Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chmlib-0.40a/src/test_chmLib.c
Examining data/chmlib-0.40a/src/extract_chmLib.c
Examining data/chmlib-0.40a/src/enum_chmLib.c
Examining data/chmlib-0.40a/src/lzx.h
Examining data/chmlib-0.40a/src/chm_lib.c
Examining data/chmlib-0.40a/src/chm_http.c
Examining data/chmlib-0.40a/src/chm_lib.h
Examining data/chmlib-0.40a/src/lzx.c
Examining data/chmlib-0.40a/src/enumdir_chmLib.c
FINAL RESULTS:
data/chmlib-0.40a/src/chm_http.c:307:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, CONTENT_404);
data/chmlib-0.40a/src/chm_http.c:363:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, CONTENT_500);
data/chmlib-0.40a/src/extract_chmLib.c:27:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/chmlib-0.40a/src/extract_chmLib.c:27:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/chmlib-0.40a/src/extract_chmLib.c:138:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newbuf, buffer);
data/chmlib-0.40a/src/chm_http.c:90:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
o = getopt_long (c, v, "n:b:h", longopts, &optindex);
data/chmlib-0.40a/src/chm_lib.c:94:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(a)); \
data/chmlib-0.40a/src/chm_lib.c:97:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(a)); \
data/chmlib-0.40a/src/chm_lib.c:813:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&newHandle->mutex);
data/chmlib-0.40a/src/chm_lib.c:814:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&newHandle->lzx_mutex);
data/chmlib-0.40a/src/chm_lib.c:815:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&newHandle->cache_mutex);
data/chmlib-0.40a/src/chm_http.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_bind[65536] = "0.0.0.0";
data/chmlib-0.40a/src/chm_http.c:99:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_port = atoi (optarg);
data/chmlib-0.40a/src/chm_http.c:295:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[65536];
data/chmlib-0.40a/src/chm_http.c:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/chmlib-0.40a/src/chm_http.c:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[4096];
data/chmlib-0.40a/src/chm_lib.c:181:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy __builtin_memcpy
data/chmlib-0.40a/src/chm_lib.c:209:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, (*pData), count);
data/chmlib-0.40a/src/chm_lib.c:222:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, (*pData), count);
data/chmlib-0.40a/src/chm_lib.c:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 0 (ITSF) */
data/chmlib-0.40a/src/chm_lib.c:422:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 0 (ITSP) */
data/chmlib-0.40a/src/chm_lib.c:476:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char _chm_pmgl_marker[4] = "PMGL";
data/chmlib-0.40a/src/chm_lib.c:480:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 0 (PMGL) */
data/chmlib-0.40a/src/chm_lib.c:510:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char _chm_pmgi_marker[4] = "PMGI";
data/chmlib-0.40a/src/chm_lib.c:514:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 0 (PMGI) */
data/chmlib-0.40a/src/chm_lib.c:580:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; /* 4 (LZXC) */
data/chmlib-0.40a/src/chm_lib.c:753:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sbuffer[256];
data/chmlib-0.40a/src/chm_lib.c:803:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newHandle->fd=open(filename, O_RDONLY)) == CHM_NULL_FD)
data/chmlib-0.40a/src/chm_lib.c:1172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CHM_MAX_PATHLEN+1];
data/chmlib-0.40a/src/chm_lib.c:1216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CHM_MAX_PATHLEN+1];
data/chmlib-0.40a/src/chm_lib.c:1529:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,
data/chmlib-0.40a/src/chm_lib.c:1550:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ubuffer+nOffset, (unsigned int)nLen);
data/chmlib-0.40a/src/chm_lib.c:1764:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefixRectified[CHM_MAX_PATHLEN+1];
data/chmlib-0.40a/src/chm_lib.c:1766:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastPath[CHM_MAX_PATHLEN+1];
data/chmlib-0.40a/src/chm_lib.h:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[CHM_MAX_PATHLEN+1];
data/chmlib-0.40a/src/enum_chmLib.c:39:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuf[128];
data/chmlib-0.40a/src/enum_chmLib.c:42:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szBuf, "normal ");
