Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dmidecode-3.3/biosdecode.c Examining data/dmidecode-3.3/config.h Examining data/dmidecode-3.3/dmidecode.c Examining data/dmidecode-3.3/dmidecode.h Examining data/dmidecode-3.3/dmioem.c Examining data/dmidecode-3.3/dmioem.h Examining data/dmidecode-3.3/dmiopt.c Examining data/dmidecode-3.3/dmiopt.h Examining data/dmidecode-3.3/dmioutput.c Examining data/dmidecode-3.3/dmioutput.h Examining data/dmidecode-3.3/ownership.c Examining data/dmidecode-3.3/util.c Examining data/dmidecode-3.3/util.h Examining data/dmidecode-3.3/version.h Examining data/dmidecode-3.3/vpddecode.c Examining data/dmidecode-3.3/vpdopt.c Examining data/dmidecode-3.3/vpdopt.h Examining data/dmidecode-3.3/types.h FINAL RESULTS: data/dmidecode-3.3/dmidecode.c:235:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. off += sprintf(raw_data + off, i ? " %02X" : "%02X", data/dmidecode-3.3/dmidecode.c:255:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. off += sprintf(raw_data + off, data/dmidecode-3.3/dmidecode.c:1248:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. off += sprintf(voltage_str + off, data/dmidecode-3.3/dmidecode.c:1541:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. off += sprintf(type_str + off, data/dmidecode-3.3/dmidecode.c:1703:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. off += sprintf(type_str + off, data/dmidecode-3.3/dmidecode.c:2681:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. off += sprintf(list + off, off ? " %s" : "%s", data/dmidecode-3.3/dmidecode.c:2733:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. off += sprintf(list + off, off ? " %s" : "%s", data/dmidecode-3.3/dmidecode.c:3737:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(attr, "%s Address", addrstr); data/dmidecode-3.3/dmidecode.c:3742:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(attr, "%s Mask", addrstr); data/dmidecode-3.3/dmidecode.c:3765:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(attr, "%s Redfish Service Address", addrstr); data/dmidecode-3.3/dmidecode.c:3771:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(attr, "%s Redfish Service Mask", addrstr); data/dmidecode-3.3/dmioutput.c:32:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/dmidecode-3.3/dmioutput.c:42:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/dmidecode-3.3/dmioutput.c:58:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/dmidecode-3.3/dmioutput.c:70:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/dmidecode-3.3/dmioutput.c:82:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/dmidecode-3.3/dmioutput.c:98:3: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/dmidecode-3.3/dmioutput.c:112:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/dmidecode-3.3/dmioutput.c:134:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/dmidecode-3.3/biosdecode.c:620:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt_long(argc, argv, optstring, longopts, NULL)) != -1) data/dmidecode-3.3/dmiopt.c:285:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt_long(argc, argv, optstring, longopts, NULL)) != -1) data/dmidecode-3.3/ownership.c:125:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt_long(argc, argv, optstring, longopts, NULL)) != -1) data/dmidecode-3.3/vpdopt.c:105:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt_long(argc, argv, optstring, longopts, NULL)) != -1) data/dmidecode-3.3/dmidecode.c:225:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char raw_data[48]; data/dmidecode-3.3/dmidecode.c:274:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *unit[8] = { data/dmidecode-3.3/dmidecode.c:336:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *unit[4] = { data/dmidecode-3.3/dmidecode.c:1043:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *flags[32] = { data/dmidecode-3.3/dmidecode.c:1240:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char voltage_str[18]; data/dmidecode-3.3/dmidecode.c:1533:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_str[68]; data/dmidecode-3.3/dmidecode.c:1642:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *location[4] = { data/dmidecode-3.3/dmidecode.c:1695:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_str[70]; data/dmidecode-3.3/dmidecode.c:2151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr[16]; data/dmidecode-3.3/dmidecode.c:2156:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(attr, "Peer Device %hu", i); data/dmidecode-3.3/dmidecode.c:2215:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr[11]; data/dmidecode-3.3/dmidecode.c:2222:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(attr, "String %hu", i); data/dmidecode-3.3/dmidecode.c:2233:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr[11]; data/dmidecode-3.3/dmidecode.c:2240:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(attr, "Option %hu", i); data/dmidecode-3.3/dmidecode.c:2417:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr[16]; data/dmidecode-3.3/dmidecode.c:2424:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(attr, "Descriptor %hu", i + 