Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dwww-1.13.5/src/dwww-cache.c
Examining data/dwww-1.13.5/src/dwww-quickfind.c
Examining data/dwww-1.13.5/src/dwww-txt2html.c
Examining data/dwww-1.13.5/src/utils.c
Examining data/dwww-1.13.5/src/utils.h
FINAL RESULTS:
data/dwww-1.13.5/src/dwww-cache.c:785:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buf_size, SPOOL_DIR "%c", tmp ? *tmp : '_');
data/dwww-1.13.5/src/dwww-txt2html.c:644:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(anchors[furis].url, anchors[furis-1].url);
data/dwww-1.13.5/src/dwww-txt2html.c:693:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(url, dirs[i].dir);
data/dwww-1.13.5/src/dwww-txt2html.c:702:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(url, urlenc(buf[i]));
data/dwww-1.13.5/src/dwww-txt2html.c:767:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(url, prefix);
data/dwww-1.13.5/src/dwww-txt2html.c:819:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(url, urlenc(buf[i]));
data/dwww-1.13.5/src/dwww-txt2html.c:821:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(url, section);
data/dwww-1.13.5/src/dwww-cache.c:237:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((o = getopt_long(argc, argv, "", opt, ind)) != EOF)
data/dwww-1.13.5/src/dwww-cache.c:302:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/dwww-1.13.5/src/dwww-cache.c:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_cached_file[BUF_SIZE];
data/dwww-1.13.5/src/dwww-cache.c:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cached_file[BUF_SIZE];
data/dwww-1.13.5/src/dwww-cache.c:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/dwww-1.13.5/src/dwww-cache.c:452:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
db = open(CACHE_DB, O_RDONLY, 0644);
data/dwww-1.13.5/src/dwww-cache.c:474:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int db = open(CACHE_DB, O_RDWR | O_CREAT, 0664);
data/dwww-1.13.5/src/dwww-cache.c:560:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*) &data->hdr, p, sizeof(data->hdr));
data/dwww-1.13.5/src/dwww-cache.c:664:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qq, (char*) &data[i].hdr, sizeof(data[i].hdr));
data/dwww-1.13.5/src/dwww-cache.c:667:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qq, data[i].original, n);
data/dwww-1.13.5/src/dwww-cache.c:670:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qq, data[i].converted, n);
data/dwww-1.13.5/src/dwww-cache.c:736:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd = open(name, O_RDONLY);
data/dwww-1.13.5/src/dwww-cache.c:749:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/dwww-1.13.5/src/dwww-cache.c:798:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd = open(buf, O_CREAT | O_EXCL | O_RDWR, 0664);
data/dwww-1.13.5/src/dwww-cache.c:869:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origname[BUF_SIZE];
data/dwww-1.13.5/src/dwww-cache.c:870:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cachedname[BUF_SIZE];
data/dwww-1.13.5/src/dwww-quickfind.c:115:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(dbfile, "w");
data/dwww-1.13.5/src/dwww-quickfind.c:179:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f->type = atoi(type);
data/dwww-1.13.5/src/dwww-quickfind.c:196:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(dbfile, "r");
data/dwww-1.13.5/src/dwww-quickfind.c:331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * vtable[50];
data/dwww-1.13.5/src/dwww-txt2html.c:173:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[BUF_SIZE];
data/dwww-1.13.5/src/dwww-txt2html.c:525:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/dwww-1.13.5/src/dwww-txt2html.c:533:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%%%02x", c);
data/dwww-1.13.5/src/dwww-txt2html.c:541:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[BUF_SIZE];
data/dwww-1.13.5/src/dwww-txt2html.c:542:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lowbuf[BUF_SIZE];
data/dwww-1.13.5/src/dwww-txt2html.c:789:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[256];
data/dwww-1.13.5/src/utils.c:28:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDONLY, 0644);
data/dwww-1.13.5/src/dwww-cache.c:514:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(db, p, file_size) != (ssize_t)file_size) {
data/dwww-1.13.5/src/dwww-cache.c:563:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/dwww-1.13.5/src/dwww-cache.c:565:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/dwww-1.13.5/src/dwww-cache.c:666:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(data[i].original) + 1;
data/dwww-1.13.5/src/dwww-cache.c:669:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(data[i].converted) + 1;
data/dwww-1.13.5/src/dwww-cache.c:720:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sizeof(p->hdr) + strlen(p->original) + 1 + strlen(p->converted) + 1;
data/dwww-1.13.5/src/dwww-cache.c:720:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sizeof(p->hdr) + strlen(p->original) + 1 + strlen(p->converted) + 1;
data/dwww-1.13.5/src/dwww-cache.c:729:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->original = orig + strlen(prefs[p->hdr.pref]);
data/dwww-1.13.5/src/dwww-cache.c:758:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(from, buf, sizeof(buf))) > 0) {
data/dwww-1.13.5/src/dwww-cache.c:902:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, prefs[i], strlen(prefs[i])) == 0)
data/dwww-1.13.5/src/dwww-quickfind.c:243:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return p + strlen(tab[i].path);
data/dwww-1.13.5/src/dwww-txt2html.c:392:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(f)) != EOF) {
data/dwww-1.13.5/src/dwww-txt2html.c:723:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*end = loc + strlen(uris[uri_no].pattern);
data/dwww-1.13.5/src/dwww-txt2html.c:762:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int) strlen(prefix);
data/dwww-1.13.5/src/dwww-txt2html.c:820:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(url, "/");
data/dwww-1.13.5/src/utils.c:25:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask((077 & umask(022)) | 022);
data/dwww-1.13.5/src/utils.c:25:15: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask((077 & umask(022)) | 022);
data/dwww-1.13.5/src/utils.c:55:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0143);
data/dwww-1.13.5/src/utils.c:56:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077 & umask(022) | 022);
data/dwww-1.13.5/src/utils.c:56:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077 & umask(022) | 022);
data/dwww-1.13.5/src/utils.c:57:32: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
printf("%d:0%3o\n", getpid(), umask(022));
ANALYSIS SUMMARY:
Hits = 55
Lines analyzed = 2359 in approximately 0.09 seconds (25085 lines/second)
Physical Source Lines of Code (SLOC) = 1819
Hits@level = [0] 34 [1] 21 [2] 26 [3] 1 [4] 7 [5] 0
Hits@level+ = [0+] 89 [1+] 55 [2+] 34 [3+] 8 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 48.928 [1+] 30.2364 [2+] 18.6916 [3+] 4.39802 [4+] 3.84827 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.