stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/glib-networking-2.66.0/proxy/gnome/gnome-proxy-module.c
Examining data/glib-networking-2.66.0/proxy/gnome/gproxyresolvergnome.c
Examining data/glib-networking-2.66.0/proxy/gnome/gproxyresolvergnome.h
Examining data/glib-networking-2.66.0/proxy/libproxy/glibpacrunner.c
Examining data/glib-networking-2.66.0/proxy/libproxy/glibproxyresolver.c
Examining data/glib-networking-2.66.0/proxy/libproxy/glibproxyresolver.h
Examining data/glib-networking-2.66.0/proxy/libproxy/libproxy-module.c
Examining data/glib-networking-2.66.0/proxy/tests/common.c
Examining data/glib-networking-2.66.0/proxy/tests/gnome.c
Examining data/glib-networking-2.66.0/proxy/tests/libproxy.c
Examining data/glib-networking-2.66.0/tls/base/gtlsconnection-base.c
Examining data/glib-networking-2.66.0/tls/base/gtlsconnection-base.h
Examining data/glib-networking-2.66.0/tls/base/gtlsinputstream.c
Examining data/glib-networking-2.66.0/tls/base/gtlsinputstream.h
Examining data/glib-networking-2.66.0/tls/base/gtlslog.c
Examining data/glib-networking-2.66.0/tls/base/gtlslog.h
Examining data/glib-networking-2.66.0/tls/base/gtlsoutputstream.c
Examining data/glib-networking-2.66.0/tls/base/gtlsoutputstream.h
Examining data/glib-networking-2.66.0/tls/gnutls/gnutls-module.c
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsbackend-gnutls.c
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsbackend-gnutls.h
Examining data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.c
Examining data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.h
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.h
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsconnection-gnutls.c
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsconnection-gnutls.h
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsdatabase-gnutls.c
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsdatabase-gnutls.h
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsfiledatabase-gnutls.c
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsfiledatabase-gnutls.h
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsserverconnection-gnutls.c
Examining data/glib-networking-2.66.0/tls/gnutls/gtlsserverconnection-gnutls.h
Examining data/glib-networking-2.66.0/tls/openssl/gtlsbackend-openssl.c
Examining data/glib-networking-2.66.0/tls/openssl/gtlsbackend-openssl.h
Examining data/glib-networking-2.66.0/tls/openssl/gtlsbio.c
Examining data/glib-networking-2.66.0/tls/openssl/gtlsbio.h
Examining data/glib-networking-2.66.0/tls/openssl/gtlscertificate-openssl.c
Examining data/glib-networking-2.66.0/tls/openssl/gtlscertificate-openssl.h
Examining data/glib-networking-2.66.0/tls/openssl/gtlsclientconnection-openssl.c
Examining data/glib-networking-2.66.0/tls/openssl/gtlsclientconnection-openssl.h
Examining data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c
Examining data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.h
Examining data/glib-networking-2.66.0/tls/openssl/gtlsdatabase-openssl.c
Examining data/glib-networking-2.66.0/tls/openssl/gtlsdatabase-openssl.h
Examining data/glib-networking-2.66.0/tls/openssl/gtlsfiledatabase-openssl.c
Examining data/glib-networking-2.66.0/tls/openssl/gtlsfiledatabase-openssl.h
Examining data/glib-networking-2.66.0/tls/openssl/gtlsserverconnection-openssl.c
Examining data/glib-networking-2.66.0/tls/openssl/gtlsserverconnection-openssl.h
Examining data/glib-networking-2.66.0/tls/openssl/openssl-include.h
Examining data/glib-networking-2.66.0/tls/openssl/openssl-module.c
Examining data/glib-networking-2.66.0/tls/openssl/openssl-util.c
Examining data/glib-networking-2.66.0/tls/openssl/openssl-util.h
Examining data/glib-networking-2.66.0/tls/tests/certificate.c
Examining data/glib-networking-2.66.0/tls/tests/connection.c
Examining data/glib-networking-2.66.0/tls/tests/dtls-connection.c
Examining data/glib-networking-2.66.0/tls/tests/file-database.c
Examining data/glib-networking-2.66.0/tls/tests/mock-interaction.c
Examining data/glib-networking-2.66.0/tls/tests/mock-interaction.h

FINAL RESULTS:

data/glib-networking-2.66.0/tls/base/gtlsconnection-base.c:1953:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy (buffer, priv->app_data_buf->data, nread);
data/glib-networking-2.66.0/tls/base/gtlsconnection-base.c:2013:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (vec->buffer, priv->app_data_buf->data, count);
data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.c:600:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char san[500];
data/glib-networking-2.66.0/tls/gnutls/gtlsconnection-gnutls.c:889:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (vec->buffer, datum->data + total, count);
data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:387:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char error_str[256];                                                    \
data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:578:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char error_str[256];
data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:622:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char error_str[256];
data/glib-networking-2.66.0/tls/tests/connection.c:96:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];
data/glib-networking-2.66.0/tls/tests/connection.c:2205:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[1];
data/glib-networking-2.66.0/tls/tests/dtls-connection.c:94:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];
data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.c:190:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      data.size = strlen (string);
data/glib-networking-2.66.0/tls/gnutls/gtlscertificate-gnutls.c:241:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      data.size = strlen (string);
data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:195:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          gnutls->session_id = g_bytes_new_take (session_id, strlen (session_id));
data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:269:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (hostname[strlen (hostname) - 1] == '.')
data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:270:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        normalized_hostname[strlen (hostname) - 1] = '\0';
data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:273:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              normalized_hostname, strlen (normalized_hostname));
data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:358:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              if (hostname[strlen (hostname) - 1] == '.')
data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:359:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                normalized_hostname[strlen (hostname) - 1] = '\0';
data/glib-networking-2.66.0/tls/gnutls/gtlsclientconnection-gnutls.c:362:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      normalized_hostname, strlen (normalized_hostname));
data/glib-networking-2.66.0/tls/gnutls/gtlsconnection-gnutls.c:769:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          protocols[i].size = strlen (advertised_protocols[i]);
data/glib-networking-2.66.0/tls/openssl/gtlsbio.c:191:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  gssize read;
data/glib-networking-2.66.0/tls/openssl/gtlsbio.c:224:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return read;
data/glib-networking-2.66.0/tls/openssl/gtlsbio.c:231:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return gtls_bio_write (bio, str, (int)strlen (str));
data/glib-networking-2.66.0/tls/openssl/gtlscertificate-openssl.c:468:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return g_tls_X509_check_host (openssl->cert, hostname, strlen (hostname), 0, NULL) == 1;
data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:275:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          guint8 len = strlen (advertised_protocols[i]);
data/glib-networking-2.66.0/tls/openssl/gtlsconnection-openssl.c:341:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          guint8 len = strlen (advertised_protocols[i]);
data/glib-networking-2.66.0/tls/openssl/openssl-util.c:189:67:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
data/glib-networking-2.66.0/tls/openssl/openssl-util.c:376:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    equal_fn equal;
data/glib-networking-2.66.0/tls/openssl/openssl-util.c:401:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        chklen = strlen(chk);
data/glib-networking-2.66.0/tls/openssl/openssl-util.c:419:55:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if ((rv = do_check_string(cstr, alt_type, equal, flags,
data/glib-networking-2.66.0/tls/openssl/openssl-util.c:439:44:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        if ((rv = do_check_string(str, -1, equal, flags,
data/glib-networking-2.66.0/tls/openssl/openssl-util.c:457:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        chklen = strlen(chk);
data/glib-networking-2.66.0/tls/openssl/openssl-util.c:476:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        chklen = strlen((char *)chk);
data/glib-networking-2.66.0/tls/tests/dtls-connection.c:637:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      g_assert_cmpuint (strlen (check), ==, message.bytes_received);

ANALYSIS SUMMARY:

Hits = 34
Lines analyzed = 19484 in approximately 0.53 seconds (36932 lines/second)
Physical Source Lines of Code (SLOC) = 13869
Hits@level = [0]   0 [1]  24 [2]  10 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  34 [1+]  34 [2+]  10 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 2.45151 [1+] 2.45151 [2+] 0.721033 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.