Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/chiark-tcl-1.3.4/adns/adns.c Examining data/chiark-tcl-1.3.4/adns/chiark_tcl_adns.h Examining data/chiark-tcl-1.3.4/base/chiark-tcl-base.h Examining data/chiark-tcl-1.3.4/base/chiark-tcl.h Examining data/chiark-tcl-1.3.4/base/enum.c Examining data/chiark-tcl-1.3.4/base/hook.c Examining data/chiark-tcl-1.3.4/base/idtable.c Examining data/chiark-tcl-1.3.4/base/parse.c Examining data/chiark-tcl-1.3.4/base/scriptinv.c Examining data/chiark-tcl-1.3.4/base/tcmdiflib.c Examining data/chiark-tcl-1.3.4/cdb/chiark_tcl_cdb.h Examining data/chiark-tcl-1.3.4/cdb/lookup.c Examining data/chiark-tcl-1.3.4/cdb/readonly.c Examining data/chiark-tcl-1.3.4/cdb/writeable.c Examining data/chiark-tcl-1.3.4/crypto/algtables.c Examining data/chiark-tcl-1.3.4/crypto/bcmode.c Examining data/chiark-tcl-1.3.4/crypto/chiark_tcl_crypto.h Examining data/chiark-tcl-1.3.4/crypto/crypto.c Examining data/chiark-tcl-1.3.4/crypto/crypto.h Examining data/chiark-tcl-1.3.4/crypto/hash.c Examining data/chiark-tcl-1.3.4/crypto/hook.c Examining data/chiark-tcl-1.3.4/dgram/chiark_tcl_dgram.h Examining data/chiark-tcl-1.3.4/dgram/dgram.c Examining data/chiark-tcl-1.3.4/dgram/dgram.h Examining data/chiark-tcl-1.3.4/dgram/hook.c Examining data/chiark-tcl-1.3.4/dgram/misc.c Examining data/chiark-tcl-1.3.4/dgram/sockaddr.c Examining data/chiark-tcl-1.3.4/hbytes/chiark_tcl_hbytes.h Examining data/chiark-tcl-1.3.4/hbytes/chop.c Examining data/chiark-tcl-1.3.4/hbytes/hbytes.c Examining data/chiark-tcl-1.3.4/hbytes/hbytes.h Examining data/chiark-tcl-1.3.4/hbytes/hook.c Examining data/chiark-tcl-1.3.4/hbytes/parse.c Examining data/chiark-tcl-1.3.4/hbytes/ulongs.c Examining data/chiark-tcl-1.3.4/maskmap/addrmap.c Examining data/chiark-tcl-1.3.4/maskmap/maskmap-bits.c Examining data/chiark-tcl-1.3.4/maskmap/maskmap.c Examining data/chiark-tcl-1.3.4/tuntap/chiark_tcl_tuntap.h Examining data/chiark-tcl-1.3.4/tuntap/tuntap.c Examining data/chiark-tcl-1.3.4/wiringpi/chiark_tcl_wiringpi.h Examining data/chiark-tcl-1.3.4/wiringpi/wiringpi.c FINAL RESULTS: data/chiark-tcl-1.3.4/cdb/writeable.c:55:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pb->sfx, suffix); data/chiark-tcl-1.3.4/cdb/writeable.c:386:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), arg2fmt, al); data/chiark-tcl-1.3.4/crypto/bcmode.c:31:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. alg->encrypt.crypt(sch, data, data); data/chiark-tcl-1.3.4/crypto/bcmode.c:50:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. alg->decrypt.crypt(sch, data, data); data/chiark-tcl-1.3.4/crypto/bcmode.c:71:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. alg->encrypt.crypt(sch, buf, buf); data/chiark-tcl-1.3.4/crypto/bcmode.c:90:16: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. alg->encrypt.crypt(sch, buf, buf); data/chiark-tcl-1.3.4/crypto/bcmode.c:101:45: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. (encr ? &alg->encrypt : &alg->decrypt)->crypt(sch, data, data); data/chiark-tcl-1.3.4/crypto/bcmode.c:117:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. alg->encrypt.crypt(sch, counter, cipher); data/chiark-tcl-1.3.4/crypto/crypto.h:56:10: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. void (*crypt)(const void *schedule, const void *in, void *out); data/chiark-tcl-1.3.4/dgram/sockaddr.c:141:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s.sun.sun_path, path); data/chiark-tcl-1.3.4/tuntap/tuntap.c:36:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ifr.ifr_name, ifname); data/chiark-tcl-1.3.4/tuntap/tuntap.c:54:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sock->ifname, ifr.ifr_name); data/chiark-tcl-1.3.4/base/enum.c:102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/chiark-tcl-1.3.4/base/hook.c:71:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, part, pl); data/chiark-tcl-1.3.4/base/hook.c:90:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). urandom= fopen(URANDOM,"rb"); data/chiark-tcl-1.3.4/base/idtable.c:199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[75]; data/chiark-tcl-1.3.4/cdb/readonly.c:47:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ro->fd= open(path, O_RDONLY); data/chiark-tcl-1.3.4/cdb/writeable.c:50:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pb->buf, pathb, l); data/chiark-tcl-1.3.4/cdb/writeable.c:218:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *lockfd_r= open(pathbuf_sfx(pb,".lock"), O_RDWR|O_CREAT, lockmode); data/chiark-tcl-1.3.4/cdb/writeable.c:243:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[20], *p, *ep; data/chiark-tcl-1.3.4/cdb/writeable.c:361:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f= fopen(pathbuf_sfx(&pb, ".tmp"), "w"); data/chiark-tcl-1.3.4/cdb/writeable.c:385:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