Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ddrutility-2.8/ddrutility_help.h
Examining data/ddrutility-2.8/ddru_ntfsfindbad.c
Examining data/ddrutility-2.8/ddru_ntfsbitmap.c
Examining data/ddrutility-2.8/ddru_ntfscommon.c
Examining data/ddrutility-2.8/ddru_ntfsfindbad_help.h
Examining data/ddrutility-2.8/ddru_ntfscommon.h
Examining data/ddrutility-2.8/ddrutility.c
Examining data/ddrutility-2.8/ddru_diskutility_help.h
Examining data/ddrutility-2.8/ddru_diskutility.c
Examining data/ddrutility-2.8/ddru_ntfsbitmap_help.h
FINAL RESULTS:
data/ddrutility-2.8/ddru_diskutility.c:416:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (file_name, device_name);
data/ddrutility-2.8/ddru_ntfsbitmap.c:274:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp_file, "%s.log", source_bootsec_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:277:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp_file, "%s.log", source_mft_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:304:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (destination_file, "%s", source_bootsec_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:305:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (log_file, "%s.log", source_bootsec_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:402:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "ddrescue %s -i%lld -o%lld -s%lld %s \'%s\' \'%s\'", ddrescue_options, input_offset, output_offset, data_size, source_disk, destination_file, log_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:407:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return_value = system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:432:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "ddrescuelog -D -v -i%lld -s%lld \'%s\'", input_offset, data_size, log_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:433:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return_value = system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:445:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "ddrescue --fill=-*/? %s -i%lld -o%lld -s%lld /dev/zero \'%s\' \'%s\'", ddrescue_options, input_offset, output_offset, data_size, destination_file, log_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:446:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return_value = system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:476:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "ddrescue --fill=-*/? %s -i%lld -o%lld -s%lld \'%s\' \'%s\' \'%s\'", ddrescue_options, input_offset, output_offset, data_size, fillfile, destination_file, log_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:477:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return_value = system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:505:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'.\' >> %s", rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:506:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:507:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'.......................................................................................................................\' >> %s", rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:508:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:509:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'%s\' >> %s", log_file, rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:510:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:511:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'%s\' >> %s", destination_file, rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:512:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:513:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "ddrescuelog -t -i%lld -s%lld \'%s\' >> %s", input_offset, data_size, log_file, rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:514:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:585:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (destination_file, "%s", source_bootsec_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:586:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (log_file, "%s.log", source_bootsec_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:613:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (destination_file, "%s", source_bootsec_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:614:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (log_file, "%s.log", source_bootsec_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:629:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (destination_file, "%s", source_bootsec_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:630:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (log_file, "%s.log", source_bootsec_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:646:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (destination_file, "%s", source_mft_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:647:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (log_file, "%s.log", source_mft_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:962:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (destination_file, "%s", source_bitmap_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1135:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (destination_file, "%s", source_bitmap_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1137:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (log_file, "_part%ld%s.log", part, source_bitmap_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1174:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "truncate -s %lld \'%s\'", (long long)ntfs_attribute.items.Attr.NonResident.n64RealSize, destination_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1177:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1234:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (destination_file, "%s", destination_log_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1383:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'.