Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dwww-1.13.5/src/dwww-cache.c Examining data/dwww-1.13.5/src/dwww-quickfind.c Examining data/dwww-1.13.5/src/dwww-txt2html.c Examining data/dwww-1.13.5/src/utils.c Examining data/dwww-1.13.5/src/utils.h FINAL RESULTS: data/dwww-1.13.5/src/dwww-cache.c:785:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, buf_size, SPOOL_DIR "%c", tmp ? *tmp : '_'); data/dwww-1.13.5/src/dwww-txt2html.c:644:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(anchors[furis].url, anchors[furis-1].url); data/dwww-1.13.5/src/dwww-txt2html.c:693:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(url, dirs[i].dir); data/dwww-1.13.5/src/dwww-txt2html.c:702:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(url, urlenc(buf[i])); data/dwww-1.13.5/src/dwww-txt2html.c:767:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(url, prefix); data/dwww-1.13.5/src/dwww-txt2html.c:819:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(url, urlenc(buf[i])); data/dwww-1.13.5/src/dwww-txt2html.c:821:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(url, section); data/dwww-1.13.5/src/dwww-cache.c:237:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((o = getopt_long(argc, argv, "", opt, ind)) != EOF) data/dwww-1.13.5/src/dwww-cache.c:302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/dwww-1.13.5/src/dwww-cache.c:341:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prev_cached_file[BUF_SIZE]; data/dwww-1.13.5/src/dwww-cache.c:373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cached_file[BUF_SIZE]; data/dwww-1.13.5/src/dwww-cache.c:413:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/dwww-1.13.5/src/dwww-cache.c:452:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). db = open(CACHE_DB, O_RDONLY, 0644); data/dwww-1.13.5/src/dwww-cache.c:474:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const int db = open(CACHE_DB, O_RDWR | O_CREAT, 0664); data/dwww-1.13.5/src/dwww-cache.c:560:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*) &data->hdr, p, sizeof(data->hdr)); data/dwww-1.13.5/src/dwww-cache.c:664:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qq, (char*) &data[i].hdr, sizeof(data[i].hdr)); data/dwww-1.13.5/src/dwww-cache.c:667:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qq, data[i].original, n); data/dwww-1.13.5/src/dwww-cache.c:670:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qq, data[i].converted, n); data/dwww-1.13.5/src/dwww-cache.c:736:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const int fd = open(name, O_RDONLY); data/dwww-1.13.5/src/dwww-cache.c:749:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/dwww-1.13.5/src/dwww-cache.c:798:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const int fd = open(buf, O_CREAT | O_EXCL | O_RDWR, 0664); data/dwww-1.13.5/src/dwww-cache.c:869:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origname[BUF_SIZE]; data/dwww-1.13.5/src/dwww-cache.c:870:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cachedname[BUF_SIZE]; data/dwww-1.13.5/src/dwww-quickfind.c:115:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(dbfile, "w"); data/dwww-1.13.5/src/dwww-quickfind.c:179:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). f->type = atoi(type); data/dwww-1.13.5/src/dwww-quickfind.c:196:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(dbfile, "r"); data/dwww-1.13.5/src/dwww-quickfind.c:331:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * vtable[50]; data/dwww-1.13.5/src/dwww-txt2html.c:173:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url[BUF_SIZE]; data/dwww-1.13.5/src/dwww-txt2html.c:525:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[10]; data/dwww-1.13.5/src/dwww-txt2html.c:533:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%%%02x", c); data/dwww-1.13.5/src/dwww-txt2html.c:541:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[BUF_SIZE]; data/dwww-1.13.5/src/dwww-txt2html.c:542:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lowbuf[BUF_SIZE]; data/dwww-1.13.5/src/dwww-txt2html.c:789:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char section[256]; data/dwww-1.13.5/src/utils.c:28:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/null", O_RDONLY, 0644); data/dwww-1.13.5/src/dwww-cache.c:514:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(db, p, file_size) != (ssize_t)file_size) { data/dwww-1.13.5/src/dwww-cache.c:563:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p) + 1; data/dwww-1.13.5/src/dwww-cache.c:565:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p) + 1; data/dwww-1.13.5/src/dwww-cache.c:666:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(data[i].original) + 1; data/dwww-1.13.5/src/dwww-cache.c:669:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(data[i].converted) + 1; data/dwww-1.13.5/src/dwww-cache.c:720:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return sizeof(p->hdr) + strlen(p->original) + 1 + strlen(p->converted) + 1; data/dwww-1.13.5/src/dwww-cache.c:720:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return sizeof(p->hdr) + strlen(p->original) + 1 + strlen(p->converted) + 1; data/dwww-1.13.5/src/dwww-cache.c:729:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->original = orig + strlen(prefs[p->hdr.pref]); data/dwww-1.13.5/src/dwww-cache.c:758:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((n = read(from, buf, sizeof(buf))) > 0) { data/dwww-1.13.5/src/dwww-cache.c:902:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(s, prefs[i], strlen(prefs[i])) == 0) data/dwww-1.13.5/src/dwww-quickfind.c:243:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return p + strlen(tab[i].path); data/dwww-1.13.5/src/dwww-txt2html.c:392:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) != EOF) { data/dwww-1.13.5/src/dwww-txt2html.c:723:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *end = loc + strlen(uris[uri_no].pattern); data/dwww-1.13.5/src/dwww-txt2html.c:762:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = (int) strlen(prefix); data/dwww-1.13.5/src/dwww-txt2html.c:820:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(url, "/"); data/dwww-1.13.5/src/utils.c:25:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask((077 & umask(022)) | 022); data/dwww-1.13.5/src/utils.c:25:15: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask((077 & umask(022)) | 022); data/dwww-1.13.5/src/utils.c:55:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0143); data/dwww-1.13.5/src/utils.c:56:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(077 & umask(022) | 022); data/dwww-1.13.5/src/utils.c:56:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(077 & umask(022) | 022); data/dwww-1.13.5/src/utils.c:57:32: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). printf("%d:0%3o\n", getpid(), umask(022)); ANALYSIS SUMMARY: Hits = 55 Lines analyzed = 2359 in approximately 0.09 seconds (25085 lines/second) Physical Source Lines of Code (SLOC) = 1819 Hits@level = [0] 34 [1] 21 [2] 26 [3] 1 [4] 7 [5] 0 Hits@level+ = [0+] 89 [1+] 55 [2+] 34 [3+] 8 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 48.928 [1+] 30.2364 [2+] 18.6916 [3+] 4.39802 [4+] 3.84827 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.