Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/erlang-p1-tls-1.1.8/c_src/ioqueue.c
Examining data/erlang-p1-tls-1.1.8/c_src/stdint.h
Examining data/erlang-p1-tls-1.1.8/c_src/fast_tls.c
Examining data/erlang-p1-tls-1.1.8/c_src/uthash.h
Examining data/erlang-p1-tls-1.1.8/c_src/ioqueue.h
Examining data/erlang-p1-tls-1.1.8/c_src/options.h
Examining data/erlang-p1-tls-1.1.8/c_src/p1_sha.c
FINAL RESULTS:
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:596:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s%s%08lx%s%s", cert_file, ciphers,
data/erlang-p1-tls-1.1.8/c_src/uthash.h:505:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:411:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[len + 1];
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[256];
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:487:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(err.data, errstr, errstrlen);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:489:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(err.data + errstrlen, ": ", 2);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:490:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(err.data + 2 + errstrlen, error_string, error_string_length);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[key_size];
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:618:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_info->key, key, key_size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:720:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->cert_file, certfile_bin.data, certfile_bin.size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:722:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->ciphers, ciphers_bin.data, ciphers_bin.size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:724:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->dh_file, dhfile_bin.data, dhfile_bin.size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:726:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->ca_file, cafile_bin.data, cafile_bin.size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:728:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sni, sni_bin.data, sni_bin.size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1090:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->key, domain.data, domain.size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1091:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->file, file.data, file.size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[domain.size + 1];
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, domain.data, domain.size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[domain.size + 1];
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, domain.data, domain.size);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1147:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, info->file, strlen(info->file));
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin.data, version, vl);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin.data + vl + 1, cipher, cl);
data/erlang-p1-tls-1.1.8/c_src/ioqueue.c:59:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(queue->buf + queue->size, buf, bytes);
data/erlang-p1-tls-1.1.8/c_src/p1_sha.c:44:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *) (out.data + 2*i), "%02x", in.data[i]);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:409:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(domain);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:452:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(state->cert_file) == 0) {
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:475:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t errstrlen = strlen(errstr);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:480:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
error_string_length = strlen(error_string),
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:593:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cert_file) + strlen(ciphers) + 8 +
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:593:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cert_file) + strlen(ciphers) + 8 +
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:594:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dh_file) + strlen(ca_file) + 1;
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:594:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dh_file) + strlen(ca_file) + 1;
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:603:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cert_file) == 0) cert_file = NULL;
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:604:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dh_file) == 0) dh_file = NULL;
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:605:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ca_file) == 0) ca_file = NULL;
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:686:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
po_len_left = strlen((char *) po);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:768:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sni) > 0) SSL_set_tlsext_host_name(state->ssl, sni);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:840:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERL_NIF_TERM read;
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:841:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (get_decrypted_data(env, state, bytes_to_read, &read) == 2) {
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:843:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:849:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return enif_make_tuple2(env, write, read);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1145:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned char *tmp = enif_make_new_binary(env, strlen(info->file), &file);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1147:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(tmp, info->file, strlen(info->file));
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1208:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t vl = strlen(version);
data/erlang-p1-tls-1.1.8/c_src/fast_tls.c:1209:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cl = strlen(cipher);
data/erlang-p1-tls-1.1.8/c_src/uthash.h:95:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define uthash_strlen(s) strlen(s)
ANALYSIS SUMMARY:
Hits = 47
Lines analyzed = 3007 in approximately 0.10 seconds (30350 lines/second)
Physical Source Lines of Code (SLOC) = 2386
Hits@level = [0] 1 [1] 22 [2] 23 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 48 [1+] 47 [2+] 25 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 20.1174 [1+] 19.6982 [2+] 10.4778 [3+] 0.838223 [4+] 0.838223 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.