Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/efibootmgr-17/src/efi.c Examining data/efibootmgr-17/src/efibootdump.c Examining data/efibootmgr-17/src/efibootnext.c Examining data/efibootmgr-17/src/eficonman.c Examining data/efibootmgr-17/src/error.h Examining data/efibootmgr-17/src/fix_coverity.h Examining data/efibootmgr-17/src/include/efi.h Examining data/efibootmgr-17/src/include/efibootmgr.h Examining data/efibootmgr-17/src/include/list.h Examining data/efibootmgr-17/src/include/unparse_path.h Examining data/efibootmgr-17/src/unparse_path.c Examining data/efibootmgr-17/src/efibootmgr.c FINAL RESULTS: data/efibootmgr-17/src/efi.c:148:10: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. lnksz = readlink(inbuf, outbuf, sizeof outbuf); data/efibootmgr-17/src/efi.c:181:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ifr.ifr_name, iface); data/efibootmgr-17/src/efibootmgr.c:632:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fmt, prefix); data/efibootmgr-17/src/efibootmgr.c:637:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. rc = sscanf(var->name, fmt, &num); data/efibootmgr-17/src/efibootmgr.c:693:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. size = vfprintf(stderr, fmt, ap); data/efibootmgr-17/src/error.h:82:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/efibootmgr-17/src/error.h:99:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/efibootmgr-17/src/error.h:115:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/efibootmgr-17/src/error.h:132:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/efibootmgr-17/src/error.h:147:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/efibootmgr-17/src/error.h:161:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/efibootmgr-17/src/efibootmgr.c:1344:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, data/efibootmgr-17/src/efi.c:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[64], outbuf[128]; data/efibootmgr-17/src/efi.c:445:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_out, data, data_size); data/efibootmgr-17/src/efibootdump.c:231:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/efibootmgr-17/src/efibootmgr.c:422:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data+1, old_data, order->data_size); data/efibootmgr-17/src/efibootmgr.c:580:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/efibootmgr-17/src/efibootmgr.c:629:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[30]; data/efibootmgr-17/src/efibootmgr.c:633:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fmt, "%04X-%*s"); data/efibootmgr-17/src/efibootmgr.c:829:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data, data, data_size); data/efibootmgr-17/src/efibootmgr.c:830:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data + (data_size / sizeof (*new_data)), bo.data, data/efibootmgr-17/src/efibootmgr.c:843:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data + j, new_data + j + 1, data/efibootmgr-17/src/unparse_path.c:38:39: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define get(buf, obj) *(typeof(obj) *)memcpy(buf, &obj, sizeof(obj)) data/efibootmgr-17/src/efi.c:54:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t plen = strlen(prefix); data/efibootmgr-17/src/efibootmgr.c:628:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t plen = strlen(prefix); data/efibootmgr-17/src/efibootmgr.c:709:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(buffer); ANALYSIS SUMMARY: Hits = 26 Lines analyzed = 3647 in approximately 0.13 seconds (27422 lines/second) Physical Source Lines of Code (SLOC) = 2828 Hits@level = [0] 120 [1] 3 [2] 11 [3] 1 [4] 10 [5] 1 Hits@level+ = [0+] 146 [1+] 26 [2+] 23 [3+] 12 [4+] 11 [5+] 1 Hits/KSLOC@level+ = [0+] 51.6266 [1+] 9.19378 [2+] 8.13296 [3+] 4.24328 [4+] 3.88967 [5+] 0.353607 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.