Broken download link #1
Comments
|
We are not authorized to publish PRoot sources yet. This website is currently a preview. Thanks your feedback anyway :) I keep this issue open until the official public release. |
Closed
cedric-vincent
added a commit
that referenced
this issue
Jul 19, 2013
src/path/path.c:join_paths()
177 else if (need_separator == 1) {
178 strcat(result + old_length, "/");
>>> 19. incr: Incrementing "old_length". The value of "old_length"
>>> is now between 2 and 4096 (inclusive).
179 old_length++;
180 }
>>> CID 1047031 (#1 of 1): Out-of-bounds read (OVERRUN)
>>> 20. overrun-local: Overrunning array of 4096 bytes at
>>> byte offset 4096 by dereferencing pointer "result + old_length".
181 strcat(result + old_length, path);
cedric-vincent
added a commit
that referenced
this issue
Jul 19, 2013
… same size. >>> CID 1047030 (#1 of 1): Sizeof not portable (SIZEOF_MISMATCH) >>> suspicious_sizeof: Passing argument "argv->length * sizeof (char >>> **)" to function "talloc_named_const(void const *, size_t, char >>> const *)" and then casting the return value to "char **" is >>> suspicious. Did you intend to use "sizeof(char *)" instead of >>> "sizeof (char **)"? In this particular case sizeof(char **) >>> happens to be equal to sizeof(char *), but this is not a >>> portable assumption. 198 argv_pod = talloc_size(tracee->ctx, argv->length * sizeof(char **));
cedric-vincent
added a commit
that referenced
this issue
Jul 19, 2013
…ed-size buffer. >>> CID 1047027 (#1 of 2): Copy into fixed size buffer (STRING_OVERFLOW) >>> 15. fixed_size_dest: You might overrun the 4096 byte fixed-size >>> string "binding->host.path" by copying "tracee->glue" without >>> checking the length. >>> 16. parameter_as_source: Note: This defect has an elevated risk >>> because the source argument is a parameter of the current >>> function. 158 strcpy(binding->host.path, tracee->glue); >>> CID 1047027 (#2 of 2): Copy into fixed size buffer (STRING_OVERFLOW) 159 strcpy(binding->guest.path, guest_path);
cedric-vincent
added a commit
that referenced
this issue
Jul 19, 2013
… a fixed-size buffer. >>> CID 1047026 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) >>> 4. fixed_size_dest: You might overrun the 4096 byte fixed-size string "proc_path" by copying "path" without checking the length. >>> 5. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 460 strcpy(proc_path, path);
cedric-vincent
added a commit
that referenced
this issue
Jul 19, 2013
… fixed-size buffer. >>> CID 1047025 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) >>> 2. fixed_size_dest: You might overrun the 4096 byte fixed-size >>> string "base" by copying "referer" without checking the length. >>> 3. parameter_as_source: Note: This defect has an elevated risk >>> because the source argument is a parameter of the current >>> function. 176 strcpy(base, referer);
cedric-vincent
added a commit
that referenced
this issue
Nov 7, 2013
src/syscall/seccomp.c:
>>> deref_ptr: Directly dereferencing pointer "sysnums".
427 if (*sysnums == NULL) {
428 /* Start with no sysnums but the terminator. */
429 *sysnums = talloc_array(context, FilteredSysnum, 1);
>>> CID 1057474 (#1 of 1): Dereference before null check (REVERSE_INULL)
>>> check_after_deref: Null-checking "sysnums" suggests that it may
>>> be null, but it has already been dereferenced on all paths
>>> leading to the check.
430 if (sysnums == NULL)
431 return -ENOMEM;
cedric-vincent
added a commit
that referenced
this issue
Jan 7, 2014
>>> CID 1135676 (#1 of 1): String not null terminated (STRING_NULL) >>> 37. string_null_argument: Function "translate_path(...)" does not terminate string "*path". >>> 47. string_null: Passing unterminated string "path" to "translate_path(...)", which expects a null-terminated string. [note: because the previous iteration (37.) has failed] 470 translate_path(tracee, path, fd, component, false);
cedric-vincent
added a commit
that referenced
this issue
Jan 7, 2014
>>> CID 1135674 (#1 of 1): Logically dead code (DEADCODE) dead_error_line: Execution cannot reach this statement "return NULL;". >>> cond_notnull: Condition "item == NULL", taking false branch. Now the value of "item" is not NULL. 77 if (item == NULL) 78 return NULL; 79 80 item->load = talloc_strdup(item, value); >>> notnull: At condition "item == NULL", the value of "item" cannot be NULL. dead_error_condition: The condition "item == NULL" cannot be true. 81 if (item == NULL)
cedric-vincent
added a commit
that referenced
this issue
Nov 4, 2014
…en re-executing.
Quote:
Running "uname -a" under care gave different answers depending on
the hostname.
First execution on hostA:
$ care -o care-uname.tar uname -a
Linux hostA 3.11-2-amd64 #1 SMP Debian 3.11.8-1 (2013-11-13) x86_64 GNU/Linux
Re-execution on the same machine is identical while on another
machine (hostB):
$ ./care-uname/re-execute.sh
Linux hostB 3.11-2-amd64 #1 SMP Wed Jul 9 15:46:26 EDT 2008 x86_64 GNU/Linux
However the kernel version hook is working correctly as hostB is
not running v3.11-2.
-- Rémi, #34
Regarding HWCAP ELF auxiliary vector, it is forced to 0 to be sure no
processor specific extensions will be used during the initial
execution, for the sake of reproducibility across different CPUs.
This was referenced Apr 4, 2022
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The given link https://github.com/downloads/cedric-vincent/PRoot/proot-v0.7.1.tar.gz won't give anything useful.
The text was updated successfully, but these errors were encountered: