Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/checkpolicy-3.1/checkmodule.c
Examining data/checkpolicy-3.1/checkpolicy.c
Examining data/checkpolicy-3.1/checkpolicy.h
Examining data/checkpolicy-3.1/module_compiler.c
Examining data/checkpolicy-3.1/module_compiler.h
Examining data/checkpolicy-3.1/parse_util.c
Examining data/checkpolicy-3.1/parse_util.h
Examining data/checkpolicy-3.1/policy_define.c
Examining data/checkpolicy-3.1/policy_define.h
Examining data/checkpolicy-3.1/queue.c
Examining data/checkpolicy-3.1/queue.h
Examining data/checkpolicy-3.1/test/dismod.c
Examining data/checkpolicy-3.1/test/dispol.c
FINAL RESULTS:
data/checkpolicy-3.1/checkpolicy.c:1137:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, ans);
data/checkpolicy-3.1/checkpolicy.c:1289:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, ans);
data/checkpolicy-3.1/module_compiler.c:43:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 1, 2)))
data/checkpolicy-3.1/policy_define.c:92:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 1, 2)))
data/checkpolicy-3.1/policy_define.c:97:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(errormsg, ERRORMSG_LEN, fmt, ap);
data/checkpolicy-3.1/policy_define.c:128:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newid, id);
data/checkpolicy-3.1/test/dispol.c:486:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, ans);
data/checkpolicy-3.1/checkmodule.c:170:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long(argc, argv, "ho:bVEU:mMCc:", long_options, NULL)) != -1) {
data/checkpolicy-3.1/checkpolicy.c:429:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long(argc, argv, "o:t:dbU:MCFSVc:OEh", long_options, NULL)) != -1) {
data/checkpolicy-3.1/checkmodule.c:59:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_RDONLY);
data/checkpolicy-3.1/checkmodule.c:334:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *outfp = fopen(outfile, "w");
data/checkpolicy-3.1/checkpolicy.c:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ans[80 + 1], *path, *fstype;
data/checkpolicy-3.1/checkpolicy.c:540:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_RDONLY);
data/checkpolicy-3.1/checkpolicy.c:650:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfp = fopen(outfile, "w");
data/checkpolicy-3.1/checkpolicy.c:745:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ssid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:749:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tsid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:754:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tclass = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:817:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ssid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:862:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ssid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:865:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tsid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:870:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tclass = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:922:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ans, O_RDONLY);
data/checkpolicy-3.1/checkpolicy.c:981:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1067:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tclass = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1095:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ssid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1143:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(ans))
data/checkpolicy-3.1/checkpolicy.c:1154:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ssid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1158:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tsid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1163:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tclass = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1203:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oldsid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1207:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newsid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1211:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tasksid = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1216:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tclass = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1274:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pkey = atoi(ans);
data/checkpolicy-3.1/checkpolicy.c:1293:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(ans);
data/checkpolicy-3.1/module_compiler.c:54:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const flavor_str[SYM_NUM] = {
data/checkpolicy-3.1/parse_util.c:38:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen(file, "r");
data/checkpolicy-3.1/policy_define.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char source_file[PATH_MAX];
data/checkpolicy-3.1/policy_define.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errormsg[ERRORMSG_LEN + 1] = {0};
data/checkpolicy-3.1/policy_define.c:1849:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorted, r, sizeof(struct av_ioctl_range_list));
data/checkpolicy-3.1/policy_define.c:4620:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(newc->u.name, "%02x:%02x", major, minor);
data/checkpolicy-3.1/policy_define.c:5426:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newc->u.node6.addr[0], &addr.s6_addr[0], 16);
data/checkpolicy-3.1/policy_define.c:5427:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newc->u.node6.mask[0], &mask.s6_addr[0], 16);
data/checkpolicy-3.1/test/dismod.c:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *symbol_labels[9] = {
data/checkpolicy-3.1/test/dismod.c:731:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in_fp = fopen(filename, "rb")) == NULL) {
data/checkpolicy-3.1/test/dismod.c:773:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module_name[80] = { 0 };
data/checkpolicy-3.1/test/dismod.c:823:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/checkpolicy-3.1/test/dismod.c:867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ans[81], OutfileName[121];
data/checkpolicy-3.1/test/dismod.c:994:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((out_fp = fopen(OutfileName, "w")) == NULL) {
data/checkpolicy-3.1/test/dispol.c:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/checkpolicy-3.1/test/dispol.c:389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ans[81], OutfileName[121];
data/checkpolicy-3.1/test/dispol.c:400:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_RDONLY);
data/checkpolicy-3.1/test/dispol.c:496:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(ans))
data/checkpolicy-3.1/test/dispol.c:528:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((out_fp = fopen(OutfileName, "w")) == NULL) {
data/checkpolicy-3.1/checkpolicy.c:763:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:838:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scontext_len = strlen(ans);
data/checkpolicy-3.1/checkpolicy.c:877:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:920:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathlen = strlen(ans);
data/checkpolicy-3.1/checkpolicy.c:959:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:966:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:988:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1000:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1012:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1034:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1058:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1062:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1074:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1094:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1099:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1130:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1132:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = malloc((strlen(ans) + 1) * sizeof(char));
data/checkpolicy-3.1/checkpolicy.c:1141:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1172:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1225:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1263:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1282:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/checkpolicy.c:1284:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = malloc((strlen(ans) + 1) * sizeof(char));
data/checkpolicy-3.1/policy_define.c:123:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newid = (char *)malloc(strlen(id) + 1);
data/checkpolicy-3.1/policy_define.c:5180:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newc->u.ibendport.dev_name) > IB_DEVICE_NAME_MAX - 1) {
data/checkpolicy-3.1/policy_define.c:5622:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(newc->u.name);
data/checkpolicy-3.1/policy_define.c:5623:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(c->u.name);
data/checkpolicy-3.1/test/dismod.c:788:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
module_name[strlen(module_name) - 1] = '\0'; /* remove LF */
data/checkpolicy-3.1/test/dismod.c:991:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OutfileName[strlen(OutfileName) - 1] = '\0'; /* fix_string (remove LF) */
data/checkpolicy-3.1/test/dismod.c:992:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(OutfileName) == 0)
data/checkpolicy-3.1/test/dispol.c:479:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/test/dispol.c:481:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = malloc((strlen(ans) + 1) * sizeof(char));
data/checkpolicy-3.1/test/dispol.c:494:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[strlen(ans) - 1] = 0;
data/checkpolicy-3.1/test/dispol.c:525:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OutfileName[strlen(OutfileName) - 1] = '\0'; /* fix_string (remove LF) */
data/checkpolicy-3.1/test/dispol.c:526:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(OutfileName) == 0)
ANALYSIS SUMMARY:
Hits = 89
Lines analyzed = 11059 in approximately 0.27 seconds (41676 lines/second)
Physical Source Lines of Code (SLOC) = 9271
Hits@level = [0] 464 [1] 35 [2] 45 [3] 2 [4] 7 [5] 0
Hits@level+ = [0+] 553 [1+] 89 [2+] 54 [3+] 9 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 59.6484 [1+] 9.59983 [2+] 5.82461 [3+] 0.970769 [4+] 0.755043 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.