Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gdisk-1.0.5/gpttext.h
Examining data/gdisk-1.0.5/gptcl.cc
Examining data/gdisk-1.0.5/gptcurses.h
Examining data/gdisk-1.0.5/sgdisk.cc
Examining data/gdisk-1.0.5/mbr.h
Examining data/gdisk-1.0.5/mbr.cc
Examining data/gdisk-1.0.5/diskio-unix.cc
Examining data/gdisk-1.0.5/gdisk.cc
Examining data/gdisk-1.0.5/gptpart.h
Examining data/gdisk-1.0.5/gptpart.cc
Examining data/gdisk-1.0.5/mbrpart.h
Examining data/gdisk-1.0.5/crc32.h
Examining data/gdisk-1.0.5/support.cc
Examining data/gdisk-1.0.5/basicmbr.cc
Examining data/gdisk-1.0.5/guid.h
Examining data/gdisk-1.0.5/diskio-windows.cc
Examining data/gdisk-1.0.5/parttypes.h
Examining data/gdisk-1.0.5/cgdisk.cc
Examining data/gdisk-1.0.5/crc32.cc
Examining data/gdisk-1.0.5/parttypes.cc
Examining data/gdisk-1.0.5/attributes.h
Examining data/gdisk-1.0.5/guid.cc
Examining data/gdisk-1.0.5/diskio.cc
Examining data/gdisk-1.0.5/gpt.h
Examining data/gdisk-1.0.5/basicmbr.h
Examining data/gdisk-1.0.5/fixparts.cc
Examining data/gdisk-1.0.5/mbrpart.cc
Examining data/gdisk-1.0.5/gptcurses.cc
Examining data/gdisk-1.0.5/diskio.h
Examining data/gdisk-1.0.5/bsd.h
Examining data/gdisk-1.0.5/attributes.cc
Examining data/gdisk-1.0.5/gpt.cc
Examining data/gdisk-1.0.5/gpttext.cc
Examining data/gdisk-1.0.5/gptcl.h
Examining data/gdisk-1.0.5/bsd.cc
Examining data/gdisk-1.0.5/support.h
FINAL RESULTS:
data/gdisk-1.0.5/support.cc:85:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
num = sscanf(line, "%" PRIu64, &response);
data/gdisk-1.0.5/support.h:37:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/gdisk-1.0.5/support.h:38:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strcpy strcpy_s
data/gdisk-1.0.5/support.h:39:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define sprintf sprintf_s
data/gdisk-1.0.5/guid.cc:31:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int) time(0));
data/gdisk-1.0.5/basicmbr.cc:50:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code, orig.code, 440);
data/gdisk-1.0.5/basicmbr.cc:107:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code, orig.code, 440);
data/gdisk-1.0.5/basicmbr.cc:382:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempMBR.code, code, 440);
data/gdisk-1.0.5/basicmbr.cc:569:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature1[9], signature2[9];
data/gdisk-1.0.5/diskio-unix.cc:62:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(realFilename.c_str(), O_RDONLY);
data/gdisk-1.0.5/diskio-unix.cc:118:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(realFilename.c_str(), O_WRONLY | O_CREAT, S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH);
data/gdisk-1.0.5/diskio-unix.cc:123:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(realFilename.c_str(), O_WRONLY | O_SHLOCK);
data/gdisk-1.0.5/diskio-unix.cc:359:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, tempSpace, numBytes);
data/gdisk-1.0.5/diskio-unix.cc:400:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempSpace, buffer, numBytes);
data/gdisk-1.0.5/gpt.cc:564:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, header, hSize);
data/gdisk-1.0.5/gpt.cc:566:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, header, sizeof(GPTHeader));
data/gdisk-1.0.5/gpt.h:58:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reserved2[GPT_RESERVED];
data/gdisk-1.0.5/gptcurses.cc:230:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[40];
data/gdisk-1.0.5/gptcurses.cc:327:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[NAME_SIZE + 1];
data/gdisk-1.0.5/gptcurses.cc:354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[NAME_SIZE + 1];
data/gdisk-1.0.5/gptcurses.cc:376:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[80] = "L\0";
data/gdisk-1.0.5/gptcurses.cc:435:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inLine[80];
data/gdisk-1.0.5/gptcurses.cc:474:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inLine[80];
data/gdisk-1.0.5/gptcurses.cc:506:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inLine[80];
data/gdisk-1.0.5/gptcurses.cc:519:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inLine[80];
data/gdisk-1.0.5/gptpart.cc:47:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, orig.name, NAME_SIZE * sizeof( name[ 0 ] ) );
data/gdisk-1.0.5/gptpart.cc:283:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, orig.name, NAME_SIZE * sizeof( name[ 0 ] ) );
data/gdisk-1.0.5/guid.cc:154:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuidData, &MsUuid, 16);
data/gdisk-1.0.5/guid.cc:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theString[40];
data/gdisk-1.0.5/guid.cc:181:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(theString,
data/gdisk-1.0.5/guid.h:27:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char my_uuid_t[16];
data/gdisk-1.0.5/support.cc:45:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char efiString[256];
data/gdisk-1.0.5/support.cc:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255];
data/gdisk-1.0.5/support.cc:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255];
data/gdisk-1.0.5/support.cc:323:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc[sizeof(uint32_t)];
data/gdisk-1.0.5/support.cc:340:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempValue, theValue, numBytes);
data/gdisk-1.0.5/diskio-unix.cc:358:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = read(fd, tempSpace, numBlocks * blockSize);
data/gdisk-1.0.5/support.cc:49:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringLength = strlen(efiString);
ANALYSIS SUMMARY:
Hits = 38
Lines analyzed = 12025 in approximately 0.33 seconds (36697 lines/second)
Physical Source Lines of Code (SLOC) = 8692
Hits@level = [0] 5 [1] 2 [2] 31 [3] 1 [4] 4 [5] 0
Hits@level+ = [0+] 43 [1+] 38 [2+] 36 [3+] 5 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 4.94708 [1+] 4.37184 [2+] 4.14174 [3+] 0.575242 [4+] 0.460193 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.