Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/attr-2.4.48/tools/attr.c Examining data/attr-2.4.48/tools/setfattr.c Examining data/attr-2.4.48/tools/getfattr.c Examining data/attr-2.4.48/include/libattr.h Examining data/attr-2.4.48/include/nls.h Examining data/attr-2.4.48/include/attributes.h Examining data/attr-2.4.48/include/error_context.h Examining data/attr-2.4.48/include/misc.h Examining data/attr-2.4.48/include/walk_tree.h Examining data/attr-2.4.48/include/xattr.h Examining data/attr-2.4.48/libattr/attr_copy_action.c Examining data/attr-2.4.48/libattr/attr_copy_file.c Examining data/attr-2.4.48/libattr/libattr.h Examining data/attr-2.4.48/libattr/attr_copy_check.c Examining data/attr-2.4.48/libattr/attr_copy_fd.c Examining data/attr-2.4.48/libattr/syscalls.c Examining data/attr-2.4.48/libattr/libattr.c Examining data/attr-2.4.48/examples/copyattr.c Examining data/attr-2.4.48/libmisc/unquote.c Examining data/attr-2.4.48/libmisc/walk_tree.c Examining data/attr-2.4.48/libmisc/next_line.c Examining data/attr-2.4.48/libmisc/high_water_alloc.c Examining data/attr-2.4.48/libmisc/quote.c FINAL RESULTS: data/attr-2.4.48/examples/copyattr.c:59:6: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (vfprintf(stderr, fmt, ap)) data/attr-2.4.48/libattr/libattr.c:60:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, xfsroot_name); data/attr-2.4.48/libattr/libattr.c:62:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, trusted_name); data/attr-2.4.48/libattr/libattr.c:64:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, secure_name); data/attr-2.4.48/libattr/libattr.c:66:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, user_name); data/attr-2.4.48/libattr/libattr.c:68:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, irixname); data/attr-2.4.48/libattr/libattr.c:104:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, linuxname + length); data/attr-2.4.48/libmisc/walk_tree.c:183:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path_end, entry->d_name); data/attr-2.4.48/libmisc/walk_tree.c:231:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path_copy, path); data/attr-2.4.48/tools/setfattr.c:148:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, l); data/attr-2.4.48/tools/attr.c:82:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "s:V:g:r:lqLRS")) != EOF) { data/attr-2.4.48/tools/getfattr.c:408:16: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, CMD_LINE_OPTIONS, data/attr-2.4.48/tools/setfattr.c:205:16: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, CMD_LINE_OPTIONS, data/attr-2.4.48/include/attributes.h:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a_name[1]; /* attr name (NULL terminated) */ data/attr-2.4.48/include/attributes.h:88:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &((char *)buffer)[ ((attrlist_t *)(buffer))->al_offset[index] ]) data/attr-2.4.48/libattr/attr_copy_action.c:68:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((file = fopen(ATTR_CONF, "r")) == NULL) { data/attr-2.4.48/libattr/libattr.c:116:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXNAMELEN+16]; data/attr-2.4.48/libattr/libattr.c:145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXNAMELEN+16]; data/attr-2.4.48/libattr/libattr.c:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXNAMELEN+16]; data/attr-2.4.48/libattr/libattr.c:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXNAMELEN+16]; data/attr-2.4.48/libattr/libattr.c:224:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXNAMELEN+16]; data/attr-2.4.48/libattr/libattr.c:244:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXNAMELEN+16]; data/attr-2.4.48/libattr/libattr.c:293:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[MAXLISTLEN+1]; data/attr-2.4.48/libattr/libattr.c:294:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXNAMELEN+16]; data/attr-2.4.48/libattr/libattr.c:344:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[MAXLISTLEN+1]; data/attr-2.4.48/libattr/libattr.c:345:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXNAMELEN+16]; data/attr-2.4.48/libmisc/walk_tree.c:216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_copy[FILENAME_MAX]; data/attr-2.4.48/tools/setfattr.c:112:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename, "r"); data/attr-2.4.48/libattr/libattr.c:54:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(irixname) >= MAXNAMELEN) { data/attr-2.4.48/libattr/libattr.c:77:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(user_name); data/attr-2.4.48/libattr/libattr.c:82:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(secure_name); data/attr-2.4.48/libattr/libattr.c:87:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(trusted_name); data/attr-2.4.48/libattr/libattr.c:92:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(xfsroot_name); data/attr-2.4.48/libattr/libattr.c:269:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = roundup(strlen(name) + 1 + sizeof(aentp->a_valuelen), 8); data/attr-2.4.48/libattr/libattr.c:279:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aentp->a_name, name, size - sizeof(aentp->a_valuelen)); data/attr-2.4.48/libmisc/walk_tree.c:175:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((path_end - path) + strlen(entry->d_name) + 1 >= data/attr-2.4.48/libmisc/walk_tree.c:227:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) >= FILENAME_MAX) { data/attr-2.4.48/tools/attr.c:173:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attrlength = strlen(attrvalue); data/attr-2.4.48/tools/setfattr.c:143:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (high_water_alloc((void **)&path, &path_size, strlen(l)+1)) { data/attr-2.4.48/tools/setfattr.c:277:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(value); ANALYSIS SUMMARY: Hits = 40 Lines analyzed = 3362 in approximately 0.12 seconds (27338 lines/second) Physical Source Lines of Code (SLOC) = 2406 Hits@level = [0] 59 [1] 12 [2] 15 [3] 3 [4] 10 [5] 0 Hits@level+ = [0+] 99 [1+] 40 [2+] 28 [3+] 13 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 41.1471 [1+] 16.6251 [2+] 11.6376 [3+] 5.40316 [4+] 4.15628 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.