Remove InitialCriticalSection
This is no longer a vulnerability on widely-used Windows versions. See: https://github.com/david-a-wheeler/flawfinder/issues/19 Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This commit is contained in:
parent
41857c6364
commit
7321f9f19c
16
flawfinder
16
flawfinder
|
@ -1277,10 +1277,18 @@ c_ruleset = {
|
||||||
"Use InitializeCriticalSectionAndSpinCount instead",
|
"Use InitializeCriticalSectionAndSpinCount instead",
|
||||||
"misc", "", {}),
|
"misc", "", {}),
|
||||||
|
|
||||||
"EnterCriticalSection":
|
# We have *removed* the check for EnterCriticalSection.
|
||||||
(normal, 3, "On some versions of Windows, exceptions can be thrown in low-memory situations",
|
# The page from the "book Writing Secure Code" describes
|
||||||
"Use InitializeCriticalSectionAndSpinCount instead",
|
# EnterCriticalSection as something that will not throw errors on XP,
|
||||||
"misc", "", {}),
|
# .NET Server, and later. Windows XP EOL in April 8, 2014,
|
||||||
|
# .Net Server EOL 14 July 2015, so users of those systems will have
|
||||||
|
# larger security issues anyway.
|
||||||
|
# My thanks to rgetz for reporting this. For details, see:
|
||||||
|
# https://github.com/david-a-wheeler/flawfinder/issues/19
|
||||||
|
# "EnterCriticalSection":
|
||||||
|
# (normal, 3, "On some versions of Windows, exceptions can be thrown in low-memory situations",
|
||||||
|
# "Use InitializeCriticalSectionAndSpinCount instead",
|
||||||
|
# "misc", "", {}),
|
||||||
|
|
||||||
"LoadLibrary|LoadLibraryEx":
|
"LoadLibrary|LoadLibraryEx":
|
||||||
(normal, 3, "Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20)",
|
(normal, 3, "Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20)",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
Flawfinder version 2.0.11, (C) 2001-2019 David A. Wheeler.
|
Flawfinder version 2.0.11, (C) 2001-2019 David A. Wheeler.
|
||||||
Showing hits not in test-saved-hitlist-008.txt
|
Showing hits not in test-saved-hitlist-008.txt
|
||||||
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
|
Number of rules (primarily dangerous function names) in C/C++ ruleset: 222
|
||||||
|
|
||||||
ANALYSIS SUMMARY:
|
ANALYSIS SUMMARY:
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
Here are the security scan results from
|
Here are the security scan results from
|
||||||
<a href="https://dwheeler.com/flawfinder">Flawfinder version 2.0.11</a>,
|
<a href="https://dwheeler.com/flawfinder">Flawfinder version 2.0.11</a>,
|
||||||
(C) 2001-2019 <a href="https://dwheeler.com">David A. Wheeler</a>.
|
(C) 2001-2019 <a href="https://dwheeler.com">David A. Wheeler</a>.
|
||||||
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
|
Number of rules (primarily dangerous function names) in C/C++ ruleset: 222
|
||||||
<p>
|
<p>
|
||||||
Examining test.c <br>
|
Examining test.c <br>
|
||||||
Examining test2.c <br>
|
Examining test2.c <br>
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
Flawfinder version 2.0.11, (C) 2001-2019 David A. Wheeler.
|
Flawfinder version 2.0.11, (C) 2001-2019 David A. Wheeler.
|
||||||
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
|
Number of rules (primarily dangerous function names) in C/C++ ruleset: 222
|
||||||
Examining test.c
|
Examining test.c
|
||||||
Examining test2.c
|
Examining test2.c
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue