Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ekeyd-1.1.5/device/skeinwrap.c
Examining data/ekeyd-1.1.5/device/skein/skein.h
Examining data/ekeyd-1.1.5/device/skein/skein_port.h
Examining data/ekeyd-1.1.5/device/skein/brg_types.h
Examining data/ekeyd-1.1.5/device/skein/skein_block.c
Examining data/ekeyd-1.1.5/device/skein/skein.c
Examining data/ekeyd-1.1.5/device/skein/skein_iv.h
Examining data/ekeyd-1.1.5/device/skein/brg_endian.h
Examining data/ekeyd-1.1.5/device/skeinwrap.h
Examining data/ekeyd-1.1.5/device/frames/frame.h
Examining data/ekeyd-1.1.5/device/frames/pem.c
Examining data/ekeyd-1.1.5/device/frames/pem.h
Examining data/ekeyd-1.1.5/device/frames/frame.c
Examining data/ekeyd-1.1.5/host/keydb.c
Examining data/ekeyd-1.1.5/host/stats.c
Examining data/ekeyd-1.1.5/host/frame.h
Examining data/ekeyd-1.1.5/host/crc8.c
Examining data/ekeyd-1.1.5/host/ekey-setkey.c
Examining data/ekeyd-1.1.5/host/keydb.h
Examining data/ekeyd-1.1.5/host/stats.h
Examining data/ekeyd-1.1.5/host/crc8.h
Examining data/ekeyd-1.1.5/host/packet.c
Examining data/ekeyd-1.1.5/host/fds.c
Examining data/ekeyd-1.1.5/host/packet.h
Examining data/ekeyd-1.1.5/host/util.c
Examining data/ekeyd-1.1.5/host/fds.h
Examining data/ekeyd-1.1.5/host/util.h
Examining data/ekeyd-1.1.5/host/stream.c
Examining data/ekeyd-1.1.5/host/lstate.c
Examining data/ekeyd-1.1.5/host/egd-linux.c
Examining data/ekeyd-1.1.5/host/connection.c
Examining data/ekeyd-1.1.5/host/stream.h
Examining data/ekeyd-1.1.5/host/lstate.h
Examining data/ekeyd-1.1.5/host/ekeyd.c
Examining data/ekeyd-1.1.5/host/nonce.c
Examining data/ekeyd-1.1.5/host/daemonise.c
Examining data/ekeyd-1.1.5/host/connection.h
Examining data/ekeyd-1.1.5/host/foldback.c
Examining data/ekeyd-1.1.5/host/krnlop.c
Examining data/ekeyd-1.1.5/host/ekeyd.h
Examining data/ekeyd-1.1.5/host/nonce.h
Examining data/ekeyd-1.1.5/host/daemonise.h
Examining data/ekeyd-1.1.5/host/foldback.h
Examining data/ekeyd-1.1.5/host/krnlop.h
Examining data/ekeyd-1.1.5/host/ekey-ulusbd.c
Examining data/ekeyd-1.1.5/host/frame.c
FINAL RESULTS:
data/ekeyd-1.1.5/host/lstate.c:337:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(fname, uid, gid) < 0) {
data/ekeyd-1.1.5/host/lstate.c:353:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(fname, mode) < 0) {
data/ekeyd-1.1.5/host/ekey-setkey.c:242:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/ekeyd-1.1.5/host/ekey-setkey.c:250:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/ekeyd-1.1.5/host/ekeyd.c:248:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/ekeyd-1.1.5/host/ekeyd.c:255:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/ekeyd-1.1.5/host/keydb.c:115:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpkeyring_fname, keyring_fname);
data/ekeyd-1.1.5/host/egd-linux.c:315:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "vhH:p:D:b:S:r:t:")) != -1) {
data/ekeyd-1.1.5/host/ekey-setkey.c:210:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "vhnf:s:m:")) != -1) {
data/ekeyd-1.1.5/host/ekey-ulusbd.c:335:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "vhb:d:p:DP:")) != -1) {
data/ekeyd-1.1.5/host/ekeyd.c:230:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "vhf:p:")) != -1) {
data/ekeyd-1.1.5/device/frames/frame.c:19:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
extern void *memcpy(void*,const void*,size_t);
data/ekeyd-1.1.5/device/frames/frame.c:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char macbuf[32];
data/ekeyd-1.1.5/device/frames/frame.c:64:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nullkey[32];
data/ekeyd-1.1.5/device/frames/frame.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[64];
data/ekeyd-1.1.5/device/frames/frame.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[64];
data/ekeyd-1.1.5/device/frames/frame.c:89:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(argv[1]) > 0)
data/ekeyd-1.1.5/device/frames/frame.c:90:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max = atoi(argv[1]);
data/ekeyd-1.1.5/device/frames/pem.c:149:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pem_buffer[4096];
data/ekeyd-1.1.5/device/frames/pem.c:157:59: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
int pembytes = pem64_decode_bytes(pem_buffer, pemchars, bcopy);
data/ekeyd-1.1.5/device/frames/pem.c:161:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
assert(memcmp(bcopy, buffer, pembytes) == 0);
data/ekeyd-1.1.5/device/frames/pem.c:163:8: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
free(bcopy);
data/ekeyd-1.1.5/device/skein/skein.c:100:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->X,cfg.b,sizeof(cfg.b)); /* copy over into ctx->X[] */
data/ekeyd-1.1.5/device/skein/skein.c:148:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->b[ctx->h.bCnt],msg,n);
data/ekeyd-1.1.5/device/skein/skein.c:172:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->b[ctx->h.bCnt],msg,msgByteCnt);
data/ekeyd-1.1.5/device/skein/skein.c:209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */
data/ekeyd-1.1.5/device/skein/skein.c:300:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->X,cfg.b,sizeof(cfg.b)); /* copy over into ctx->X[] */
data/ekeyd-1.1.5/device/skein/skein.c:348:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->b[ctx->h.bCnt],msg,n);
data/ekeyd-1.1.5/device/skein/skein.c:372:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->b[ctx->h.bCnt],msg,msgByteCnt);
data/ekeyd-1.1.5/device/skein/skein.c:409:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */
data/ekeyd-1.1.5/device/skein/skein.c:497:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->X,cfg.b,sizeof(cfg.b)); /* copy over into ctx->X[] */
data/ekeyd-1.1.5/device/skein/skein.c:545:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->b[ctx->h.bCnt],msg,n);
data/ekeyd-1.1.5/device/skein/skein.c:569:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->b[ctx->h.bCnt],msg,msgByteCnt);
data/ekeyd-1.1.5/device/skein/skein.c:606:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */
data/ekeyd-1.1.5/device/skein/skein.c:699:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */
data/ekeyd-1.1.5/device/skein/skein.c:728:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */
data/ekeyd-1.1.5/device/skein/skein.c:757:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */
data/ekeyd-1.1.5/device/skein/skein_port.h:57:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define Skein_Put64_LSB_First(dst08,src64,bCnt) memcpy(dst08,src64,bCnt)
data/ekeyd-1.1.5/device/skein/skein_port.h:58:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define Skein_Get64_LSB_First(dst64,src08,wCnt) memcpy(dst64,src08,8*(wCnt))
data/ekeyd-1.1.5/device/skeinwrap.c:12:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char keybuf[44]; /* 12 bytes serial, 32 bytes secret */
data/ekeyd-1.1.5/host/connection.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[32];
data/ekeyd-1.1.5/host/connection.c:387:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char randbuffer_encbytes[32];
data/ekeyd-1.1.5/host/connection.c:393:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&session_state, &state->session_state, sizeof(EKeySkein));
data/ekeyd-1.1.5/host/connection.c:448:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->snum, snum, count);
data/ekeyd-1.1.5/host/daemonise.c:56:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDWR);
data/ekeyd-1.1.5/host/daemonise.c:101:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfile = fopen(pidfilename, "w");
data/ekeyd-1.1.5/host/egd-linux.c:83:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
random_fd = open("/dev/random", O_RDWR);
data/ekeyd-1.1.5/host/egd-linux.c:203:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[128];
data/ekeyd-1.1.5/host/egd-linux.c:227:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rndpool->buf, buffer, bread);
data/ekeyd-1.1.5/host/egd-linux.c:341:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blocks = atoi(optarg);
data/ekeyd-1.1.5/host/egd-linux.c:349:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_timeout = atoi(optarg);
data/ekeyd-1.1.5/host/egd-linux.c:357:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shannons = atoi(optarg);
data/ekeyd-1.1.5/host/ekey-setkey.c:119:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rs, s1, s1_l);
data/ekeyd-1.1.5/host/ekey-setkey.c:120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rs + s1_l, s2, s2_l);
data/ekeyd-1.1.5/host/ekey-setkey.c:254:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_path, DEVEKEY, 1 + strlen(DEVEKEY));
data/ekeyd-1.1.5/host/ekey-setkey.c:272:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[55];
data/ekeyd-1.1.5/host/ekey-setkey.c:357:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snum, data, res);
data/ekeyd-1.1.5/host/ekey-ulusbd.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char namebuffer[1024];
data/ekeyd-1.1.5/host/ekey-ulusbd.c:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa.sun_path, devpath, namelen);
data/ekeyd-1.1.5/host/ekey-ulusbd.c:175:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/ekeyd-1.1.5/host/ekey-ulusbd.c:250:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/ekeyd-1.1.5/host/keydb.c:60:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, ent->ltkey, 32);
data/ekeyd-1.1.5/host/keydb.c:89:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ent->snum, snum, 12);
data/ekeyd-1.1.5/host/keydb.c:94:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ent->ltkey, ltkey, 32);
data/ekeyd-1.1.5/host/keydb.c:116:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpkeyring_fname, ".tmp");
data/ekeyd-1.1.5/host/keydb.c:119:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(tmpkeyring_fname, O_CREAT | O_EXCL | O_WRONLY, 0600);
data/ekeyd-1.1.5/host/keydb.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/ekeyd-1.1.5/host/keydb.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snumpem[17];
data/ekeyd-1.1.5/host/keydb.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ltkeypem[45];
data/ekeyd-1.1.5/host/keydb.c:173:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(fname, "r");
data/ekeyd-1.1.5/host/krnlop.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rndpool->buf, buf, count);
data/ekeyd-1.1.5/host/krnlop.c:57:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR | O_NOCTTY);
data/ekeyd-1.1.5/host/krnlop.c:119:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR | O_NOCTTY);
data/ekeyd-1.1.5/host/nonce.c:52:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
noncefd = open("/dev/urandom", O_RDONLY);
data/ekeyd-1.1.5/host/packet.c:218:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, frame + 4, len);
data/ekeyd-1.1.5/host/stream.c:63:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saddr.sun_path, uri, namelen);
data/ekeyd-1.1.5/host/stream.c:80:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(uri, O_RDWR | O_NOCTTY);
data/ekeyd-1.1.5/host/stream.c:112:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(uri, O_RDWR | O_NOCTTY);
data/ekeyd-1.1.5/host/util.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hexa[16] = "0123456789ABCDEF";
data/ekeyd-1.1.5/host/util.c:20:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[128];
data/ekeyd-1.1.5/host/daemonise.c:50:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(pipefds[0], &pid, 1) < 0)
data/ekeyd-1.1.5/host/egd-linux.c:207:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bread = read(egd_fd, buffer, 128);
data/ekeyd-1.1.5/host/ekey-setkey.c:115:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1_l = strlen(s1);
data/ekeyd-1.1.5/host/ekey-setkey.c:116:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2_l = strlen(s2);
data/ekeyd-1.1.5/host/ekey-setkey.c:222:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mkey = extract_master_key(optarg, strlen(optarg));
data/ekeyd-1.1.5/host/ekey-setkey.c:253:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_path = calloc(1, 17 + strlen(DEVEKEY));
data/ekeyd-1.1.5/host/ekey-setkey.c:254:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(key_path, DEVEKEY, 1 + strlen(DEVEKEY));
data/ekeyd-1.1.5/host/ekey-setkey.c:288:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/ekeyd-1.1.5/host/ekey-ulusbd.c:30:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
data/ekeyd-1.1.5/host/ekey-ulusbd.c:129:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(devpath) + 1;
data/ekeyd-1.1.5/host/ekey-ulusbd.c:149:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sa.sun_len = strlen(devpath)
data/ekeyd-1.1.5/host/ekey-ulusbd.c:304:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(uds_client_fd, buffer, 1024);
data/ekeyd-1.1.5/host/keydb.c:109:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpkeyring_fname = malloc(strlen(keyring_fname) + 5);
data/ekeyd-1.1.5/host/krnlop.c:69:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream_state->estream_read = read;
data/ekeyd-1.1.5/host/krnlop.c:131:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream_state->estream_read = read;
data/ekeyd-1.1.5/host/nonce.c:60:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rd = read(noncefd, buff, count);
data/ekeyd-1.1.5/host/stream.c:30:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
data/ekeyd-1.1.5/host/stream.c:50:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(uri) + 1;
data/ekeyd-1.1.5/host/stream.c:65:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
saddr.sun_len = strlen(uri)
data/ekeyd-1.1.5/host/stream.c:125:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream_state->estream_read = read;
ANALYSIS SUMMARY:
Hits = 100
Lines analyzed = 7957 in approximately 0.26 seconds (30609 lines/second)
Physical Source Lines of Code (SLOC) = 5259
Hits@level = [0] 111 [1] 20 [2] 69 [3] 4 [4] 5 [5] 2
Hits@level+ = [0+] 211 [1+] 100 [2+] 80 [3+] 11 [4+] 7 [5+] 2
Hits/KSLOC@level+ = [0+] 40.1217 [1+] 19.015 [2+] 15.212 [3+] 2.09165 [4+] 1.33105 [5+] 0.3803
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.