Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.h
Examining data/dlz-ldap-enum-1.1.0/bind98_dlz_dlopen.h
Examining data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c
Examining data/dlz-ldap-enum-1.1.0/sdlz_helper.c
Examining data/dlz-ldap-enum-1.1.0/sdlz_helper.h
FINAL RESULTS:
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:337:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(naptr_buf, NAPTR_BUFSIZE, NAPTR_TEMPLATE,
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:320:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qs, tseg->sql);
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:322:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qs, * (char**) tseg->sql); /* dynamic segment */
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:328:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(qs, tseg->sql);
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:331:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(qs, * (char**) tseg->sql);
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char naptr_buf[NAPTR_BUFSIZE + 1];
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:1173:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ldap_inst->default_ttl = atoi(argv[ARG_DEFAULT_TTL]);
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[255];
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:179:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ldap_url->lud_dn == NULL || strlen (ldap_url->lud_dn) < 1) {
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:453:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d = strlen(name) - strlen(_suffix);
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:453:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d = strlen(name) - strlen(_suffix);
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:483:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d = strlen(name);
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:642:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(record) != 1)
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:990:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d = strlen(name) - strlen(_suffix);
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:990:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d = strlen(name) - strlen(_suffix);
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:1093:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(argv[ARG_LDAP_VERSION], V2, strlen(V2)) == 0) {
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:1095:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncasecmp(argv[ARG_LDAP_VERSION], V3, strlen(V3)) == 0) {
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:1106:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(argv[ARG_LDAP_BIND_METHOD], SIMPLE, strlen(SIMPLE)) == 0) {
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:1108:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncasecmp(argv[ARG_LDAP_BIND_METHOD], KRB41, strlen(KRB41)) == 0) {
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:1110:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncasecmp(argv[ARG_LDAP_BIND_METHOD], KRB42, strlen(KRB42)) == 0) {
data/dlz-ldap-enum-1.1.0/dlz_ldap_enum_driver.c:1146:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[ARG_AUTHORITY]) > 0) {
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:126:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (query_str == NULL || strlen(query_str) < 1) {
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:181:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tseg->strlen = strlen(tseg->sql);
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:303:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += tseg->strlen;
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:305:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(* (char**) tseg->sql);
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:504:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key == NULL || input == NULL || strlen(input) < 1)
data/dlz-ldap-enum-1.1.0/sdlz_helper.c:507:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(key);
data/dlz-ldap-enum-1.1.0/sdlz_helper.h:61:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int strlen;
ANALYSIS SUMMARY:
Hits = 28
Lines analyzed = 2329 in approximately 0.11 seconds (20679 lines/second)
Physical Source Lines of Code (SLOC) = 1456
Hits@level = [0] 0 [1] 20 [2] 3 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 28 [1+] 28 [2+] 8 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 19.2308 [1+] 19.2308 [2+] 5.49451 [3+] 3.43407 [4+] 3.43407 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.