Opened 10 years ago
Closed 10 years ago
#438 closed enhancement (fixed)
Test audit
| Reported by: | Alex Storn | Owned by: | |
|---|---|---|---|
| Priority: | trivial | Milestone: | |
| Component: | private | Version: | 1.3.x |
| Keywords: | 1.5.6 | Cc: | |
| uname -a: | FreeBSD 10.0-BETA1 FreeBSD 10.0-BETA1 #0 r257055: Thu Oct 24 18:16:24 CEST 2013 amd64 | ||
| nginx -V: |
nginx version: nginx/1.5.6
configure arguments: --add-module=/root/@work/nginx_modules/nginx-limit-traff --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-file-aio --with-ipv6 --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_auth_request_module --add-module=/usr/ports/www/nginx-devel/work/agentzh-headers-more-nginx-module-6d19a39 --with-http_geoip_module --with-http_stub_status_module --with-pcre |
||
Description
./src/core/nginx.c:421: High: getenv
./src/misc/ngx_google_perftools_module.c:104: High: getenv
./src/os/unix/ngx_darwin_init.c:81: High: getenv
./src/os/unix/ngx_freebsd_init.c:90: High: getenv
./src/os/unix/ngx_time.c:29: High: getenv
Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length.
./src/core/ngx_cycle.c:57: High: fixed size local buffer
./src/event/ngx_event_openssl.c:783: High: fixed size local buffer
./src/http/modules/ngx_http_ssi_filter_module.c:2738: High: fixed size local buffer
./src/http/modules/ngx_http_upstream_keepalive_module.c:374: High: fixed size local buffer
./src/http/ngx_http_request.c:2657: High: fixed size local buffer
./src/http/ngx_http_upstream.c:996: High: fixed size local buffer
./src/os/unix/ngx_channel.c:26: High: fixed size local buffer
./src/os/unix/ngx_channel.c:106: High: fixed size local buffer
./src/os/unix/ngx_time.c:44: High: fixed size local buffer
Extra care should be taken to ensure that character arrays that are allocated
on the stack are used safely. They are prime targets for buffer overflow
attacks.
./src/core/ngx_inet.c:1114: High: gethostbyname
DNS results can easily be forged by an attacker (or
arbitrarily set to large values, etc), and should not be trusted.
./src/os/unix/ngx_daemon.c:36: High: umask
umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values.
Quick look suggests all mentioned uses are fine.