|
secondvar = (char *) calloc(strlen(argv[1]) +1, sizeof(char)); |
|
strcpy( secondvar, argv[1] ); |
|
|
|
// hack out the variable name and = so we can get to the values. |
|
strtok( firstvar, "=" ); |
|
firstvar = strtok( NULL, "=" ); |
|
strtok( secondvar, "=" ); |
|
secondvar = strtok( NULL, "=" ); |
|
|
|
sanitizestr( firstvar ); |
|
sanitizestr( secondvar ); |
Filename: fbHttpResponse.cpp
Line: 382
CWE: 252 (Unchecked Return Value)
The result of this call to strtok() is not checked for success before being used. This can result in application instability or crashing if memory is not available. Be sure to check the result and make sure it is correct before use. Some functions return a pointer which should be validated as not NULL before use. Other functions return integers or Boolean values that must either be zero or non-zero for the results of the function to be used. Consult the API documentation to determine what a correct result is from the function call. Note: These flaws were previously reported as CWE 391. Following Mitre decision to plan for deprecation of CWE 391, CWE 252 was identified as re-categorization for these findings. References: CWE OWASP/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode
flashback-linux//fbHttpResponse.cpp
Lines 377 to 387 in 3ef6ccd
Filename: fbHttpResponse.cpp
Line: 382
CWE: 252 (Unchecked Return Value)
The result of this call to strtok() is not checked for success before being used. This can result in application instability or crashing if memory is not available. Be sure to check the result and make sure it is correct before use. Some functions return a pointer which should be validated as not NULL before use. Other functions return integers or Boolean values that must either be zero or non-zero for the results of the function to be used. Consult the API documentation to determine what a correct result is from the function call. Note: These flaws were previously reported as CWE 391. Following Mitre decision to plan for deprecation of CWE 391, CWE 252 was identified as re-categorization for these findings. References: CWE OWASP/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode