Insecure malloc function is used instead of calloc in Rollbar

Question

Insecure malloc function is used instead of calloc in Rollbar

Gautam-zodape opened this issue 2 years ago · comments

We are getting error in PEN Test for iOS application which used rollbar.
PEN Test check for the security performance of app. We used mobSF (https://mobsf.github.io/Mobile-Security-Framework-MobSF/) tool for the PEN Test.

We get following error in Security PEN Test-

Insecure malloc function is used instead of calloc :-

malloc is insecure to use and we have calloc as safe alternative of it which should be used.
Do you have any plan for updating this function in your library?
If yes then will it be available in next release or any ETA will be very helpful for me.

Gautam · Answer 1 · Mon Mar 07 2022 16:25:24 GMT+0800 (China Standard Time)

Hi Team,
I am waiting for your reply for the issue.
Could you update on it ASAP?

Cyrus Radfar · Answer 2 · Tue Mar 08 2022 10:31:39 GMT+0800 (China Standard Time)

Hi there! We are looking into this so we can follow up.

Andrey Kornich (Wide Spectrum Computing LLC) · Answer 3 · Tue Mar 08 2022 10:39:46 GMT+0800 (China Standard Time)

@Gautam-zodape, may i ask you to provide the location of the malloc call(s) in the SDK codebase?

Gautam · Answer 4 · Tue Mar 08 2022 12:15:15 GMT+0800 (China Standard Time)

Thanks for the reply..

Following are the locations and line number of the malloc function in Rollbar code -
KSKrashMonitor_NSException : Line Number 71
KSKrashMonitor_Signal : Line Number 131, 148
KSKrashMonitor_System : Line Number 130, 142
KSKrashReport : Line Number 1829
KSKrashReport_Fixer : Line Number 332, 335
KSString : Line Number 79
KSFileUtils : Line Number 171, 289
KSJSONCodecObjC : Line Number 130
KSLogger : Line Number 307

Gautam · Answer 5 · Thu Mar 10 2022 19:30:17 GMT+0800 (China Standard Time)

Hi Team
do you have any update on this ticket?

Gautam · Answer 6 · Wed Mar 23 2022 21:09:01 GMT+0800 (China Standard Time)

Please provide an update on it.