page 11 and 12: Apache 软件成熟度评估
Page 13 and 14: File: httpd-2.2.15//srclib/apr-util
Page 15 and 16: File: httpd-2.2.15//support/ab.c Li
Page 17 and 18: hp = gethostbyname(hostname);File:
Page 19 and 20: File: httpd-2.2.15//srclib/apr/buil
Page 21 and 22: File: httpd-2.2.15//srclib/apr/dso/
Page 23 and 24: File: httpd-2.2.15//modules/arch/wi
Page 25 and 26: File: httpd-2.2.15//srclib/apr/buil
Page 27: strcat(errbuf, strerror(errno));Fil
Page 31 and 32: Additionally, the format string cou
Page 33: 2.2.15//support/win32/wintty.c Line

开放源代码软件Apache 成熟度评估报告 - 开源中国社区- 软件镜像下载

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?