data/chmlib-0.40a/src/enum_chmLib.c:44:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szBuf, "special ");
data/chmlib-0.40a/src/enum_chmLib.c:46:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szBuf, "meta ");
data/chmlib-0.40a/src/enum_chmLib.c:49:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szBuf, "dir");
data/chmlib-0.40a/src/enum_chmLib.c:51:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szBuf, "file");
data/chmlib-0.40a/src/enumdir_chmLib.c:39:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuf[128];
data/chmlib-0.40a/src/enumdir_chmLib.c:42:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szBuf, "normal ");
data/chmlib-0.40a/src/enumdir_chmLib.c:44:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szBuf, "special ");
data/chmlib-0.40a/src/enumdir_chmLib.c:46:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szBuf, "meta ");
data/chmlib-0.40a/src/enumdir_chmLib.c:49:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szBuf, "dir");
data/chmlib-0.40a/src/enumdir_chmLib.c:51:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szBuf, "file");
data/chmlib-0.40a/src/extract_chmLib.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32768];
data/chmlib-0.40a/src/extract_chmLib.c:134:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(buffer, "wb")) == NULL)
data/chmlib-0.40a/src/extract_chmLib.c:137:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newbuf[32768];
data/chmlib-0.40a/src/extract_chmLib.c:142:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(buffer, "wb")) == NULL)
data/chmlib-0.40a/src/lzx.c:38:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy __builtin_memcpy
data/chmlib-0.40a/src/lzx.c:715:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(window + window_posn, inpos, (size_t) this_run);
data/chmlib-0.40a/src/lzx.c:727:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outpos, window + ((!window_posn) ? window_size : window_posn) - outlen, (size_t) outlen);
data/chmlib-0.40a/src/lzx.c:777:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w = atoi(v[1]);
data/chmlib-0.40a/src/lzx.c:779:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(v[2], "wb");
data/chmlib-0.40a/src/lzx.c:782:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(v[i], "rb");
data/chmlib-0.40a/src/test_chmLib.c:62:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ui.length];
data/chmlib-0.40a/src/test_chmLib.c:78:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fout = fopen(v[3], "wb")) == NULL)
data/chmlib-0.40a/src/chm_http.c:108:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (config_bind, optarg, 65536);
data/chmlib-0.40a/src/chm_http.c:343:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, INTERNAL_ERROR, strlen(INTERNAL_ERROR));
data/chmlib-0.40a/src/chm_lib.c:182:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strlen __builtin_strlen
data/chmlib-0.40a/src/chm_lib.c:731:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readLen = read(h->fd, buf, len);
data/chmlib-0.40a/src/chm_lib.c:736:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readLen = read(h->fd, buf, len);
data/chmlib-0.40a/src/chm_lib.c:1678:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ui_path_len = strlen(ui.path)-1;
data/chmlib-0.40a/src/chm_lib.c:1776:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefixRectified, prefix, CHM_MAX_PATHLEN);
data/chmlib-0.40a/src/chm_lib.c:1778:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixLen = strlen(prefixRectified);
data/chmlib-0.40a/src/chm_lib.c:1854:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lastPath, ui.path, CHM_MAX_PATHLEN);
data/chmlib-0.40a/src/chm_lib.c:1856:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastPathLen = strlen(lastPath);
data/chmlib-0.40a/src/chm_lib.c:1859:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ui_path_len = strlen(ui.path)-1;
data/chmlib-0.40a/src/extract_chmLib.c:124:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ui_path_len = strlen(ui->path)-1;
ANALYSIS SUMMARY:
Hits = 71
Lines analyzed = 3796 in approximately 0.17 seconds (22606 lines/second)
Physical Source Lines of Code (SLOC) = 2625
Hits@level = [0] 54 [1] 12 [2] 48 [3] 6 [4] 5 [5] 0
Hits@level+ = [0+] 125 [1+] 71 [2+] 59 [3+] 11 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 47.619 [1+] 27.0476 [2+] 22.4762 [3+] 4.19048 [4+] 1.90476 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.