I uploaded my IOS application in Veracode for vulnerability scanning and got two vulnerabilities.
First One
"The result of this call to calloc() is not captured, so it cannot be checked for success. This can result in application instability or crashing if memory is not available."
This is the calloc() line:
currentElementBuffer->elements = (TBLElement*)calloc(1,sizeof(TBLElement)*100);
Second
"Standard random number generators do not provide a sufficient amount of entropy when used for security purposes. Attackers can brute force the output of pseudorandom number generators such as rand()."
I couldn't figure it out, as Iam new to this. Anyone have any Idea how to fix this, or what is the issue ?
1) You do not check the result of calloc call to see if it did succeed. It might fail if memory is constrained.
2) rand() function is not sufficiently secure, replace it with more appropriate one for your use case (probably arc4random() )