Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/erlang-p1-tls-1.1.8/c_src/ioqueue.c Examining data/erlang-p1-tls-1.1.8/c_src/stdint.h Examining data/erlang-p1-tls-1.1.8/c_src/fast_tls.c Examining data/erlang-p1-tls-1.1.8/c_src/uthash.h Examining data/erlang-p1-tls-1.1.8/c_src/ioqueue.h Examining data/erlang-p1-tls-1.1.8/c_src/options.h Examining data/erlang-p1-tls-1.1.8/c_src/p1_sha.c FINAL RESULTS: data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:596:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "%s%s%08lx%s%s", cert_file, ciphers, data/erlang-p1-tls-1.1.8/c_src/uthash.h:505:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0) data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:411:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[len + 1]; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:473:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_string[256]; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:487:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(err.data, errstr, errstrlen); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:489:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(err.data + errstrlen, ": ", 2); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:490:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(err.data + 2 + errstrlen, error_string, error_string_length); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:595:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[key_size]; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:618:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_info->key, key, key_size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:720:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->cert_file, certfile_bin.data, certfile_bin.size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:722:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->ciphers, ciphers_bin.data, ciphers_bin.size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:724:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->dh_file, dhfile_bin.data, dhfile_bin.size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:726:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->ca_file, cafile_bin.data, cafile_bin.size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:728:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sni, sni_bin.data, sni_bin.size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1090:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->key, domain.data, domain.size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1091:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->file, file.data, file.size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[domain.size + 1]; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1116:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, domain.data, domain.size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[domain.size + 1]; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1140:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, domain.data, domain.size); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1147:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, info->file, strlen(info->file)); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1213:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bin.data, version, vl); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1215:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bin.data + vl + 1, cipher, cl); data/erlang-p1-tls-1.1.8/c_src/ioqueue.c:59:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(queue->buf + queue->size, buf, bytes); data/erlang-p1-tls-1.1.8/c_src/p1_sha.c:44:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) (out.data + 2*i), "%02x", in.data[i]); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:409:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(domain); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:452:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(state->cert_file) == 0) { data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:475:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t errstrlen = strlen(errstr); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:480:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). error_string_length = strlen(error_string), data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:593:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cert_file) + strlen(ciphers) + 8 + data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:593:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cert_file) + strlen(ciphers) + 8 + data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:594:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(dh_file) + strlen(ca_file) + 1; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:594:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(dh_file) + strlen(ca_file) + 1; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:603:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cert_file) == 0) cert_file = NULL; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:604:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dh_file) == 0) dh_file = NULL; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:605:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ca_file) == 0) ca_file = NULL; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:686:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). po_len_left = strlen((char *) po); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:768:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sni) > 0) SSL_set_tlsext_host_name(state->ssl, sni); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:840:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ERL_NIF_TERM read; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:841:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (get_decrypted_data(env, state, bytes_to_read, &read) == 2) { data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:843:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:849:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return enif_make_tuple2(env, write, read); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1145:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned char *tmp = enif_make_new_binary(env, strlen(info->file), &file); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1147:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(tmp, info->file, strlen(info->file)); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1208:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t vl = strlen(version); data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1209:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cl = strlen(cipher); data/erlang-p1-tls-1.1.8/c_src/uthash.h:95:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define uthash_strlen(s) strlen(s) ANALYSIS SUMMARY: Hits = 47 Lines analyzed = 3007 in approximately 0.10 seconds (30350 lines/second) Physical Source Lines of Code (SLOC) = 2386 Hits@level = [0] 1 [1] 22 [2] 23 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 48 [1+] 47 [2+] 25 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 20.1174 [1+] 19.6982 [2+] 10.4778 [3+] 0.838223 [4+] 0.838223 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.