[WiX-users] Fortify 360 Security Scan

Thu, 16 Jul 2009 09:42:59 -0700 

We ran WiX v3.0 GA through a security auditing tool and it reported several 
issues:

cabcutil.cpp:531 ( Buffer Overflow )
cabcutil.cpp:577 ( Buffer Overflow )
strutil.cpp:1174 ( Buffer Overflow ) 
strutil.cpp:337  ( Buffer Overflow )
xmlutil.cpp:650 ( Buffer Overflow: Off-by-One)

I've been asked to pass this to the WiX team for review in terms of remediation 
and to ask are any of these files used in CustomActions or are they strictly 
design/build time files?   

Thanks,
Chris


Details follow:


cabcutil.cpp:531 ( Buffer Overflow )

 Abstract: The function AddNDuplicateFile() in cabcutil.cpp writes outside the 
bounds of pv on like 531, which could corrupt data, cause the program to crash, 
or lead to the execution of malicious code.

cabcutil.cpp:577 ( Buffer Overflow )

 Abstract: The function AddNonDuplicateFile() in cabcutil.cpp writes outside 
the bounds of pv on like 577, which could corrupt data, cause the program to 
crash, or lead to the execution of malicious code.

strutil.cpp:1174 ( Buffer Overflow ) 

 Abstract: The function MultiSzPrepend()() in strutil.cppp writes outside the 
bounds of pwzResult on like 1174, which could corrupt data, cause the program 
to crash, or lead to the execution of malicious code.

strutil.cpp:337  ( Buffer Overflow )

 Abstract: The function StrAllocPrefix()() in strutil.cppp writes outside the 
bounds of pwzResult on like 337, which could corrupt data, cause the program to 
crash, or lead to the execution of malicious code.

xmlutil.cpp:650 ( Buffer Overflow: Off-by-One)

 Abstract:  The program writes just past the bounds of allocated memory, which 
could corrupt data, crash the program, or lead to the execution of malicious 
code.

General Reccomendations From Tool: 

Never use inherently unsafe functions, such as gets(), and avoid the use of 
functions that are difficult to use safely such as strcpy(). Replace unbounded 
functions like strcpy() with their bound equivalents, such as strncpy() or the 
WinAPI functions defined in strsafe.h [4].   ( More available from tool )



      

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
WiX-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wix-users

Reply via email to