Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gost-crypto-0.3.3/crypto/gost28147.h Examining data/gost-crypto-0.3.3/crypto/gosthash94.h Examining data/gost-crypto-0.3.3/crypto/kuznyechik.h Examining data/gost-crypto-0.3.3/crypto/magma.h Examining data/gost-crypto-0.3.3/crypto/streebog.h Examining data/gost-crypto-0.3.3/gost-test-main.c Examining data/gost-crypto-0.3.3/gost-test.h Examining data/gost-crypto-0.3.3/gost28147_basic.c Examining data/gost-crypto-0.3.3/gost28147_int.h Examining data/gost-crypto-0.3.3/gost28147_modes.c Examining data/gost-crypto-0.3.3/gost28147_param.h Examining data/gost-crypto-0.3.3/gosthash94_generic.c Examining data/gost-crypto-0.3.3/kuznyechik_generic.c Examining data/gost-crypto-0.3.3/kuztable.h Examining data/gost-crypto-0.3.3/magma_generic.c Examining data/gost-crypto-0.3.3/streebog_generic.c Examining data/gost-crypto-0.3.3/testmgr.c Examining data/gost-crypto-0.3.3/testmgr.h FINAL RESULTS: data/gost-crypto-0.3.3/gost28147_basic.c:262:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, newkey, sizeof(newkey)); data/gost-crypto-0.3.3/gost28147_basic.c:373:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sctx->buffer + partial, data, p); data/gost-crypto-0.3.3/gost28147_basic.c:390:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sctx->buffer + partial, data, len); data/gost-crypto-0.3.3/gost28147_modes.c:59:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src1, size); data/gost-crypto-0.3.3/gost28147_modes.c:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(walk->iv, iv, bsize); data/gost-crypto-0.3.3/gost28147_modes.c:188:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(walk->iv, iv, bsize); data/gost-crypto-0.3.3/gost28147_modes.c:266:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(walk->iv, iv, bsize); data/gost-crypto-0.3.3/gost28147_modes.c:282:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iv, src, bsize); data/gost-crypto-0.3.3/gosthash94_generic.c:275:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->message + index, msg, data/gost-crypto-0.3.3/gosthash94_generic.c:292:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->message, msg, length); data/gost-crypto-0.3.3/kuznyechik_generic.c:26:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src1, size); data/gost-crypto-0.3.3/kuznyechik_generic.c:80:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, &kuz_table_inv[0][b[0] * 16], KUZNYECHIK_BLOCK_SIZE); data/gost-crypto-0.3.3/kuznyechik_generic.c:102:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, &kuz_table[0][(b[0] ^ c[0]) * 16], KUZNYECHIK_BLOCK_SIZE); data/gost-crypto-0.3.3/kuznyechik_generic.c:124:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, &kuz_table_inv_LS[0][b[0] * 16], KUZNYECHIK_BLOCK_SIZE); data/gost-crypto-0.3.3/kuznyechik_generic.c:174:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->key, in_key, 32); data/gost-crypto-0.3.3/streebog_generic.c:1044:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->hash, &ctx->h, sizeof(struct streebog_uint512)); data/gost-crypto-0.3.3/streebog_generic.c:1057:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->buffer[ctx->fillsize], data, chunksize); data/gost-crypto-0.3.3/streebog_generic.c:1075:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->buffer, data, len); data/gost-crypto-0.3.3/streebog_generic.c:1088:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, &ctx->hash.qword[4], STREEBOG256_DIGEST_SIZE); data/gost-crypto-0.3.3/streebog_generic.c:1090:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, &ctx->hash.qword[0], STREEBOG512_DIGEST_SIZE); data/gost-crypto-0.3.3/testmgr.c:163:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int testmgr_alloc_buf(char *buf[XBUFSIZE]) data/gost-crypto-0.3.3/testmgr.c:182:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void testmgr_free_buf(char *buf[XBUFSIZE]) data/gost-crypto-0.3.3/testmgr.c:221:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state + statesize, guard, sizeof(guard)); data/gost-crypto-0.3.3/testmgr.c:245:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hash_buff, template->plaintext + temp, data/gost-crypto-0.3.3/testmgr.c:287:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xbuf[XBUFSIZE]; data/gost-crypto-0.3.3/testmgr.c:325:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hash_buff, template[i].plaintext, template[i].psize); data/gost-crypto-0.3.3/testmgr.c:336:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, template[i].key, template[i].ksize); data/gost-crypto-0.3.3/testmgr.c:418:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xbuf[IDX[k] >> PAGE_SHIFT] + data/gost-crypto-0.3.3/testmgr.c:434:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, template[i].key, template[i].ksize); data/gost-crypto-0.3.3/testmgr.c:478:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hash_buff, template[i].plaintext, data/gost-crypto-0.3.3/testmgr.c:490:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, template[i].key, template[i].ksize); data/gost-crypto-0.3.3/testmgr.c:601:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xbuf[XBUFSIZE]; data/gost-crypto-0.3.3/testmgr.c:602:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xoutbuf[XBUFSIZE]; data/gost-crypto-0.3.3/testmgr.c:603:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *axbuf[XBUFSIZE]; data/gost-crypto-0.3.3/testmgr.c:667:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(input, template[i].input, template[i].ilen); data/gost-crypto-0.3.3/testmgr.c:668:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(assoc, template[i].assoc, template[i].alen); data/gost-crypto-0.3.3/testmgr.c:670:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iv, template[i].iv, iv_len); data/gost-crypto-0.3.3/testmgr.c:685:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, template[i].key, template[i].klen); data/gost-crypto-0.3.3/testmgr.c:771:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iv, template[i].iv, iv_len); data/gost-crypto-0.3.3/testmgr.c:784:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, template[i].key, template[i].klen); data/gost-crypto-0.3.3/testmgr.c:807:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(axbuf[IDX[k] >> PAGE_SHIFT] + data/gost-crypto-0.3.3/testmgr.c:826:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, template[i].input + temp, template[i].tap[k]); data/gost-crypto-0.3.3/testmgr.c:1006:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xbuf[XBUFSIZE]; data/gost-crypto-0.3.3/testmgr.c:1034:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, input, template[i].len); data/gost-crypto-0.3.3/testmgr.c:1094:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iv[MAX_IVLEN]; data/gost-crypto-0.3.3/testmgr.c:1095:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xbuf[XBUFSIZE]; data/gost-crypto-0.3.3/testmgr.c:1096:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xoutbuf[XBUFSIZE]; data/gost-crypto-0.3.3/testmgr.c:1137:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iv, template[i].iv, ivsize); data/gost-crypto-0.3.3/testmgr.c:1150:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, input, template[i].len); data/gost-crypto-0.3.3/testmgr.c:1216:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iv, template[i].iv, ivsize); data/gost-crypto-0.3.3/testmgr.c:1249:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, input + temp, template[i].tap[k]); data/gost-crypto-0.3.3/testmgr.c:1546:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a_public, sg_virt(req->dst), out_len_max); data/gost-crypto-0.3.3/testmgr.c:1565:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(input_buf, vec->b_public, vec->b_public_size); data/gost-crypto-0.3.3/testmgr.c:1586:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size); data/gost-crypto-0.3.3/testmgr.c:1677:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xbuf[XBUFSIZE]; data/gost-crypto-0.3.3/testmgr.c:1713:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xbuf[0], vecs->m, vecs->m_size); data/gost-crypto-0.3.3/testmgr.c:1759:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xbuf[0], vecs->c, vecs->c_size); data/gost-crypto-0.3.3/testmgr.c:2131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nalg[CRYPTO_MAX_ALG_NAME]; data/gost-crypto-0.3.3/testmgr.h:40:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tap[MAX_TAP]; data/gost-crypto-0.3.3/testmgr.h:87:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tap[MAX_TAP]; data/gost-crypto-0.3.3/testmgr.h:88:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char atap[MAX_TAP]; data/gost-crypto-0.3.3/testmgr.h:152:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char zeroed_string[48]; ANALYSIS SUMMARY: Hits = 62 Lines analyzed = 22004 in approximately 1.88 seconds (11700 lines/second) Physical Source Lines of Code (SLOC) = 20924 Hits@level = [0] 1 [1] 0 [2] 62 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 63 [1+] 62 [2+] 62 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.0109 [1+] 2.9631 [2+] 2.9631 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.