Opened 11 years ago

Closed 11 years ago

#438 closed enhancement (fixed)

Test audit

Reported by: Alex Storn Owned by:
Priority: trivial Milestone:
Component: private Version: 1.3.x
Keywords: 1.5.6 Cc:
uname -a: FreeBSD 10.0-BETA1 FreeBSD 10.0-BETA1 #0 r257055: Thu Oct 24 18:16:24 CEST 2013 amd64
nginx -V: nginx version: nginx/1.5.6
configure arguments: --add-module=/root/@work/nginx_modules/nginx-limit-traff --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-file-aio --with-ipv6 --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_auth_request_module --add-module=/usr/ports/www/nginx-devel/work/agentzh-headers-more-nginx-module-6d19a39 --with-http_geoip_module --with-http_stub_status_module --with-pcre

Description

./src/core/nginx.c:421: High: getenv
./src/misc/ngx_google_perftools_module.c:104: High: getenv
./src/os/unix/ngx_darwin_init.c:81: High: getenv
./src/os/unix/ngx_freebsd_init.c:90: High: getenv
./src/os/unix/ngx_time.c:29: High: getenv
Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length.

./src/core/ngx_cycle.c:57: High: fixed size local buffer
./src/event/ngx_event_openssl.c:783: High: fixed size local buffer
./src/http/modules/ngx_http_ssi_filter_module.c:2738: High: fixed size local buffer
./src/http/modules/ngx_http_upstream_keepalive_module.c:374: High: fixed size local buffer
./src/http/ngx_http_request.c:2657: High: fixed size local buffer
./src/http/ngx_http_upstream.c:996: High: fixed size local buffer
./src/os/unix/ngx_channel.c:26: High: fixed size local buffer
./src/os/unix/ngx_channel.c:106: High: fixed size local buffer
./src/os/unix/ngx_time.c:44: High: fixed size local buffer
Extra care should be taken to ensure that character arrays that are allocated
on the stack are used safely. They are prime targets for buffer overflow
attacks.

./src/core/ngx_inet.c:1114: High: gethostbyname
DNS results can easily be forged by an attacker (or
arbitrarily set to large values, etc), and should not be trusted.

./src/os/unix/ngx_daemon.c:36: High: umask
umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values.

Change History (1)

comment:1 by Maxim Dounin, 11 years ago

Resolution: fixed
Status: newclosed

Quick look suggests all mentioned uses are fine.

Note: See TracTickets for help on using tickets.