1); data/dmidecode-3.3/dmidecode.c:2427:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(attr, "Data Format %hu", i + 1); data/dmidecode-3.3/dmidecode.c:2670:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char list[172]; /* Update length if you touch the array above */ data/dmidecode-3.3/dmidecode.c:2723:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char list[99]; /* Update length if you touch the array above */ data/dmidecode-3.3/dmidecode.c:3063:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time[15]; data/dmidecode-3.3/dmidecode.c:3068:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. off += sprintf(time + off, "%02X", p[0]); data/dmidecode-3.3/dmidecode.c:3072:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. off += sprintf(time + off, "-%02X", p[1]); data/dmidecode-3.3/dmidecode.c:3074:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. off += sprintf(time + off, "-*"); data/dmidecode-3.3/dmidecode.c:3076:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. off += sprintf(time + off, " %02X", p[2]); data/dmidecode-3.3/dmidecode.c:3078:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. off += sprintf(time + off, " *"); data/dmidecode-3.3/dmidecode.c:3080:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. off += sprintf(time + off, ":%02X", p[3]); data/dmidecode-3.3/dmidecode.c:3082:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. off += sprintf(time + off, ":*"); data/dmidecode-3.3/dmidecode.c:3084:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. off += sprintf(time + off, ":%02X", p[4]); data/dmidecode-3.3/dmidecode.c:3086:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. off += sprintf(time + off, ":*"); data/dmidecode-3.3/dmidecode.c:3388:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr[18]; data/dmidecode-3.3/dmidecode.c:3393:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(attr, "Device %hu Load", i); data/dmidecode-3.3/dmidecode.c:3397:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(attr, "Device %hu Handle", i); data/dmidecode-3.3/dmidecode.c:3670:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/dmidecode-3.3/dmidecode.c:3676:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr[38]; data/dmidecode-3.3/dmidecode.c:3970:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor_id[5]; data/dmidecode-3.3/dmidecode.c:5387:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crafted, buf, 32); data/dmidecode-3.3/dmidecode.c:5448:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crafted, buf, 32); data/dmidecode-3.3/dmidecode.c:5477:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crafted, buf, 16); data/dmidecode-3.3/dmidecode.c:5499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[64]; data/dmidecode-3.3/dmidecode.c:5501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[KENV_MVALLEN + 1]; data/dmidecode-3.3/dmidecode.c:5513:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((efi_systab = fopen(filename = "/sys/firmware/efi/systab", "r")) == NULL data/dmidecode-3.3/dmidecode.c:5514:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). && (efi_systab = fopen(filename = "/proc/efi/systab", "r")) == NULL) data/dmidecode-3.3/dmioem.c:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr[8]; data/dmidecode-3.3/dmioem.c:136:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(attr, "NIC %hu", id); data/dmidecode-3.3/util.c:108:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(filename, O_RDONLY)) == -1) data/dmidecode-3.3/util.c:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, n); data/dmidecode-3.3/util.c:184:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(devmem, O_RDONLY)) == -1) data/dmidecode-3.3/util.c:266:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(dumpfile, add ? "r+b" : "wb"); data/dmidecode-3.3/biosdecode.c:694:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bios_entries[i].anchor_len = strlen(bios_entries[i].anchor); data/dmidecode-3.3/dmidecode.c:130:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/dmidecode-3.3/dmidecode.c:139:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ascii_filter(bp, strlen(bp)); data/dmidecode-3.3/dmidecode.c:249:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int j, l = strlen(s) + 1; data/dmidecode-3.3/dmidecode.c:3070:10: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. off += sprintf(time + off, "*"); data/dmidecode-3.3/dmidecode.c:3795:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hlen = strlen(out_of_spec); data/dmidecode-3.3/dmioem.c:59:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/dmidecode-3.3/util.c:57:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, buf + r2, count - r2); ANALYSIS SUMMARY: Hits = 79 Lines analyzed = 8642 in approximately 0.26 seconds (32894 lines/second) Physical Source Lines of Code (SLOC) = 6488 Hits@level = [0] 170 [1] 8 [2] 48 [3] 4 [4] 19 [5] 0 Hits@level+ = [0+] 249 [1+] 79 [2+] 71 [3+] 23 [4+] 19 [5+] 0 Hits/KSLOC@level+ = [0+] 38.3785 [1+] 12.1763 [2+] 10.9433 [3+] 3.54501 [4+] 2.92848 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.