Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/compat-redhat.h
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/compat.h
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_fifo.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ioctl.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ioctl.h
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_lru.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_main.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_mem.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_policy.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_policy.h
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_rand.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_setlru.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_setlru.h
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_subr.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ttc.c
Examining data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ttc.h
FINAL RESULTS:
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1581:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pathname, dmc->cache_name);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1606:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pathname, PROC_SYS_DIR_NAME);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1608:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pathname, dmc->cache_name);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1611:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pathname, path_component);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:790:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u_int32_t random; /* Use for random replacement policy */
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_devname[DEV_PATHLEN];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disk_devname[DEV_PATHLEN];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:255:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_name[DEV_PATHLEN];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssd_uuid[DEV_PATHLEN];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbn_bytes[3];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbn_bytes[3];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbn_bytes[7];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:550:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbn_bytes[7];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:773:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_devname[DEV_PATHLEN];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:774:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disk_devname[DEV_PATHLEN];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:775:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_name[DEV_PATHLEN];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:776:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_gendisk_name[DEV_PATHLEN]; /* Used for SSD failure checks */
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_srcdisk_name[DEV_PATHLEN]; /* Used for SRC failure checks */
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio.h:778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssd_uuid[DEV_PATHLEN];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ioctl.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cr_name[CACHE_NAME_SZ];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ioctl.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cr_src_devname[NAME_SZ];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ioctl.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cr_ssd_devname[NAME_SZ];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ioctl.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cr_ssd_uuid[NAME_SZ];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:2030:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ttc.c:767:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rem_mem + rem_offset, loc_mem + offset, bytes);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ttc.c:769:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loc_mem + offset, rem_mem + rem_offset, bytes);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:284:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sb->sbf.disk_devname, dmc->disk_devname, DEV_PATHLEN);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:285:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sb->sbf.cache_devname, dmc->cache_devname, DEV_PATHLEN);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:286:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sb->sbf.ssd_uuid, dmc->ssd_uuid, DEV_PATHLEN - 1);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:290:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sb->sbf.cache_name, dmc->cache_name, DEV_PATHLEN);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:1441:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dmc->cache_gendisk_name,
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:1454:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dmc->cache_srcdisk_name,
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:1498:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dmc->disk_devname, cache->cr_src_devname, DEV_PATHLEN);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:1516:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dmc->cache_devname, cache->cr_ssd_devname, DEV_PATHLEN);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:1519:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dmc->cache_name, cache->cr_name,
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:1529:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dmc->ssd_uuid, cache->cr_ssd_uuid, DEV_PATHLEN - 1);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:2148:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dmc->cache_devname, dev, DEV_PATHLEN);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_conf.c:2476:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(device_name);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1579:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathname = kzalloc(strlen(dmc->cache_name) + 1, GFP_KERNEL);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1602:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kzalloc(strlen(PROC_SYS_DIR_NAME) + 1 +
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1603:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dmc->cache_name) + 1 +
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1604:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path_component) + 1, GFP_KERNEL);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1607:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pathname, "/");
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_procfs.c:1610:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pathname, "/");
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_subr.c:378:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dev) >= DEV_PATHLEN) {
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ttc.c:553:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rec->cr_name, dmc->cache_name, sizeof(rec->cr_name) - 1);
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ttc.c:554:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rec->cr_src_devname, dmc->disk_devname,
data/enhanceio-0+git20190417.5815670/Driver/enhanceio/eio_ttc.c:556:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rec->cr_ssd_devname, dmc->cache_devname,
ANALYSIS SUMMARY:
Hits = 49
Lines analyzed = 14012 in approximately 0.34 seconds (41217 lines/second)
Physical Source Lines of Code (SLOC) = 9801
Hits@level = [0] 1 [1] 22 [2] 22 [3] 1 [4] 4 [5] 0
Hits@level+ = [0+] 50 [1+] 49 [2+] 27 [3+] 5 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 5.10152 [1+] 4.99949 [2+] 2.75482 [3+] 0.510152 [4+] 0.408122 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.