Flawfinder report of EncryptPad about encryptpad HOT 1 CLOSED

Thank you. Appreciate your help. I have checked all reported lines one by one. I didn't find anything critical. However, I made a few improvements in reliability in a few places raised by the tool. See my comments below.

$ flawfinder -m0 *

back_end_src/encryption_pipeline.cpp:26: 2 char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.

Invalid read outside the buffer can only happen if ifstream::gcount() returns bad count that is longer than kBufferSize. The stream must be corrupted if it happens. Added additional protection to be on the safe side.

back_end_src/file_helper.cpp:32: 2 fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
back_end_src/file_helper.cpp:54: 2 fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).

We do not protect against compromised OS state also we write encrypted data. It is questionable if anything needs to be done.

back_end_src/packet_composer.cpp:1075: 2 memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.

Added static assert to self document the size of the overwritten type and ensure that it's at least 4 bytes.

back_end_src/win_file_reader.cpp:34: 2 MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).

Checked

back_end_src/win_file_reader.cpp:40: 2 MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).

Checked

back_end_src/win_file_reader.cpp:68: 2 wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.

Checked

qt_ui/application.cpp:57: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).

See above.

qt_ui/main.cpp:49: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).

qt_ui/mainwindow.cpp:111: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:145: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:406: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:439: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:441: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:626: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).

qt_ui/mainwindow.h:70: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.h:74: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).

For all these file opening related isues see above.

tests/key_generation_tests.cpp:30: 2 char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.

Checked. Besides it's a unit test not production code.

back_end_src/encryption_pipeline.cpp:29: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Reviewed above. See encryption_pipeline.cpp:26

back_end_src/encryption_pipeline.cpp:62: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked.

back_end_src/encryptor.cpp:63: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked.

back_end_src/encryptor.cpp:234: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).

This salt is used for the alpha cpad format and it is hardcoded because cpad format is not salted. So it's always zero terminated because it is hardcoded.

back_end_src/encryptor.cpp:355: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked.

back_end_src/encryptor.cpp:487: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked.

back_end_src/packet_composer.cpp:428: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked.

back_end_src/packet_composer.cpp:813: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked.

back_end_src/packet_composer.cpp:824: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked.

back_end_src/packet_composer.cpp:923: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked.

back_end_src/packet_stream.h:304: 1 fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked. There is no buffer.

cli/get_password.cpp:83: 1 getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).

Checked. No buffer.

tests/packet_stream_tests.cpp:42: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).

tests/packet_stream_tests.cpp:85: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).

tests/packet_stream_tests.cpp:123: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).

tests/packet_stream_tests.cpp:185: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).

tests/packet_stream_tests.cpp:205: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).

Unit tests, not production code.

back_end_src/packet_stream.h:309: 0 fread:
Function accepts input from outside program (CWE-20). Make sure input data
is filtered, especially if an attacker could manipulate it.

Checked.

from encryptpad.