Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/efax-0.9a/efax.c Examining data/efax-0.9a/efix.c Examining data/efax-0.9a/efaxlib.h Examining data/efax-0.9a/efaxlib.c Examining data/efax-0.9a/efaxmsg.h Examining data/efax-0.9a/efaxmsg.c Examining data/efax-0.9a/efaxio.h Examining data/efax-0.9a/efaxio.c Examining data/efax-0.9a/efaxos.h Examining data/efax-0.9a/efaxos.c FINAL RESULTS: data/efax-0.9a/efaxos.c:431:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod ( fname , 0444 ) ; data/efax-0.9a/efax.c:611:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( headerbuf, header, page, pages, page, pages, page, pages ) ; data/efax-0.9a/efax.c:1701:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( buf, c20 ? "+FIS=%d,%d,%d,%d" : "+FDIS=%d,%d,%d,%d", data/efax-0.9a/efax.c:1860:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( dsbuf, nowait ? "D%.126s;" : "D%.127s" , s ) ; data/efax-0.9a/efax.c:1988:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( buf, getty, crate, crate, crate, crate, crate, crate ) ; data/efax-0.9a/efax.c:1990:4: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl ( "/bin/sh" , "sh" , "-c" , buf , (void*) 0 ) ; data/efax-0.9a/efax.c:2007:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( buf, vcmd, f->fd, f->fd, f->fd, f->fd, f->fd, f->fd ) ; data/efax-0.9a/efax.c:2009:4: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl ( "/bin/sh" , "sh" , "-c" , buf , (void*) 0 ) ; data/efax-0.9a/efax.c:2137:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( buf, c20 ? "+FCC=%d,%d,%d,%d,%d,%d,%d,%d" : data/efax-0.9a/efax.c:2143:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( buf, c20 ? "+FLI=\"%.*s\"" : "+FLID=\"%.*s\"" , data/efax-0.9a/efax.c:2151:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( buf, c20 ? "+FPI=\"%.*s\"" : "+FCIG=\"%.*s\"" , data/efax-0.9a/efax.c:2341:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default : fprintf ( stderr, Usage, argv0 ) ; err = 2 ; break ; data/efax-0.9a/efax.c:2356:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( header = headerbuf, tmp, localid ) ; data/efax-0.9a/efaxio.c:249:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf ( buf, "AT%s\r", s ) ; data/efax-0.9a/efaxio.c:261:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( lresponse, buf ) ; data/efax-0.9a/efaxlib.c:1453:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( f->f, PSBEGIN, data/efax-0.9a/efaxlib.c:1457:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( f->f, PSPAGE, data/efax-0.9a/efaxlib.c:1787:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( f->f, PCLEND ) ; data/efax-0.9a/efaxlib.c:1790:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( f->f, PSPAGEEND ) ; data/efax-0.9a/efaxlib.c:1791:33: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if ( f->fname || page<0 ) fprintf ( f->f, PSEND, f->lastpageno ) ; data/efax-0.9a/efaxlib.c:1826:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( f->cfname, f->fname, page+1, page+1, page+1 ) ; data/efax-0.9a/efaxlib.c:1863:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( f->f, PCLBEGIN, (int) f->xres ) ; data/efax-0.9a/efaxmsg.c:70:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( p, i<127 ? "%c" : CNAMEFMT, i ) ; data/efax-0.9a/efaxmsg.c:144:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf( logfile[i], p, ap ) ; data/efax-0.9a/efaxos.h:68:12: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. extern int execl ( const char *path, const char *arg , ... ) ; data/efax-0.9a/efix.c:293:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. default : fprintf ( stderr, Usage, argv0 ) ; err = 2 ; break ; data/efax-0.9a/efax.c:194:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *capvaluestr [ NCAP ] [8] = { data/efax-0.9a/efax.c:222:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *c1cmd [ 2 ] [ 2 ] [ 8 ] = { data/efax-0.9a/efax.c:591:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char headerbuf [ MAXLINELEN ] ; data/efax-0.9a/efax.c:658:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( lastruns, runs, nr * sizeof(short) ) ; data/efax-0.9a/efax.c:1127:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remoteid [ IDLEN + 1 ] ; data/efax-0.9a/efax.c:1668:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [ CMDBUFSIZE ] ; data/efax-0.9a/efax.c:1858:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c, dsbuf [ 128 ], *p ; data/efax-0.9a/efax.c:1984:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [ MAXGETTY ] ; data/efax-0.9a/efax.c:2004:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [ MAXGETTY ] ; data/efax-0.9a/efax.c:2049:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [ CMDBUFSIZE ], model [ CMDBUFSIZE ] = "" ; data/efax-0.9a/efax.c:2050:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **p, *q, *modelq [2][4] = { { "+FMFR?", "+FMDL?", 0 }, data/efax-0.9a/efax.c:2106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *c1spstr [6] = { "24", "48", "72", "96", "121", "145" } ; data/efax-0.9a/efax.c:2164:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *icmd[3][ MAXICMD+1 ] = {{0},{0},{0}} ; /* initialization commands */ data/efax-0.9a/efax.c:2166:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *lkfile [ MAXLKFILE+1 ] = {0} ; /* lock file names */ data/efax-0.9a/efax.c:2217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localid [ IDLEN + 1 ] = DEFID ; data/efax-0.9a/efax.c:2229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnamepat [ EFAX_PATH_MAX ] ; data/efax-0.9a/efax.c:2258:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ( localid, "%*.*s", IDLEN, IDLEN, nxtoptarg ) ; data/efax-0.9a/efax.c:2353:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp [ MAXLINELEN ] ; data/efax-0.9a/efaxio.c:134:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char responses [ MAXRESPB ], *lresponse = responses ; data/efax-0.9a/efaxio.c:227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [ CMDBUFSIZE ], *p = "" ; data/efax-0.9a/efaxlib.c:349:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char right [ 9 ] = { data/efax-0.9a/efaxlib.c:425:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *iformatname [ NIFORMATS ] = IFORMATS ; data/efax-0.9a/efaxlib.c:426:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *oformatname [ NOFORMATS ] = OFORMATS ; data/efax-0.9a/efaxlib.c:427:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pformatname [ NPFORMATS ] = PFORMATS ; data/efax-0.9a/efaxlib.c:952:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [ MAXLINELEN ] ; data/efax-0.9a/efaxlib.c:1173:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f->f = fopen ( f->page->fname, (f->page->format == P_TEXT) ? "r" : "rb" ) ; data/efax-0.9a/efaxlib.c:1243:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( ! ( f->f = fopen ( *p, "rb" ) ) ) data/efax-0.9a/efaxlib.c:1493:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char last [ MAXBITS ] ; data/efax-0.9a/efaxlib.c:1537:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( last, buf, n ) ; data/efax-0.9a/efaxlib.c:1829:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f->f = fopen ( f->cfname, ( f->format == O_PS ) ? "w" : "wb+" ) ; data/efax-0.9a/efaxlib.c:1838:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( f->cfname, "standard output" ) ; data/efax-0.9a/efaxlib.c:1993:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fnames [2] = { 0, 0 } ; data/efax-0.9a/efaxlib.h:106:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *iformatname [ NIFORMATS ] ; data/efax-0.9a/efaxlib.h:107:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *oformatname [ NOFORMATS ] ; data/efax-0.9a/efaxlib.h:108:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *pformatname [ NPFORMATS ] ; data/efax-0.9a/efaxlib.h:153:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text [ MAXLINELEN ] ; /* TEXT: current string */ data/efax-0.9a/efaxlib.h:184:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cfname [ EFAX_PATH_MAX + 1 ] ; /* current file name */ data/efax-0.9a/efaxmsg.c:15:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *verb[NLOG] = { "ewin", "" } ; data/efax-0.9a/efaxmsg.c:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf [ MAXTSTAMP ] ; data/efax-0.9a/efaxmsg.c:58:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *cnametab [ 256 ] = { /* character names */ data/efax-0.9a/efaxmsg.c:63:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char names[ (127-32)*2 + 129*(CNAMELEN) ] ; data/efax-0.9a/efaxmsg.c:94:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char msgbuf [ NLOG ] [ MAXMSGBUF ] ; data/efax-0.9a/efaxos.c:313:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tinit ( f, open ( fname, O_RDWR | O_NDELAY | O_NOCTTY ), reverse, hwfc ) ; data/efax-0.9a/efaxos.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [ EFAX_PATH_MAX ] = "" ; data/efax-0.9a/efaxos.c:356:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( fname && ( f = fopen ( fname , "r" ) ) ) { data/efax-0.9a/efaxos.c:403:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p , buf [ EFAX_PATH_MAX ] = "" ; data/efax-0.9a/efaxos.c:414:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ( buf , "%.*sTMP..%05d" , dirlen , fname , (int) pid ) ; data/efax-0.9a/efaxos.c:415:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( ! ( f = fopen( buf, "w" ) ) ) data/efax-0.9a/efaxos.h:16:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char normalbits [ ] ; data/efax-0.9a/efaxos.h:40:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ibuf [ IBUFSIZE ] ; data/efax-0.9a/efix.c:99:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return p && *p ? atoi ( *p ) : -1 ; data/efax-0.9a/efix.c:241:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **ifnames, *ovfnames [ 2 ] = { 0, 0 } ; data/efax-0.9a/efax.c:2060:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat ( model, " " ) ; data/efax-0.9a/efax.c:2089:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat ( model, " " ) ; data/efax-0.9a/efax.c:2254:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen ( nxtoptarg ) > IDLEN ) data/efax-0.9a/efax.c:2256:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strspn ( nxtoptarg, " +0123456789" ) != strlen ( nxtoptarg ) ) data/efax-0.9a/efax.c:2383:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat ( fnamepat, ".%03d", EFAX_PATH_MAX - strlen ( fnamepat ) ) ; data/efax-0.9a/efax.c:2383:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat ( fnamepat, ".%03d", EFAX_PATH_MAX - strlen ( fnamepat ) ) ; data/efax-0.9a/efaxio.c:141:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lens = strlen ( s ) ; data/efax-0.9a/efaxio.c:142:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( p=responses ; p<lresponse ; p += strlen(p) + 1 ) { data/efax-0.9a/efaxio.c:147:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenr = strlen ( r ) ; data/efax-0.9a/efaxio.c:169:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( p=responses ; p<lresponse && !r ; p += strlen(p) + 1 ) data/efax-0.9a/efaxio.c:189:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( q = p+strlen(p)-1 ; q>=p && isspace(*q) ; q-- ) ; data/efax-0.9a/efaxio.c:191:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( n + strlen(buf) < len ) data/efax-0.9a/efaxio.c:192:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat ( buf, p, n ) ; data/efax-0.9a/efaxio.c:194:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat ( buf, p, len - strlen(buf) - 1 ) ; data/efax-0.9a/efaxio.c:194:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat ( buf, p, len - strlen(buf) - 1 ) ; data/efax-0.9a/efaxio.c:209:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while ( *p && strncmp ( *p+1, s, strlen ( *p+1 ) ) ) p++ ; data/efax-0.9a/efaxio.c:246:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(s) >= CMDBUFSIZE-4 ) { data/efax-0.9a/efaxio.c:250:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tput ( f, buf, strlen(buf) ) ; data/efax-0.9a/efaxio.c:260:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( resplen += strlen ( buf ) + 1 ) <= MAXRESPB ) { data/efax-0.9a/efaxio.c:262:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lresponse += strlen ( buf ) + 1 ; data/efax-0.9a/efaxlib.c:319:27: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( ! isdigit ( c = fgetc ( f->f ) ) && c >= 0 ) data/efax-0.9a/efaxlib.c:321:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( ( c = fgetc ( f->f ) ) != '\n' && c >= 0 ) ; data/efax-0.9a/efaxlib.c:326:27: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( isdigit ( c = fgetc ( f->f ) ) && c >= 0 ) data/efax-0.9a/efaxlib.c:468:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( ( c = fgetc ( f->f ) ) == EOF ) { data/efax-0.9a/efaxlib.c:530:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( ( c = fgetc ( f->f ) ) < 0 ) { data/efax-0.9a/efaxlib.c:535:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc ( f->f ) ; data/efax-0.9a/efaxlib.c:536:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( ( c = fgetc ( f->f ) ) < 0 ) { data/efax-0.9a/efaxlib.c:1033:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return fgetc ( f->f ) + fgetc ( f->f ) * 256 ; data/efax-0.9a/efaxlib.c:1033:27: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return fgetc ( f->f ) + fgetc ( f->f ) * 256 ; data/efax-0.9a/efaxlib.c:1056:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nc = fgetc ( f->f ) ; data/efax-0.9a/efaxmsg.c:71:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen ( p ) + 1 ; data/efax-0.9a/efaxos.c:134:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( ( n = read( f->fd, f->ibuf, IBUFSIZE ) ) < 0 ) data/efax-0.9a/efaxos.c:413:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = ( p = strrchr( fname , '/' ) ) ? p-fname+1 : strlen ( fname ) ; data/efax-0.9a/efix.c:170:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( ( c = fgetc ( stdin ) ) >= 0 ) { ANALYSIS SUMMARY: Hits = 112 Lines analyzed = 6691 in approximately 0.21 seconds (31515 lines/second) Physical Source Lines of Code (SLOC) = 4629 Hits@level = [0] 18 [1] 34 [2] 52 [3] 0 [4] 25 [5] 1 Hits@level+ = [0+] 130 [1+] 112 [2+] 78 [3+] 26 [4+] 26 [5+] 1 Hits/KSLOC@level+ = [0+] 28.0838 [1+] 24.1953 [2+] 16.8503 [3+] 5.61676 [4+] 5.61676 [5+] 0.216029 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.