Static Code Analysis Exploits. - Mailing list pgsql-hackers
| From | Patrick Curran |
|---|---|
| Subject | Static Code Analysis Exploits. |
| Date | |
| Msg-id | 531A341E.6030704@contentanalyst.com Whole thread Raw |
| Responses |
Re: Static Code Analysis Exploits.
|
| List | pgsql-hackers |
Hi, We use Postgres in our product and we have a client that requires a static code analysis scan to detect vulnerabilities. They are concerned because the tool (Veracode) found several flaws in Postgres and they believe there might be a security risk. I'm sure there are lots of companies that use Postgres that have security policies like theirs in place, so I'm hoping someone has the experience to know that these are false positives or that they are not a security risk for some reason. Below is a description of the vulnerability and the location in the source code. Version 9.3.2.1 was scanned. Please let me know if there is a better place to ask this kind of question. Thanks, Patrick ------------------------------------ Stack-based Buffer Overflow (CWE ID 121)(13 flaws): There is a potential buffer overflow with these functions. If an attacker can control the data written into the buffer, the overflow may result in execution of arbitrary code. btree_gist.dll .../btree_gist/btree_utils_num.c 115 btree_gist.dll .../btree_gist/btree_utils_num.c 123 pgcrypto.dll .../contrib/pgcrypto/crypt-md5.c 103 libpq.dll .../interfaces/libpq/fe-connect.c 3185 libpq.dll .../interfaces/libpq/fe-connect.c 3220 clusterdb.exe .../interfaces/libpq/fe-connect.c 3243 libpq.dll .../libpq/fe-protocol3.c 1661 libecpg_compat.dll .../ecpg/compatlib/informix.c 978 pgcrypto.dll .../contrib/pgcrypto/mbuf.c 112 pgcrypto.dll .../contrib/pgcrypto/mbuf.c 290 pgcrypto.dll .../contrib/pgcrypto/mbuf.c 306 pgcrypto.dll .../contrib/pgcrypto/mbuf.c 330 libpq.dll .../interfaces/libpq/pqexpbuffer.c 369 Use of Inherently Dangerous Function (CWE ID 242)(1 flaw): These functions are inherently unsafe because they does not perform bounds checking on the size of their input. An attacker can send overly long input and overflow the destination buffer, potentially resulting in execution of arbitrary code. pg_isolation_regress.exe .../src/test/regress/pg_regress.c 2307 Integer Overflow or Wraparound (CWE ID 190)(1 flaw): An integer overflow condition exists when an integer that has not been properly sanity checked is used in the determination of an offset or size for memory allocation, copying, concatenation, or similarly. If the integer in question is incremented past the maximum possible value, it may wrap to become a very small, negative number, therefore providing an unintended value. This occurs most commonly in arithmetic operations or loop iterations. Integer overflows can often result in buffer overflows or data corruption, both of which may be potentially exploited to execute arbitrary code. dict_snowball.dll .../libstemmer/utilities.c 371 Process Control (CWE ID 114)(4 flaws) A function call could result in a process control attack. An argument to a process control function is either derived from an untrusted source or is hard-coded, both of which may allow an attacker to execute malicious code under certain conditions. If an attacker is allowed to specify all or part of the filename, it may be possible to load arbitrary libraries. If the location is hard-coded and an attacker is able to place a malicious copy of the library higher in the search order than the file the application intends to load, then the application will load the malicious version. psql.exe .../src/bin/psql/print.c 752 psql.exe .../src/bin/psql/print.c 791 psql.exe .../src/bin/psql/print.c 2209 psql.exe .../src/bin/psql/print.c 2500
pgsql-hackers by date: