Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ekeyd-1.1.5/device/skeinwrap.c Examining data/ekeyd-1.1.5/device/skein/skein.h Examining data/ekeyd-1.1.5/device/skein/skein_port.h Examining data/ekeyd-1.1.5/device/skein/brg_types.h Examining data/ekeyd-1.1.5/device/skein/skein_block.c Examining data/ekeyd-1.1.5/device/skein/skein.c Examining data/ekeyd-1.1.5/device/skein/skein_iv.h Examining data/ekeyd-1.1.5/device/skein/brg_endian.h Examining data/ekeyd-1.1.5/device/skeinwrap.h Examining data/ekeyd-1.1.5/device/frames/frame.h Examining data/ekeyd-1.1.5/device/frames/pem.c Examining data/ekeyd-1.1.5/device/frames/pem.h Examining data/ekeyd-1.1.5/device/frames/frame.c Examining data/ekeyd-1.1.5/host/keydb.c Examining data/ekeyd-1.1.5/host/stats.c Examining data/ekeyd-1.1.5/host/frame.h Examining data/ekeyd-1.1.5/host/crc8.c Examining data/ekeyd-1.1.5/host/ekey-setkey.c Examining data/ekeyd-1.1.5/host/keydb.h Examining data/ekeyd-1.1.5/host/stats.h Examining data/ekeyd-1.1.5/host/crc8.h Examining data/ekeyd-1.1.5/host/packet.c Examining data/ekeyd-1.1.5/host/fds.c Examining data/ekeyd-1.1.5/host/packet.h Examining data/ekeyd-1.1.5/host/util.c Examining data/ekeyd-1.1.5/host/fds.h Examining data/ekeyd-1.1.5/host/util.h Examining data/ekeyd-1.1.5/host/stream.c Examining data/ekeyd-1.1.5/host/lstate.c Examining data/ekeyd-1.1.5/host/egd-linux.c Examining data/ekeyd-1.1.5/host/connection.c Examining data/ekeyd-1.1.5/host/stream.h Examining data/ekeyd-1.1.5/host/lstate.h Examining data/ekeyd-1.1.5/host/ekeyd.c Examining data/ekeyd-1.1.5/host/nonce.c Examining data/ekeyd-1.1.5/host/daemonise.c Examining data/ekeyd-1.1.5/host/connection.h Examining data/ekeyd-1.1.5/host/foldback.c Examining data/ekeyd-1.1.5/host/krnlop.c Examining data/ekeyd-1.1.5/host/ekeyd.h Examining data/ekeyd-1.1.5/host/nonce.h Examining data/ekeyd-1.1.5/host/daemonise.h Examining data/ekeyd-1.1.5/host/foldback.h Examining data/ekeyd-1.1.5/host/krnlop.h Examining data/ekeyd-1.1.5/host/ekey-ulusbd.c Examining data/ekeyd-1.1.5/host/frame.c FINAL RESULTS: data/ekeyd-1.1.5/host/lstate.c:337:9: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(fname, uid, gid) < 0) { data/ekeyd-1.1.5/host/lstate.c:353:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(fname, mode) < 0) { data/ekeyd-1.1.5/host/ekey-setkey.c:242:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/ekeyd-1.1.5/host/ekey-setkey.c:250:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/ekeyd-1.1.5/host/ekeyd.c:248:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/ekeyd-1.1.5/host/ekeyd.c:255:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/ekeyd-1.1.5/host/keydb.c:115:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpkeyring_fname, keyring_fname); data/ekeyd-1.1.5/host/egd-linux.c:315:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "vhH:p:D:b:S:r:t:")) != -1) { data/ekeyd-1.1.5/host/ekey-setkey.c:210:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "vhnf:s:m:")) != -1) { data/ekeyd-1.1.5/host/ekey-ulusbd.c:335:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "vhb:d:p:DP:")) != -1) { data/ekeyd-1.1.5/host/ekeyd.c:230:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "vhf:p:")) != -1) { data/ekeyd-1.1.5/device/frames/frame.c:19:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. extern void *memcpy(void*,const void*,size_t); data/ekeyd-1.1.5/device/frames/frame.c:30:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char macbuf[32]; data/ekeyd-1.1.5/device/frames/frame.c:64:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nullkey[32]; data/ekeyd-1.1.5/device/frames/frame.c:69:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[64]; data/ekeyd-1.1.5/device/frames/frame.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frame[64]; data/ekeyd-1.1.5/device/frames/frame.c:89:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(argv[1]) > 0) data/ekeyd-1.1.5/device/frames/frame.c:90:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max = atoi(argv[1]); data/ekeyd-1.1.5/device/frames/pem.c:149:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pem_buffer[4096]; data/ekeyd-1.1.5/device/frames/pem.c:157:59: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. int pembytes = pem64_decode_bytes(pem_buffer, pemchars, bcopy); data/ekeyd-1.1.5/device/frames/pem.c:161:17: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. assert(memcmp(bcopy, buffer, pembytes) == 0); data/ekeyd-1.1.5/device/frames/pem.c:163:8: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. free(bcopy); data/ekeyd-1.1.5/device/skein/skein.c:100:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->X,cfg.b,sizeof(cfg.b)); /* copy over into ctx->X[] */ data/ekeyd-1.1.5/device/skein/skein.c:148:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->b[ctx->h.bCnt],msg,n); data/ekeyd-1.1.5/device/skein/skein.c:172:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->b[ctx->h.bCnt],msg,msgByteCnt); data/ekeyd-1.1.5/device/skein/skein.c:209:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */ data/ekeyd-1.1.5/device/skein/skein.c:300:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->X,cfg.b,sizeof(cfg.b)); /* copy over into ctx->X[] */ data/ekeyd-1.1.5/device/skein/skein.c:348:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->b[ctx->h.bCnt],msg,n); data/ekeyd-1.1.5/device/skein/skein.c:372:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->b[ctx->h.bCnt],msg,msgByteCnt); data/ekeyd-1.1.5/device/skein/skein.c:409:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */ data/ekeyd-1.1.5/device/skein/skein.c:497:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->X,cfg.b,sizeof(cfg.b)); /* copy over into ctx->X[] */ data/ekeyd-1.1.5/device/skein/skein.c:545:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->b[ctx->h.bCnt],msg,n); data/ekeyd-1.1.5/device/skein/skein.c:569:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->b[ctx->h.bCnt],msg,msgByteCnt); data/ekeyd-1.1.5/device/skein/skein.c:606:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */ data/ekeyd-1.1.5/device/skein/skein.c:699:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */ data/ekeyd-1.1.5/device/skein/skein.c:728:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */ data/ekeyd-1.1.5/device/skein/skein.c:757:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->X,X,sizeof(X)); /* restore the counter mode key for next time */ data/ekeyd-1.1.5/device/skein/skein_port.h:57:49: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define Skein_Put64_LSB_First(dst08,src64,bCnt) memcpy(dst08,src64,bCnt) data/ekeyd-1.1.5/device/skein/skein_port.h:58:49: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define Skein_Get64_LSB_First(dst64,src08,wCnt) memcpy(dst64,src08,8*(wCnt)) data/ekeyd-1.1.5/device/skeinwrap.c:12:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char keybuf[44]; /* 12 bytes serial, 32 bytes secret */ data/ekeyd-1.1.5/host/connection.c:252:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[32]; data/ekeyd-1.1.5/host/connection.c:387:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char randbuffer_encbytes[32]; data/ekeyd-1.1.5/host/connection.c:393:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&session_state, &state->session_state, sizeof(EKeySkein)); data/ekeyd-1.1.5/host/connection.c:448:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->snum, snum, count); data/ekeyd-1.1.5/host/daemonise.c:56:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/null", O_RDWR); data/ekeyd-1.1.5/host/daemonise.c:101:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pidfile = fopen(pidfilename, "w"); data/ekeyd-1.1.5/host/egd-linux.c:83:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). random_fd = open("/dev/random", O_RDWR); data/ekeyd-1.1.5/host/egd-linux.c:203:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char buffer[128]; data/ekeyd-1.1.5/host/egd-linux.c:227:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rndpool->buf, buffer, bread); data/ekeyd-1.1.5/host/egd-linux.c:341:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). blocks = atoi(optarg); data/ekeyd-1.1.5/host/egd-linux.c:349:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). read_timeout = atoi(optarg); data/ekeyd-1.1.5/host/egd-linux.c:357:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shannons = atoi(optarg); data/ekeyd-1.1.5/host/ekey-setkey.c:119:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rs, s1, s1_l); data/ekeyd-1.1.5/host/ekey-setkey.c:120:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rs + s1_l, s2, s2_l); data/ekeyd-1.1.5/host/ekey-setkey.c:254:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key_path, DEVEKEY, 1 + strlen(DEVEKEY)); data/ekeyd-1.1.5/host/ekey-setkey.c:272:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[55]; data/ekeyd-1.1.5/host/ekey-setkey.c:357:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snum, data, res); data/ekeyd-1.1.5/host/ekey-ulusbd.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char namebuffer[1024]; data/ekeyd-1.1.5/host/ekey-ulusbd.c:146:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sa.sun_path, devpath, namelen); data/ekeyd-1.1.5/host/ekey-ulusbd.c:175:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/ekeyd-1.1.5/host/ekey-ulusbd.c:250:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/ekeyd-1.1.5/host/keydb.c:60:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, ent->ltkey, 32); data/ekeyd-1.1.5/host/keydb.c:89:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ent->snum, snum, 12); data/ekeyd-1.1.5/host/keydb.c:94:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ent->ltkey, ltkey, 32); data/ekeyd-1.1.5/host/keydb.c:116:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpkeyring_fname, ".tmp"); data/ekeyd-1.1.5/host/keydb.c:119:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(tmpkeyring_fname, O_CREAT | O_EXCL | O_WRONLY, 0600); data/ekeyd-1.1.5/host/keydb.c:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512]; data/ekeyd-1.1.5/host/keydb.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char snumpem[17]; data/ekeyd-1.1.5/host/keydb.c:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ltkeypem[45]; data/ekeyd-1.1.5/host/keydb.c:173:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(fname, "r"); data/ekeyd-1.1.5/host/krnlop.c:42:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rndpool->buf, buf, count); data/ekeyd-1.1.5/host/krnlop.c:57:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDWR | O_NOCTTY); data/ekeyd-1.1.5/host/krnlop.c:119:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDWR | O_NOCTTY); data/ekeyd-1.1.5/host/nonce.c:52:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). noncefd = open("/dev/urandom", O_RDONLY); data/ekeyd-1.1.5/host/packet.c:218:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, frame + 4, len); data/ekeyd-1.1.5/host/stream.c:63:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(saddr.sun_path, uri, namelen); data/ekeyd-1.1.5/host/stream.c:80:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(uri, O_RDWR | O_NOCTTY); data/ekeyd-1.1.5/host/stream.c:112:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(uri, O_RDWR | O_NOCTTY); data/ekeyd-1.1.5/host/util.c:14:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hexa[16] = "0123456789ABCDEF"; data/ekeyd-1.1.5/host/util.c:20:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char text[128]; data/ekeyd-1.1.5/host/daemonise.c:50:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(pipefds[0], &pid, 1) < 0) data/ekeyd-1.1.5/host/egd-linux.c:207:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bread = read(egd_fd, buffer, 128); data/ekeyd-1.1.5/host/ekey-setkey.c:115:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1_l = strlen(s1); data/ekeyd-1.1.5/host/ekey-setkey.c:116:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s2_l = strlen(s2); data/ekeyd-1.1.5/host/ekey-setkey.c:222:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mkey = extract_master_key(optarg, strlen(optarg)); data/ekeyd-1.1.5/host/ekey-setkey.c:253:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key_path = calloc(1, 17 + strlen(DEVEKEY)); data/ekeyd-1.1.5/host/ekey-setkey.c:254:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(key_path, DEVEKEY, 1 + strlen(DEVEKEY)); data/ekeyd-1.1.5/host/ekey-setkey.c:288:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/ekeyd-1.1.5/host/ekey-ulusbd.c:30:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path)) data/ekeyd-1.1.5/host/ekey-ulusbd.c:129:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(devpath) + 1; data/ekeyd-1.1.5/host/ekey-ulusbd.c:149:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sa.sun_len = strlen(devpath) data/ekeyd-1.1.5/host/ekey-ulusbd.c:304:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(uds_client_fd, buffer, 1024); data/ekeyd-1.1.5/host/keydb.c:109:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpkeyring_fname = malloc(strlen(keyring_fname) + 5); data/ekeyd-1.1.5/host/krnlop.c:69:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream_state->estream_read = read; data/ekeyd-1.1.5/host/krnlop.c:131:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream_state->estream_read = read; data/ekeyd-1.1.5/host/nonce.c:60:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rd = read(noncefd, buff, count); data/ekeyd-1.1.5/host/stream.c:30:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path)) data/ekeyd-1.1.5/host/stream.c:50:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(uri) + 1; data/ekeyd-1.1.5/host/stream.c:65:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). saddr.sun_len = strlen(uri) data/ekeyd-1.1.5/host/stream.c:125:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream_state->estream_read = read; ANALYSIS SUMMARY: Hits = 100 Lines analyzed = 7957 in approximately 0.26 seconds (30609 lines/second) Physical Source Lines of Code (SLOC) = 5259 Hits@level = [0] 111 [1] 20 [2] 69 [3] 4 [4] 5 [5] 2 Hits@level+ = [0+] 211 [1+] 100 [2+] 80 [3+] 11 [4+] 7 [5+] 2 Hits/KSLOC@level+ = [0+] 40.1217 [1+] 19.015 [2+] 15.212 [3+] 2.09165 [4+] 1.33105 [5+] 0.3803 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.