Mike Maraya
Mike Maraya
``` #0 0x00007ffff7805cc9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff78090d8 in __GI_abort () at abort.c:89 #2 0x00007ffff7842394 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff7950b28 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175...
gcc (Ubuntu 4.8.4-2ubuntu1~14.04.1) 4.8.4 [ftp/cmds.c#L1545](https://github.com/mmaraya/netkit-ftp/blob/7a6ef527ebaafd32a669387bec320ed400698449/ftp/cmds.c#L1545) ``` warning: ignoring return value of ‘fgets’, declared with attribute warn_unused_result ``` The software does not check the return value from a method or function,...
[ftp/glob.c#L719](https://github.com/mmaraya/netkit-ftp/blob/45873af54d84d475384215b1e2b6bc7ab78e3be5/ftp/glob.c#L719) ``` suspicious_sizeof: Passing argument (cblklen(v) + 1) * 8UL /* sizeof (char **) */ to function malloc and then casting the return value to char ** is suspicious. In...
[ftp/glob.c#L702](https://github.com/mmaraya/netkit-ftp/blob/45873af54d84d475384215b1e2b6bc7ab78e3be5/ftp/glob.c#L702) ``` suspicious_sizeof: Passing argument (blklen(v) + 1) * 8UL /* sizeof (char **) */ to function malloc and then casting the return value to char ** is suspicious. In...
[ftp/ftp.c#L784](https://github.com/mmaraya/netkit-ftp/blob/45873af54d84d475384215b1e2b6bc7ab78e3be5/ftp/ftp.c#L784) ``` fs_check_call: Calling function access to perform check on local ``` [ftp/ftp.c#L876](https://github.com/mmaraya/netkit-ftp/blob/45873af54d84d475384215b1e2b6bc7ab78e3be5/ftp/ftp.c#L876) ``` toctou: Calling function fopen that uses local after a check function. This can cause a time-of-check,...
[ftp/cmds.c#L815](https://github.com/mmaraya/netkit-ftp/blob/45873af54d84d475384215b1e2b6bc7ab78e3be5/ftp/cmds.c#L815) ``` tainted_string_return_content: remglob returns tainted string content. var_assign: Assigning: cp = remglob(argv, proxy), which taints cp. ``` [ftp/cmds.c#L821](https://github.com/mmaraya/netkit-ftp/blob/45873af54d84d475384215b1e2b6bc7ab78e3be5/ftp/cmds.c#L821) ``` var_assign_var: Assigning: tp = cp. Both are now tainted. ```...
[ftp/cmds.c#L1481](https://github.com/mmaraya/netkit-ftp/blob/45873af54d84d475384215b1e2b6bc7ab78e3be5/ftp/cmds.c#L1481) ``` tainted_string_return_content: getenv returns tainted string content. var_assign: Assigning: theshell = getenv("SHELL"), which taints the shell. ``` [ftp/cmds.c#L1500](https://github.com/mmaraya/netkit-ftp/blob/45873af54d84d475384215b1e2b6bc7ab78e3be5/ftp/cmds.c#L1500) ``` tainted_string: Passing tainted string theshell to execl, which cannot accept...