Security threat due to insecure functions used in lecore.m file.

[Priya1794]

Hi,

I am getting security threat in below code for lecore.m class https://github.com/LogentriesCommunity/le_ios/blob/master/lelib/lecore.m

There are 2 occurrences of "strlen()" method which is an insecure function acc to security tool.

In void le_log(const char message)* method, there is a line -
size_t length = strlen(message);

In bool is_valid_token(const char * token,size_t token_length)* method , there is a line
length = strlen(token);

Below is the issue description and reference links from security team.

Issue description : Use of insecure functions/potential dangerous functions
Reference link: https://cwe.mitre.org/data/definitions/676.html
This would explain why SECURITY TEAM is recommending the change of these functions.

Please provide solution for this as soon as possible as it is very urgent.

Thanks and Regards,
Priya Mehndiratta