Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security problems #16

Closed
alexgarbarev opened this issue Jul 6, 2016 · 1 comment
Closed

Security problems #16

alexgarbarev opened this issue Jul 6, 2016 · 1 comment
Assignees
@etolstoy
Labels
bug

Comments

@alexgarbarev
Copy link

Hi everyone.
Our customer used security scanners to check app for security issues. Our app used RamblerTyphoonUtils.

Scanner complained with:

Signed integer strlen at line 64 of /Pods/RamblerTyphoonUtils/Code/Testing/AssemblyTesting/RamblerTyphoonAssemblyTestUtilities.m specifies size of memory to allocate.

66.      char buffer[1 + strlen(attributes)];

And I can agree that stack allocation with unpredictable length can be dangerous, or at least looks like.

I suggest removing that method for getting property type and use

[TyphoonIntrospectionUtils typeForPropertyNamed: inClass: ]

for that.
Aslo see

[TyphoonIntrospectionUtils propertiesForClass: upToParentClass:]

I think these methods can be handy, since RamblerTyphoonUtils depends on Typhoon
@etolstoy
Copy link
Collaborator

Hi, @alexgarbarev! Thanks for your report, we'll fix it ASAP.

@etolstoy etolstoy added the bug label Jul 12, 2016
@etolstoy etolstoy self-assigned this Jul 12, 2016
etolstoy pushed a commit that referenced this issue Jul 18, 2016
Fixed security issue (#16)
aec84d1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@etolstoy etolstoy

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexgarbarev @etolstoy