cshampoo is based on a library called csoap. While working with the original csoap code, we've found a number of security vulnerabilities. This section of our web site is dedicated to documenting those issues and any new issues that arrise. CSECA (Cshampoo SECurity Advisory) reports will be posted as issues are fixed.
There are no known security issues with any cshampoo releases.
The following problems were identified, documented and fixed before the first release of cshampoo. The issues were found during an audit of the csoap-1.1.0 code base.
|CSECA-07001||yoctohttp||Buffer overflow in hurl_parse()||Revision 28|
|CSECA-07002||yoctohttp||Buffer overflow in hurl_parse()||Revision 28|
|CSECA-07003||yoctohttp||Buffer overflow in _httpc_set_basic_authorization_header()||Revision 33|
|CSECA-07004||yoctohttp||Buffer overflow in httpd_session_main()||Revision 35|
|CSECA-07005||yoctohttp||Buffer overflow in httpd_session_main()||Revision 35|
|CSECA-07006||yoctohttp||Buffer overflow in httpc_send_header()||Revision 40|
|CSECA-07007||yoctohttp||Buffer overflow in httpc_talk_to_server()||Revision 40|
|CSECA-07008||yoctohttp||Buffer overflow in httpc_talk_to_server()||Revision 40|
|CSECA-07009||yoctohttp||Buffer overflow in httpc_header_set_date()||Revision 40|
|CSECA-07010||yoctohttp||Buffer overflow in httpc_mime_begin()||Revision 49|
|CSECA-07011||yoctohttp||Buffer overflow in httpc_mime_begin()||Revision 49|
|CSECA-07012||yoctohttp||Buffer overflow in httpc_mime_begin()||Revision 49|
|CSECA-07013||yoctohttp||Buffer overflow in httpc_mime_begin()||Revision 49|
|CSECA-07014||yoctohttp||Buffer overflow in httpc_mime_next()||Revision 49|
|CSECA-07015||yoctohttp||Buffer overflow in httpc_mime_next()||Revision 49|
|CSECA-07016||yoctohttp||Buffer overflow in httpc_mime_end()||Revision 49|
|CSECA-07017||yoctohttp||Buffer overflow in http_input_stream_new_from_file()||Revision 60|
|CSECA-07018||yoctohttp||Buffer overflow in httpd_send_header()||Revision 62|
|CSECA-07019||yoctohttp||Buffer overflow in httpd_send_header()||Revision 62|
|CSECA-07020||yoctohttp||Buffer overflow in herror_new()||Revision 62|
|CSECA-07021||yoctohttp||Buffer overflow in herror_new()||Revision 63|
|CSECA-07022||yoctohttp||Buffer overflow in part_new()||Revision 65|
|CSECA-07023||yoctohttp||Buffer overflow in part_new()||Revision 65|
|CSECA-07024||yoctohttp||Buffer overflow in part_new()||Revision 65|
|CSECA-07025||yoctohttp||Buffer overflow in part_new()||Revision 65|
|CSECA-07026||yoctohttp||Buffer overflow in httpd_mime_send_header()||Revision 65|
|CSECA-07027||yoctohttp||Buffer overflow in httpd_register_secure()||Revision 68|
|CSECA-07028||cshampoo||Buffer overflow in soap_ctx_get_file()||Revision 80|
|CSECA-07029||cshampoo||Buffer overflow in soap_env_new_with_method()||Revision 80|
Note: this list might be incomplete. Various clean-ups were done which may have ended up fixing unknown security issues. For example, the old csoap code didn't always check if malloc() failed, nor did it set pointers to NULL after free()'ing memory, nor did it always check a if a struct pointer was NULL before dereference it when attempting access its members, nor did it always zero out structs and arrays before using them, etc, etc. Those issues have mostly been corrected. Additionally, we have completely removed some functions that we didn't think were very useful. Those functions weren't checked for security bugs.