[MPlayer-dev-eng] Security Advisory
Guillaume POIRIER
poirierg at gmail.com
Sat May 21 13:36:59 CEST 2005
Hi,
On 5/20/05, Gianluigi Tiesi <mplayer at netfarm.it> wrote:
> On Fri, May 20, 2005 at 10:21:56AM +0200, Guillaume POIRIER wrote:
> > Hi there,
> > One of my colleague is working on static code analysis.
> > Among other things, he ran a static code analysis MPlayer-pre7's
> > source code with RATS (Rough Auditing Tool for Security, available at
> > http://www.securesoftware.com/resources/download_rats.html)
> > The report is available here:
> > http://tuxrip.free.fr/transperl/MPlayer/report-MPlayer.html
> >
> > Now, maybe most of the suspicious code it points out are false
> > positive, and we can just forget about it. I just wanted to "share the
> > experience"! ;-)
> >
>
> Severity: High
> Issue: LoadLibraryA
> LoadLibrary will search several places for a library if no path is
> specified, allowing trojan DLL's to be inserted elsewhere even if the
> intended DLL is correctly protected from overwriting. Make sure to
> specify the full path.
>
>
> hehehe LoadLibrary should be removed ? :), anyway the tool seams
> very intresting :)
Indeed! Just a warning though: this tool doesn't run a data-flow check
of the source, and doesn't really use context to check if the errors
are likely to really be problematic. In other words, due to its
construction RATS may still report a possible vulnerability on a code
that has been fixed.
I'll post more reports given by other static analysis tools if my
colleague happens to try more of those tools. I'd be quite interested
by what would report the Stanford checker.
Guillaume
More information about the MPlayer-dev-eng
mailing list