Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure API when using in React Native iOS app #892

Closed
master4-2021 opened this issue Feb 6, 2023 · 1 comment
Closed

Insecure API when using in React Native iOS app #892

master4-2021 opened this issue Feb 6, 2023 · 1 comment
Labels
duplicate

Comments

@master4-2021
Copy link

There are some insecure APIs that exists in this repository that Apple considered insecure and recommended not using:
https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html#//apple_ref/doc/uid/TP40002577-SW1

These are reported when using Mobile Security Framework (https://github.com/MobSF/Mobile-Security-Framework-MobSF) to scan the IPA.

strncpy:

glog/src/symbolize.cc

Line 658 in 6ed0c9e

strncpy(out_file_name, cursor, out_file_name_size);

glog/src/symbolize.cc

Line 729 in 6ed0c9e

strncpy(dest, source, dest_size);

glog/src/demangle.cc

Line 1344 in a34226c

strncpy(buffer, lparen + 1, length);

I understand that the use of these function does not definitely leads to security issues, but I want to bring this to your attention, and check if these are safe to use within our application.
@sergiud
Copy link
Collaborator

sergiud commented Feb 22, 2023

Issue wording almost entirely copy pasted from #889.

@sergiud sergiud closed this as not planned Won't fix, can't repro, duplicate, stale Feb 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sergiud @master4-2021