I can't solve these two warnings found by Flawfinder. Could you answer to me with an example of the correct code?
Final results:
flawfinder_exercise_old_SAL_syntax.cpp:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.<br>
flawfinder_exercise_old_SAL_syntax.cpp:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.*
This is the one in line 48:
int execute(char *buf) {
return system(buf); // pass buf as command to be executed by the OS
}
This is the one in line 36:
void copy_data(char *buf1,
char *buf2) {
memcpy(buf2,buf1,STR_SIZE);
buf2[STR_SIZE-1] = NULL; // null terminate, just in case
}