Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/glib-networking-2.66.0/proxy/gnome/gnome-proxy-module.c Examining data/glib-networking-2.66.0/proxy/gnome/gproxyresolvergnome.c Examining data/glib-networking-2.66.0/proxy/gnome/gproxyresolvergnome.h Examining data/glib-networking-2.66.0/proxy/libproxy/glibpacrunner.c Examining data/glib-networking-2.66.0/proxy/libproxy/glibproxyresolver.c Examining data/glib-networking-2.66.0/proxy/libproxy/glibproxyresolver.h Examining data/glib-networking-2.66.0/proxy/libproxy/libproxy-module.c Examining data/glib-networking-2.66.0/proxy/tests/common.c Examining data/glib-networking-2.66.0/proxy/tests/gnome.c Examining data/glib-networking-2.66.0/proxy/tests/libproxy.c Examining data/glib-networking-2.66.0/tls/base/gtlsconnection-base.c Examining data/glib-networking-2.66.0/tls/base/gtlsconnection-base.h Examining data/glib-networking-2.66.0/tls/base/gtlsinputstream.c Examining data/glib-networking-2.66.0/tls/base/gtlsinputstream.h Examining data/glib-networking-2.66.0/tls/base/gtlslog.c Examining data/glib-networking-2.66.0/tls/base/gtlslog.h Examining data/glib-networking-2.66.0/tls/base/gtlsoutputstream.c Examining data/glib-networking-2.66.0/tls/base/gtlsoutputstream.h Examining data/glib-networking-2.66.0/tls/gnutls/gnutls-module.c Examining data/glib-networking-2.66.0/tls/gnutls/gtlsbackend-gnutls.c Examining data/glib-networking-2.66.0/tls/gnutls/gtlsbackend-gnutls.h Examining data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.c Examining data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.h Examining data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c Examining data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.h Examining data/glib-networking-2.66.0/tls/gnutls/gtlsconnection-gnutls.c Examining data/glib-networking-2.66.0/tls/gnutls/gtlsconnection-gnutls.h Examining data/glib-networking-2.66.0/tls/gnutls/gtlsdatabase-gnutls.c Examining data/glib-networking-2.66.0/tls/gnutls/gtlsdatabase-gnutls.h Examining data/glib-networking-2.66.0/tls/gnutls/gtlsfiledatabase-gnutls.c Examining data/glib-networking-2.66.0/tls/gnutls/gtlsfiledatabase-gnutls.h Examining data/glib-networking-2.66.0/tls/gnutls/gtlsserverconnection-gnutls.c Examining data/glib-networking-2.66.0/tls/gnutls/gtlsserverconnection-gnutls.h Examining data/glib-networking-2.66.0/tls/openssl/gtlsbackend-openssl.c Examining data/glib-networking-2.66.0/tls/openssl/gtlsbackend-openssl.h Examining data/glib-networking-2.66.0/tls/openssl/gtlsbio.c Examining data/glib-networking-2.66.0/tls/openssl/gtlsbio.h Examining data/glib-networking-2.66.0/tls/openssl/gtlscertificate-openssl.c Examining data/glib-networking-2.66.0/tls/openssl/gtlscertificate-openssl.h Examining data/glib-networking-2.66.0/tls/openssl/gtlsclientconnection-openssl.c Examining data/glib-networking-2.66.0/tls/openssl/gtlsclientconnection-openssl.h Examining data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c Examining data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.h Examining data/glib-networking-2.66.0/tls/openssl/gtlsdatabase-openssl.c Examining data/glib-networking-2.66.0/tls/openssl/gtlsdatabase-openssl.h Examining data/glib-networking-2.66.0/tls/openssl/gtlsfiledatabase-openssl.c Examining data/glib-networking-2.66.0/tls/openssl/gtlsfiledatabase-openssl.h Examining data/glib-networking-2.66.0/tls/openssl/gtlsserverconnection-openssl.c Examining data/glib-networking-2.66.0/tls/openssl/gtlsserverconnection-openssl.h Examining data/glib-networking-2.66.0/tls/openssl/openssl-include.h Examining data/glib-networking-2.66.0/tls/openssl/openssl-module.c Examining data/glib-networking-2.66.0/tls/openssl/openssl-util.c Examining data/glib-networking-2.66.0/tls/openssl/openssl-util.h Examining data/glib-networking-2.66.0/tls/tests/certificate.c Examining data/glib-networking-2.66.0/tls/tests/connection.c Examining data/glib-networking-2.66.0/tls/tests/dtls-connection.c Examining data/glib-networking-2.66.0/tls/tests/file-database.c Examining data/glib-networking-2.66.0/tls/tests/mock-interaction.c Examining data/glib-networking-2.66.0/tls/tests/mock-interaction.h FINAL RESULTS: data/glib-networking-2.66.0/tls/base/gtlsconnection-base.c:1953:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, priv->app_data_buf->data, nread); data/glib-networking-2.66.0/tls/base/gtlsconnection-base.c:2013:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vec->buffer, priv->app_data_buf->data, count); data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.c:600:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char san[500]; data/glib-networking-2.66.0/tls/gnutls/gtlsconnection-gnutls.c:889:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vec->buffer, datum->data + total, count); data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:387:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_str[256]; \ data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:578:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_str[256]; data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:622:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_str[256]; data/glib-networking-2.66.0/tls/tests/connection.c:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/glib-networking-2.66.0/tls/tests/connection.c:2205:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1]; data/glib-networking-2.66.0/tls/tests/dtls-connection.c:94:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.c:190:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data.size = strlen (string); data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.c:241:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data.size = strlen (string); data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:195:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gnutls->session_id = g_bytes_new_take (session_id, strlen (session_id)); data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:269:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (hostname[strlen (hostname) - 1] == '.') data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:270:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). normalized_hostname[strlen (hostname) - 1] = '\0'; data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:273:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). normalized_hostname, strlen (normalized_hostname)); data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:358:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (hostname[strlen (hostname) - 1] == '.') data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:359:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). normalized_hostname[strlen (hostname) - 1] = '\0'; data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:362:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). normalized_hostname, strlen (normalized_hostname)); data/glib-networking-2.66.0/tls/gnutls/gtlsconnection-gnutls.c:769:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). protocols[i].size = strlen (advertised_protocols[i]); data/glib-networking-2.66.0/tls/openssl/gtlsbio.c:191:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gssize read; data/glib-networking-2.66.0/tls/openssl/gtlsbio.c:224:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/glib-networking-2.66.0/tls/openssl/gtlsbio.c:231:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return gtls_bio_write (bio, str, (int)strlen (str)); data/glib-networking-2.66.0/tls/openssl/gtlscertificate-openssl.c:468:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return g_tls_X509_check_host (openssl->cert, hostname, strlen (hostname), 0, NULL) == 1; data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:275:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint8 len = strlen (advertised_protocols[i]); data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:341:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint8 len = strlen (advertised_protocols[i]); data/glib-networking-2.66.0/tls/openssl/openssl-util.c:189:67: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, data/glib-networking-2.66.0/tls/openssl/openssl-util.c:376:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal_fn equal; data/glib-networking-2.66.0/tls/openssl/openssl-util.c:401:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). chklen = strlen(chk); data/glib-networking-2.66.0/tls/openssl/openssl-util.c:419:55: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((rv = do_check_string(cstr, alt_type, equal, flags, data/glib-networking-2.66.0/tls/openssl/openssl-util.c:439:44: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ((rv = do_check_string(str, -1, equal, flags, data/glib-networking-2.66.0/tls/openssl/openssl-util.c:457:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). chklen = strlen(chk); data/glib-networking-2.66.0/tls/openssl/openssl-util.c:476:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). chklen = strlen((char *)chk); data/glib-networking-2.66.0/tls/tests/dtls-connection.c:637:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_assert_cmpuint (strlen (check), ==, message.bytes_received); ANALYSIS SUMMARY: Hits = 34 Lines analyzed = 19484 in approximately 0.53 seconds (36932 lines/second) Physical Source Lines of Code (SLOC) = 13869 Hits@level = [0] 0 [1] 24 [2] 10 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 34 [1+] 34 [2+] 10 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.45151 [1+] 2.45151 [2+] 0.721033 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.