\' >> %s", rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1384:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1385:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'.......................................................................................................................\' >> %s", rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1386:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1387:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'%s\' >> %s", destination_log_file, rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1388:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1389:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "ddrescuelog -t \'%s\' >> %s", destination_log_file, rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1390:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1415:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (destination_file, "%s", mft_domain_log_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1480:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'.\' >> %s", rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1481:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1482:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'.......................................................................................................................\' >> %s", rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1483:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1484:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "echo \'%s\' >> %s", mft_domain_log_file, rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1485:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1486:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "ddrescuelog -t \'%s\' >> %s", mft_domain_log_file, rescue_report_file);
data/ddrutility-2.8/ddru_ntfsbitmap.c:1487:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (command);
data/ddrutility-2.8/ddru_ntfsfindbad.c:899:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (file_name_pt[output_lines], file_name);
data/ddrutility-2.8/ddru_ntfsfindbad.c:971:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (master_file_name_pt[master_list_count], file_name);
data/ddrutility-2.8/ddru_ntfsfindbad.c:1077:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_file_name, file_name_pt[i]);
data/ddrutility-2.8/ddru_ntfsfindbad.c:1119:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp_file_name, master_file_name_pt[p]);
data/ddrutility-2.8/ddru_ntfsfindbad.c:1121:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp_file_name, full_file_name);
data/ddrutility-2.8/ddru_ntfsfindbad.c:1122:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_file_name, temp_file_name);
data/ddrutility-2.8/ddru_diskutility.c:209:29: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
command_line_argument = getopt_long (argc, argv, "hvVIBdpPr:g:l:L:b:i:s:c:",
data/ddrutility-2.8/ddru_ntfsbitmap.c:161:29: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
command_line_argument = getopt_long (argc, argv, "hvDVg:i:o:m:r",
data/ddrutility-2.8/ddru_ntfsfindbad.c:169:29: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
command_line_argument = getopt_long (argc, argv, "hvDVe:i:n",
data/ddrutility-2.8/ddrutility.c:55:29: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
command_line_argument = getopt_long (argc, argv, "hv",
data/ddrutility-2.8/ddru_diskutility.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[30];
data/ddrutility-2.8/ddru_diskutility.c:131:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sense_buf[64];
data/ddrutility-2.8/ddru_diskutility.c:132:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scsi_cmd[16];
data/ddrutility-2.8/ddru_diskutility.c:144:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scsi_inquiry_buffer[256];
data/ddrutility-2.8/ddru_diskutility.c:145:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ata_inquiry_buffer[512];
data/ddrutility-2.8/ddru_diskutility.c:330:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_fd = open (source_disk, O_RDONLY | O_DIRECT);
data/ddrutility-2.8/ddru_diskutility.c:339:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_fd = open (source_disk, O_RDONLY);
data/ddrutility-2.8/ddru_diskutility.c:402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[20];
data/ddrutility-2.8/ddru_diskutility.c:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[80] = "/sys/block/\0";
data/ddrutility-2.8/ddru_diskutility.c:417:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (file_name, "/queue/max_sectors_kb");
data/ddrutility-2.8/ddru_diskutility.c:420:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pointer = fopen(file_name, "r");
data/ddrutility-2.8/ddru_diskutility.c:429:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[20];
data/ddrutility-2.8/ddru_diskutility.c:1133:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[12];
data/ddrutility-2.8/ddru_diskutility.c:1148:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &c, 12);
data/ddrutility-2.8/ddru_diskutility.c:1367:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[512];
data/ddrutility-2.8/ddru_diskutility.c:1368:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zero[512][8];
data/ddrutility-2.8/ddru_diskutility.c:1369:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char one[512][8];
data/ddrutility-2.8/ddru_ntfsbitmap.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[30];
data/ddrutility-2.8/ddru_ntfsbitmap.c:187:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mingap = atoi(optarg);
data/ddrutility-2.8/ddru_ntfsbitmap.c:245:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug_file = fopen(debugfile, "w");