/chiark-tcl-1.3.4/cdb/writeable.c:456:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mainfd= open(pathbuf_sfx(&rw->pbsome,".main"), O_RDONLY); data/chiark-tcl-1.3.4/cdb/writeable.c:463:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rw->cdb_fd= open(pathbuf_sfx(&rw->pbsome,".cdb"), O_RDONLY); data/chiark-tcl-1.3.4/cdb/writeable.c:478:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rw->logfile= fopen(pathbuf_sfx(&rw->pbsome,".jrn"), "r+"); data/chiark-tcl-1.3.4/cdb/writeable.c:481:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rw->logfile= fopen(rw->pbsome.buf, "w"); data/chiark-tcl-1.3.4/cdb/writeable.c:501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/chiark-tcl-1.3.4/cdb/writeable.c:605:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/chiark-tcl-1.3.4/cdb/writeable.c:643:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). a.mainfile= fopen(pathbuf_sfx(&rw->pbsome,".main"), "r"); data/chiark-tcl-1.3.4/cdb/writeable.c:679:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cdbfd= open(pathbuf_sfx(&rw->pbsome,".tmp"), O_WRONLY|O_CREAT|O_TRUNC, 0666); data/chiark-tcl-1.3.4/cdb/writeable.c:702:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). a.mainfile= fopen(pathbuf_sfx(&rw->pbsome,".tmp"), "w"); data/chiark-tcl-1.3.4/cdb/writeable.c:822:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rw->cdb_fd= open(pathbuf_sfx(&rw->pbsome,".cdb"), O_RDONLY); data/chiark-tcl-1.3.4/cdb/writeable.c:827:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rw->logfile= fopen(pathbuf_sfx(&rw->pbsome,".jrn"), "w"); data/chiark-tcl-1.3.4/cdb/writeable.c:881:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(htv_fillptr(val), data, dlen); data/chiark-tcl-1.3.4/cdb/writeable.c:905:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rw->logfile= fopen(pathbuf_sfx(&rw->pbsome,".jrn"), "r+"); data/chiark-tcl-1.3.4/crypto/bcmode.c:27:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chain,iv,blocksize); data/chiark-tcl-1.3.4/crypto/bcmode.c:32:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chain, data, blocksize); data/chiark-tcl-1.3.4/crypto/bcmode.c:46:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chain,iv,blocksize); data/chiark-tcl-1.3.4/crypto/bcmode.c:49:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chain + (cchain^blocksize), data, blocksize); data/chiark-tcl-1.3.4/crypto/bcmode.c:65:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,iv,blocksize); data/chiark-tcl-1.3.4/crypto/bcmode.c:68:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + blocksize, data, blocksize); data/chiark-tcl-1.3.4/crypto/bcmode.c:115:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(counter, iv, blocksize); data/chiark-tcl-1.3.4/crypto/crypto.c:180:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dup->value, src->value, src->valuelen); data/chiark-tcl-1.3.4/crypto/crypto.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val->value, cht_hb_data(OBJ_HBYTES(o)), l); data/chiark-tcl-1.3.4/crypto/crypto.c:290:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->buffers, cht_hb_data(iv), iv_supplied); data/chiark-tcl-1.3.4/crypto/crypto.c:411:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->buffers, key->value, key->valuelen); data/chiark-tcl-1.3.4/crypto/crypto.c:428:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->buffers, key->alpha, alg->statesize); data/chiark-tcl-1.3.4/crypto/crypto.c:432:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->buffers, key->beta, alg->statesize); data/chiark-tcl-1.3.4/crypto/hash.c:76:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_v, old, len); data/chiark-tcl-1.3.4/dgram/sockaddr.c:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(begin, a, al); data/chiark-tcl-1.3.4/dgram/sockaddr.c:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char i46buf[INET6_ADDRSTRLEN], portbuf[50]; data/chiark-tcl-1.3.4/dgram/sockaddr.c:150:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, str, pl); data/chiark-tcl-1.3.4/hbytes/chop.c:42:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, cht_hb_data(OBJ_HBYTES(strv[i])), tl); data/chiark-tcl-1.3.4/hbytes/hbytes.c:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cht_hb_arrayspace(returns,l), array, l); data/chiark-tcl-1.3.4/hbytes/hook.c:78:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str,prefix,pl); data/chiark-tcl-1.3.4/hbytes/hook.c:82:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str,"%02x",*byte); data/chiark-tcl-1.3.4/hbytes/hook.c:102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[3]; data/chiark-tcl-1.3.4/hbytes/hook.c:188:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cht_hb_data(v.hb) + start, cht_hb_data(&sub), sub_l); data/chiark-tcl-1.3.4/hbytes/hook.c:218:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, sub_d, sub_l); data/chiark-tcl-1.3.4/hbytes/ulongs.c:279:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[9]; data/chiark-tcl-1.3.4/hbytes/ulongs.c:297:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((Byte*)&ul + 4 - l, cht_hb_data(OBJ_HBYTES(o)), l); data/chiark-tcl-1.3.4/maskmap/addrmap.c:148:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dme->start, sme->start, sm->byl); data/chiark-tcl-1.3.4/maskmap/addrmap.c:268:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ame->start, rangeptrs[0], am->byl); data/chiark-tcl-1.3.4/maskmap/maskmap.c:79:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ame->prefix, data, wantprefixbytes); data/chiark-tcl-1.3.4/maskmap/maskmap.c:294:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragment->prefix, new.prefix, fragmentbytes); data/chiark-tcl-1.3.4/maskmap/maskmap.c:337:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(am.entries + replace_start, data/chiark-tcl-1.3.4/tuntap/tuntap.c:39:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd= open("/dev/net/tun", O_RDWR); data/chiark-tcl-1.3.4/base/enum.c:117:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(strlen(supplied) == 1 && data/chiark-tcl-1.3.4/base/hook.c:79:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cht_obj_updatestr_vstringls(o, str, strlen(str), (char*)0); data/chiark-tcl-1.3.4/base/idtable.c:91:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l= strlen(idds->valprefix); data/chiark-tcl-1.3.4/base/idtable.c:207:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). idds->valprefix, strlen(idds->valprefix), data/chiark-tcl-1.3.4/base/idtable.c:208:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf, strlen(buf), data/chiark-tcl-1.3.4/cdb/writeable.c:47:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l= strlen(pathb); data/chiark-tcl-1.3.4/cdb/writeable.c:54:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(suffix) <= MAX_SUFFIX); data/chiark-tcl-1.3.4/cdb/writeable.c:211:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). um= umask(~(mode_t)0); data/chiark-tcl-1.3.4/cdb/writeable.c:212:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(um); data/chiark-tcl-1.3.4/cdb/writeable.c:248:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c= getc(f); if (c==EOF) return -2; data/chiark-tcl-1.3.4/cdb/writeable.c:281:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c= getc(f); data/chiark-tcl-1.3.4/cdb/writeable.c:297:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c= getc(f); if (c!='-') goto x2_free_keyval; data/chiark-tcl-1.3.4/cdb/writeable.c:298:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c= getc(f); if (c!='>') goto x2_free_keyval; data/chiark-tcl-1.3.4/cdb/writeable.c:303:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c= getc(f); if (c!='\n') goto x2_free_keyval; data/chiark-tcl-1.3.4/cdb/writeable.c:321:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r= fprintf(f, "+%d,%d:%s->", (int)strlen(key), val->len, key); data/chiark-tcl-1.3.4/cdb/writeable.c:583:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return cdb_make_add(&a->cdbm, key, strlen(key), val->data, val->len); data/chiark-tcl-1.3.4/cdb/writeable.c:868:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key) >= KEYLEN_MAX) data/chiark-tcl-1.3.4/cdb/writeable.c:957:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return cht_cdb_lookup_cdb(ip, &rw->cdb, key, strlen(key), data_r, len_r); data/chiark-tcl-1.3.4/dgram/sockaddr.c:109:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prepend, strlen(prepend), data/chiark-tcl-1.3.4/dgram/sockaddr.c:110:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string, strlen(string), data/chiark-tcl-1.3.4/dgram/sockaddr.c:138:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) >= sizeof(s.sun.sun_path)) data/chiark-tcl-1.3.4/hbytes/hook.c:73:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pl= strlen(prefix); data/chiark-tcl-1.3.4/tuntap/tuntap.c:34:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ifname) > IFNAMSIZ-1) return data/chiark-tcl-1.3.4/tuntap/tuntap.c:53:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sock->ifname= TALLOC(strlen(ifr.ifr_name)+1); data/chiark-tcl-1.3.4/tuntap/tuntap.c:98:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sz= read(sock->fd, sock->msg_buf, sock->mtu); data/chiark-tcl-1.3.4/wiringpi/wiringpi.c:188:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). SIMPLE_READER_OP(read, digitalRead) ANALYSIS SUMMARY: Hits = 93 Lines analyzed = 6902 in approximately 0.25 seconds (27074 lines/second) Physical Source Lines of Code (SLOC) = 4528 Hits@level = [0] 12 [1] 26 [2] 55 [3] 0 [4] 12 [5] 0 Hits@level+ = [0+] 105 [1+] 93 [2+] 67 [3+] 12 [4+] 12 [5+] 0 Hits/KSLOC@level+ = [0+] 23.189 [1+] 20.5389 [2+] 14.7968 [3+] 2.65018 [4+] 2.65018 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.