开放源代码软件Apache 成熟度评估报告 - 开源中国社区- 软件镜像下载

intended DLL is correctly protected from overwriting. Make sure to specifythe full path.File: httpd-2.2.15//srclib/apr/misc/win32/misc.c Line:171[32]lateDllHandle[fnLib] = LoadLibraryA(lateDllName[fnLib]);Severity: HighIssue: wcscpyCheck to be sure that argument 2 passed to this function call will notcopy more data than can be handled, resulting in a buffer overflow. File:httpd-2.2.15//srclib/apr/file_io/win32/dir.c Line:230[13] wcscpy(eos,thedir->w.entry->cFileName);File: httpd-2.2.15//srclib/apr/file_io/win32/open.c Line:73[13]wcscpy (retstr, L"\\\\?\\");File: httpd-2.2.15//srclib/apr/file_io/win32/open.c Line:83[13]wcscpy (retstr, L"\\\\?\\UNC\\");File: httpd-2.2.15//srclib/apr/file_io/win32/open.c Line:170[9]wcscpy(wfile, wpre);File: httpd-2.2.15//srclib/apr/file_io/win32/filesys.c Line:102[9]wcscpy(wdrive, L"D:.");Severity: HighIssue: LoadLibraryExLoadLibrary will search several places for a library if no path isspecified, allowing trojan DLL's to be inserted elsewhere even if theintended DLL is correctly protected from overwriting. Make sure to specifythe full path.File: httpd-2.2.15//srclib/apr/dso/win32/dso.c Line:103[21] os_handle= LoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);File: httpd-2.2.15//srclib/apr/dso/win32/dso.c Line:105[25]os_handle = LoadLibraryEx(path, NULL, 0);Severity: HighIssue: CreateProcessMany program execution commands under Windows will search the path for aprogram if you do not explicitly specify a full path to the file. This canallow trojans to be executed instead. Also, be sure to specify a fileextension, since otherwise multiple extensions will be tried by theoperating system, providing another opportunity for trojans. File: httpd-