data/ddrutility-2.8/ddru_ntfsbitmap.c:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file[256];
data/ddrutility-2.8/ddru_ntfsbitmap.c:285:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_fd = open (source_disk, O_RDONLY);
data/ddrutility-2.8/ddru_ntfsbitmap.c:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:303:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:350:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fill_file = fopen(fillfile, "wb");
data/ddrutility-2.8/ddru_ntfsbitmap.c:401:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[512];
data/ddrutility-2.8/ddru_ntfsbitmap.c:528:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readfile = fopen(input_file, "rb");
data/ddrutility-2.8/ddru_ntfsbitmap.c:583:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:584:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:611:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:612:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:627:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:628:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:644:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:663:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readfile = fopen(input_file, "rb");
data/ddrutility-2.8/ddru_ntfsbitmap.c:958:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:964:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writefile = fopen(destination_file, "wb");
data/ddrutility-2.8/ddru_ntfsbitmap.c:1000:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char len[8];
data/ddrutility-2.8/ddru_ntfsbitmap.c:1005:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char offs[8];
data/ddrutility-2.8/ddru_ntfsbitmap.c:1132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:1133:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:1173:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:1202:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readfile = fopen(input_file, "rb");
data/ddrutility-2.8/ddru_ntfsbitmap.c:1231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:1235:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writefile = fopen(destination_file, "w");
data/ddrutility-2.8/ddru_ntfsbitmap.c:1382:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:1412:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_file[255];
data/ddrutility-2.8/ddru_ntfsbitmap.c:1416:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writefile = fopen(destination_file, "w");
data/ddrutility-2.8/ddru_ntfsbitmap.c:1479:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[255];
data/ddrutility-2.8/ddru_ntfscommon.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribute_location[64];
data/ddrutility-2.8/ddru_ntfscommon.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mftfile[65336];
data/ddrutility-2.8/ddru_ntfscommon.h:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chFileSignature[4];
data/ddrutility-2.8/ddru_ntfscommon.h:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bootsectfile[512];
data/ddrutility-2.8/ddru_ntfscommon.h:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chJumpInstruction[3];
data/ddrutility-2.8/ddru_ntfscommon.h:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chOemID[4];
data/ddrutility-2.8/ddru_ntfscommon.h:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chDummy[4];
data/ddrutility-2.8/ddru_ntfscommon.h:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chBootstrapCode[426];
data/ddrutility-2.8/ddru_ntfscommon.h:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filenamedata[576];
data/ddrutility-2.8/ddru_ntfscommon.h:169:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[1024];
data/ddrutility-2.8/ddru_ntfsfindbad.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[30];
data/ddrutility-2.8/ddru_ntfsfindbad.c:90:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inode_data_type[8];
data/ddrutility-2.8/ddru_ntfsfindbad.c:244:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug_file = fopen(debugfile, "w");
data/ddrutility-2.8/ddru_ntfsfindbad.c:429:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readfile = fopen(log_file, "r");
data/ddrutility-2.8/ddru_ntfsfindbad.c:438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255];
data/ddrutility-2.8/ddru_ntfsfindbad.c:525:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readfile = fopen(source_disk, "rb");
data/ddrutility-2.8/ddru_ntfsfindbad.c:627:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readfile = fopen(source_disk, "rb");
data/ddrutility-2.8/ddru_ntfsfindbad.c:659:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readfile = fopen(source_disk, "rb");
data/ddrutility-2.8/ddru_ntfsfindbad.c:1048:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writefile = fopen(outputfile, "w");
data/ddrutility-2.8/ddru_ntfsfindbad.c:1058:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_file_name[32768];
data/ddrutility-2.8/ddru_ntfsfindbad.c:1059:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_name[32768];
data/ddrutility-2.8/ddru_ntfsfindbad.c:1513:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char len[8];
data/ddrutility-2.8/ddru_ntfsfindbad.c:1518:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char offs[8];
data/ddrutility-2.8/ddru_diskutility.c:872:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret_in = read (input_fd, buffer, buffer_size);
data/ddrutility-2.8/ddru_ntfsfindbad.c:1120:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_file_name, "/");
ANALYSIS SUMMARY:
Hits = 139
Lines analyzed = 5743 in approximately 0.27 seconds (21440 lines/second)
Physical Source Lines of Code (SLOC) = 4607
Hits@level = [0] 703 [1] 2 [2] 73 [3] 4 [4] 60 [5] 0
Hits@level+ = [0+] 842 [1+] 139 [2+] 137 [3+] 64 [4+] 60 [5+] 0
Hits/KSLOC@level+ = [0+] 182.765 [1+] 30.1715 [2+] 29.7374 [3+] 13.8919 [4+] 13.0237 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.