Removed junk files using svn delete, which should work better than last time :)

git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@4 5c01084b-1f27-0410-9f85-80411afe95dc
This commit is contained in:
dwheeler 2007-01-16 03:01:55 +00:00
parent 1ff26b75e5
commit c6f92732f1
1 changed files with 0 additions and 114 deletions

View File

@ -1,114 +0,0 @@
From - Sun Nov 4 11:39:04 2001
X-UIDL: 4bd5a7eeb0e24a21ff091e0d7f4cec01
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <laz@clustermonkey.org>
Received: from cs.ida.org by fricka.csed.ida.org (SMI-8.6/SMI-SVR4)
id WAA06993; Fri, 2 Nov 2001 22:22:00 -0500
Received: from mailhost.nl (webframe.nl [212.204.207.201])
by cs.ida.org (Switch-2.2.0/Switch-2.2.0) with SMTP id fA33Lxp18254
for <dwheeler@ida.org>; Fri, 2 Nov 2001 22:21:59 -0500 (EST)
Received: from x-o.clustermonkey.org (postfix@x-o.clustermonkey.org [64.242.77.225])
by mailhost.nl (8.9.3/8.9.3) with ESMTP id EAA12369
for <dwheeler@dwheeler.com>; Sat, 3 Nov 2001 04:21:56 +0100
Received: by x-o.clustermonkey.org (Postfix, from userid 1000)
id 6B96B61E92B; Fri, 2 Nov 2001 22:21:54 -0500 (EST)
Date: Fri, 2 Nov 2001 22:21:54 -0500
From: Adam Lazur <zal@debian.org>
To: "David A. Wheeler" <dwheeler@dwheeler.com>
Subject: [arthur@tiefighter.et.tudelft.nl: Bug#118025: flawfinder does not detect multiline strings right]
Message-ID: <20011102222154.B24827@clustermonkey.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="rwEMma7ioTxnRzrJ"
Content-Disposition: inline
User-Agent: Mutt/1.3.23i
X-UIDL: 4bd5a7eeb0e24a21ff091e0d7f4cec01
--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Attached is the first bug report from the Debian package of flawfinder.
Replies can be sent to 118025@bugs.debian.org and they will be appended
to the bug's history and also sent to the bug submitter. The bug history
can be found at: http://bugs.debian.org/118025
--
Adam Lazur, Cluster Monkey
--rwEMma7ioTxnRzrJ
Content-Type: message/rfc822
Content-Disposition: inline
X-Envelope-From: debbugs@master.debian.org Fri Nov 2 10:09:37 2001
Return-Path: <debbugs@master.debian.org>
Delivered-To: laz@clustermonkey.org
Received: from master.debian.org (unknown [216.234.231.5])
by x-o.clustermonkey.org (Postfix) with ESMTP id 981EF61E913
for <adam@lazur.org>; Fri, 2 Nov 2001 10:09:37 -0500 (EST)
Received: from debbugs by master.debian.org with local (Exim 3.12 1 (Debian))
id 15zfqY-0007Zt-00; Fri, 02 Nov 2001 09:03:02 -0600
Subject: Bug#118025: flawfinder does not detect multiline strings right
Reply-To: arthur@tiefighter.et.tudelft.nl, 118025@bugs.debian.org
Resent-From: arthur@tiefighter.et.tudelft.nl
Resent-To: debian-bugs-dist@lists.debian.org
Resent-Cc: Adam Lazur <zal@debian.org>
Resent-Date: Fri, 02 Nov 2001 15:03:02 GMT
Resent-Message-ID: <handler.118025.B.100471287428113@bugs.debian.org>
X-Debian-PR-Message: report 118025
X-Debian-PR-Package: flawfinder
X-Loop: owner@bugs.debian.org
Received: via spool by submit@bugs.debian.org id=B.100471287428113
(code B ref -1); Fri, 02 Nov 2001 15:03:02 GMT
From: arthur@tiefighter.et.tudelft.nl
X-Authentication-Warning: ch.twi.tudelft.nl: arthur owned process doing -bs
Date: Fri, 2 Nov 2001 15:54:02 +0100 (CET)
X-Sender: arthur@ch.twi.tudelft.nl
To: submit@bugs.debian.org
Message-ID: <Pine.LNX.4.21.0111021507380.11135-100000@ch.twi.tudelft.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: submit@bugs.debian.org
Resent-Sender: Debian BTS <debbugs@master.debian.org>
Package: flawfinder
Version: 0.17-1
Severity: normal
Does strange things with respect to strings that are spread over multiple
lines.
Sample code:
1: static void a()
2: {
3: printf(_("a"));
4: printf(_("b"
5: "c"));
6: printf("a");
7: printf("b"
8: "c");
9: }
Flawfinder output (partial):
/tmp/tst.c:4 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
One would expect flawfinder either to report lines 3 and 4 as possible
security riscs or lines 4 and 7. This is not expected behaviour.
On a sindenote a disclaimer may be in order about the accuracy of the
results. All things flawfinder reported on my code were no security
threats.
-- arthur - arthur@tiefighter.et.tudelft.nl - http://tiefighter.et.tudelft.nl/~arthur --
--rwEMma7ioTxnRzrJ--