Anonymous
timer Asked: Apr 15th, 2020

Question Description

fix the vulnerabilities found,

the vulnerabilities need to be fixed and after doing so you need to document every step you did and provide screenshots in the report explaining why and how you fixed it.

Unformatted Attachment Preview

❯ clang-tidy -p=c11 -checks=clang-analyzer original.c \/home/aleksej/Projects/jokes/original.c:116:2: warning: Call to function 'strncat' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncat_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] strncat(path, &action[1], sizeof(path) - strlen(path) - 1); ^ /home/aleksej/Projects/jokes/original.c:116:2: note: Call to function 'strncat' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncat_s' in case of C11 /home/aleksej/Projects/jokes/original.c:132:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(buf, 0, sizeof(buf)); ^ /home/aleksej/Projects/jokes/original.c:132:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 /home/aleksej/Projects/jokes/original.c:168:2: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(path, &action[1]); ^ /home/aleksej/Projects/jokes/original.c:168:2: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 /home/aleksej/Projects/jokes/original.c:203:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(buf, 0, sizeof(buf)); ^ /home/aleksej/Projects/jokes/original.c:203:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 /home/aleksej/Projects/jokes/original.c:237:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(buf, sizeof(buf)-1, "echo %s > %s%s.txt", &p[1], USERPATH, &action[1]); ^ /home/aleksej/Projects/jokes/original.c:237:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 /home/aleksej/Projects/jokes/original.c:248:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(action, 0, sizeof(action)); ^ /home/aleksej/Projects/jokes/original.c:248:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 /home/aleksej/Projects/jokes/original.c:249:3: warning: Value stored to 'len' is never read [clang-analyzer-deadcode.DeadStores] len = readSock(sock, action, sizeof(action)); ^ /home/aleksej/Projects/jokes/original.c:249:3: note: Value stored to 'len' is never read /home/aleksej/Projects/jokes/original.c:282:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(action, 0, sizeof(action)); ^ /home/aleksej/Projects/jokes/original.c:282:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 /home/aleksej/Projects/jokes/original.c:283:3: warning: Value stored to 'len' is never read [clang-analyzer-deadcode.DeadStores] len = readSock(sock, action, sizeof(action)); ^ /home/aleksej/Projects/jokes/original.c:283:3: note: Value stored to 'len' is never read /home/aleksej/Projects/jokes/original.c:317:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(path, 0, sizeof(1024)); ^ /home/aleksej/Projects/jokes/original.c:317:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 /home/aleksej/Projects/jokes/original.c:327:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(userfile, sizeof(userfile)-1, "%s.txt", user); ^ /home/aleksej/Projects/jokes/original.c:327:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 /home/aleksej/Projects/jokes/original.c:328:2: warning: 'snprintf' size argument is too large; destination buffer has size 512, but size argument is 1023 [clangdiagnostic-fortify-source] snprintf(search, sizeof(userfile)-1, "stat %s`ls %s | grep %s`", USERPATH, USERPATH, userfile); ^ /home/aleksej/Projects/jokes/original.c:328:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] /home/aleksej/Projects/jokes/original.c:328:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 /home/aleksej/Projects/jokes/original.c:336:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(path, sizeof(path)-1, "%s%s", USERPATH, userfile); ^ /home/aleksej/Projects/jokes/original.c:336:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 /home/aleksej/Projects/jokes/original.c:372:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy((char *)&size, ptr1, 4); ^ /home/aleksej/Projects/jokes/original.c:372:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 /home/aleksej/Projects/jokes/original.c:404:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(buffer, 0, sizeof(buffer)); ^ /home/aleksej/Projects/jokes/original.c:404:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 /home/aleksej/Projects/jokes/original.c:418:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy((char *)&segmentcount, ptr1, 4); ^ /home/aleksej/Projects/jokes/original.c:418:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 /home/aleksej/Projects/jokes/original.c:432:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer- security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(argbuf, 0, sizeof(argbuf)); ^ /home/aleksej/Projects/jokes/original.c:432:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 /home/aleksej/Projects/jokes/original.c:437:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy((char *)&segnext, ptr1, 4); ^ /home/aleksej/Projects/jokes/original.c:437:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 /home/aleksej/Projects/jokes/original.c:440:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy((char *)&argsize, ptr1, 4); ^ /home/aleksej/Projects/jokes/original.c:440:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 /home/aleksej/Projects/jokes/original.c:442:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(ptr2, ptr1, argsize); ^ /home/aleksej/Projects/jokes/original.c:442:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 /home/aleksej/Projects/jokes/original.c:452:2: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(buffer, sizeof(buffer)-1, "User attempting to authenticate: %s", user); ^ /home/aleksej/Projects/jokes/original.c:452:2: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 /home/aleksej/Projects/jokes/original.c:472:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(buffer, sizeof(buffer)-1,"user: %s failed to login with password %s", user, pass); ^ /home/aleksej/Projects/jokes/original.c:472:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 /home/aleksej/Projects/jokes/original.c:491:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset((char *)&client, 0, sizeof(client)); ^ /home/aleksej/Projects/jokes/original.c:491:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 /home/aleksej/Projects/jokes/original.c:546:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset((char *)&sin, 0, sizeof(sin)); ^ /home/aleksej/Projects/jokes/original.c:546:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 /home/aleksej/Projects/jokes/original.c:622:2: warning: Call to function 'vsnprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'vsnprintf_s' in case of C11 [clang-analyzersecurity.insecureAPI.DeprecatedOrUnsafeBufferHandling] vsnprintf(buffer, sizeof(buffer)-1, format, arguments); ^ /home/aleksej/Projects/jokes/original.c:622:2: note: Call to function 'vsnprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'vsnprintf_s' in case of C11 ❯ clang -std=c11 -Wall -Wextra original.c original.c:58:20: warning: comparison of integers of different signs: 'ssize_t' (aka 'long') and 'size_t' (aka 'unsigned long') [-Wsign-compare] while (byteswrote < len) ~~~~~~~~~~ ^ ~~~ original.c:83:19: warning: comparison of integers of different signs: 'ssize_t' (aka 'long') and 'size_t' (aka 'unsigned long') [-Wsign-compare] while (bytesread < len) ~~~~~~~~~ ^ ~~~ original.c:106:8: warning: unused variable 'p' [-Wunused-variable] char *p; ^ original.c:193:50: warning: unused parameter 'action' [-Wunused-parameter] void listArticles(int sock, FILE *logfile, char *action) ^ original.c:217:29: warning: unused parameter 'sock' [-Wunused-parameter] void command(FILE *log, int sock, char *action) ^ original.c:223:29: warning: unused parameter 'sock' [-Wunused-parameter] void addUser(FILE *log, int sock, char *action) ^ original.c:328:2: warning: 'snprintf' size argument is too large; destination buffer has size 512, but size argument is 1023 [-Wfortify-source] snprintf(search, sizeof(userfile)-1, "stat %s`ls %s | grep %s`", USERPATH, USERPATH, userfile); ^ original.c:365:7: warning: unused variable 'type' [-Wunused-variable] char type = 0; ^ original.c:523:23: warning: unused parameter 'signumber' [-Wunused-parameter] void spawnhandler(int signumber) ^ original.c:597:2: warning: implicit declaration of function 'daemon' is invalid in C99 [-Wimplicit-function-declaration] daemon(0,0); ^ original.c:582:14: warning: unused parameter 'argc' [-Wunused-parameter] int main(int argc, char *argv[]) ^ original.c:582:26: warning: unused parameter 'argv' [-Wunused-parameter] int main(int argc, char *argv[]) ^ 12 warnings generated. ❯ gcc -std=c11 -Wall -Wextra original.c original.c: In function 'writeSock': original.c:58:20: warning: comparison of integer expressions of different signedness: 'ssize_t' {aka 'long int'} and 'size_t' {aka 'long unsigned int'} [Wsign-compare] 58 | while (byteswrote < len) | ^ original.c: In function 'readSock': original.c:83:19: warning: comparison of integer expressions of different signedness: 'ssize_t' {aka 'long int'} and 'size_t' {aka 'long unsigned int'} [Wsign-compare] 83 | while (bytesread < len) | ^ original.c: In function 'writeArticle': original.c:106:8: warning: unused variable 'p' [-Wunused-variable] 106 | char *p; | ^ original.c: In function 'listArticles': original.c:193:50: warning: unused parameter 'action' [-Wunused-parameter] 193 | void listArticles(int sock, FILE *logfile, char *action) | ~~~~~~^~~~~~ original.c: In function 'command': original.c:217:29: warning: unused parameter 'sock' [-Wunused-parameter] 217 | void command(FILE *log, int sock, char *action) | ~~~~^~~~ original.c: In function 'addUser': original.c:223:29: warning: unused parameter 'sock' [-Wunused-parameter] 223 | void addUser(FILE *log, int sock, char *action) | ~~~~^~~~ original.c: In function 'adminFunctions': original.c:244:9: warning: variable 'len' set but not used [-Wunused-but-setvariable] 244 | size_t len; | ^~~ original.c: In function 'userFunctions': original.c:271:9: warning: variable 'len' set but not used [-Wunused-but-setvariable] 271 | size_t len; | ^~~ original.c: In function 'findar ...
Student has agreed that all tutoring, explanations, and answers provided by the tutor will be used to help in the learning process and in accordance with Studypool's honor code & terms of service.

This question has not been answered.

Create a free account to get help with this and any other question!

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors