[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #TXB-774930]: LDM Fortify Security Scan



Leo,

> Attached is the most detailed report available with Fortify (Developer 
> Workbook).  Our Tools team also select all options for the Executive Summary 
> report.

I'll have to think about the reported issues with the libxml2 subpackage 
because I'm not the developer of that package.

Do you already have an XML2 library on your systems (e.g., /usr/lib/libxml2.a, 
/usr/lib/libxml2.so)? If so, would you be willing to use it?

The following issues are with the LDM code proper:

backend.c, line 331 (Dangerous Function: strcpy()): This use of strcpy() in 
this instance is safe by inspection.
backend.c: line 1007 (Double Free): Fixed in the next release.
conftest.c, line 89 (Process Control): The file "conftest.c" is a feature 
test-file created during build-time by the configure(1) script. It may safely 
be ignored.
backend.c, line 1007 (Use After Free): Fixed in the next release.

The report says that it found 259 issues, but only 82 issues were detailed. Why 
the discrepancy?

> Regards,
> 
> //SIGNED//
> Leo R. Rivard, Contractor, AFWA/SEMS
> SEMS II Database Architect
> Northrop Grumman Information Systems
> email: address@hidden
> COMM: 402-232-0271 / DSN: 272-0271
> Alternate Email: address@hidden

Regards,
Steve Emmerson

Ticket Details
===================
Ticket ID: TXB-774930
Department: Support LDM
Priority: Normal
Status: Closed


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.