Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/grdesktop-0.23+d040330/src/optbox.h
Examining data/grdesktop-0.23+d040330/src/btnbox.h
Examining data/grdesktop-0.23+d040330/src/main.h
Examining data/grdesktop-0.23+d040330/src/options.h
Examining data/grdesktop-0.23+d040330/src/srvsel.h
Examining data/grdesktop-0.23+d040330/src/run.c
Examining data/grdesktop-0.23+d040330/src/rdpparse.h
Examining data/grdesktop-0.23+d040330/src/rdpparse.c
Examining data/grdesktop-0.23+d040330/src/global.h
Examining data/grdesktop-0.23+d040330/src/main.c
Examining data/grdesktop-0.23+d040330/src/options.c
Examining data/grdesktop-0.23+d040330/src/btnbox.c
Examining data/grdesktop-0.23+d040330/src/optbox.c
Examining data/grdesktop-0.23+d040330/src/srvsel.c
Examining data/grdesktop-0.23+d040330/src/run.h
Examining data/grdesktop-0.23+d040330/src/sshbox.c
Examining data/grdesktop-0.23+d040330/src/sshbox.h
FINAL RESULTS:
data/grdesktop-0.23+d040330/src/rdpparse.c:140:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tmpbuf);
data/grdesktop-0.23+d040330/src/main.c:193:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, "shv")) != -1) {
data/grdesktop-0.23+d040330/src/options.c:542:34: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
licence_path = g_build_filename(g_get_home_dir(), ".rdesktop", NULL);
data/grdesktop-0.23+d040330/src/options.c:73:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iwidth = atoi(split[0]);
data/grdesktop-0.23+d040330/src/options.c:74:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iheight = atoi(split[1]);
data/grdesktop-0.23+d040330/src/rdpparse.c:34:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "w");
data/grdesktop-0.23+d040330/src/rdpparse.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_BUF];
data/grdesktop-0.23+d040330/src/rdpparse.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[2];
data/grdesktop-0.23+d040330/src/rdpparse.c:100:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/grdesktop-0.23+d040330/src/rdpparse.c:213:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch(atoi(colorstr)) {
data/grdesktop-0.23+d040330/src/rdpparse.c:253:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(value) == 2)
data/grdesktop-0.23+d040330/src/btnbox.c:98:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(SHASH("hostname")) <= 0) {
data/grdesktop-0.23+d040330/src/options.c:254:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(newitem) > 0) { /* make sure the current hostname is first */
data/grdesktop-0.23+d040330/src/options.c:397:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(SHASH("username"))) {
data/grdesktop-0.23+d040330/src/options.c:551:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *hostname = &entry->d_name[strlen(prefix)];
data/grdesktop-0.23+d040330/src/options.c:562:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(entry->d_name) <= strlen(prefix))
data/grdesktop-0.23+d040330/src/options.c:562:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(entry->d_name) <= strlen(prefix))
data/grdesktop-0.23+d040330/src/rdpparse.c:123:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parse_line(g_strndup(line, sizeof(char)*(strlen(line)-1)));
data/grdesktop-0.23+d040330/src/rdpparse.c:132:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(file);
data/grdesktop-0.23+d040330/src/rdpparse.c:156:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(line) <= 0)
data/grdesktop-0.23+d040330/src/run.c:51:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(SHASH("clientname") && (strlen(SHASH("clientname")) > 0))
data/grdesktop-0.23+d040330/src/run.c:101:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!SHASH("sshhost") || strlen(SHASH("sshhost")) <= 0) {
data/grdesktop-0.23+d040330/src/run.c:107:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(SHASH("sshuser") && (strlen(SHASH("sshuser")) > 0)) {
ANALYSIS SUMMARY:
Hits = 23
Lines analyzed = 3701 in approximately 0.12 seconds (30762 lines/second)
Physical Source Lines of Code (SLOC) = 2711
Hits@level = [0] 26 [1] 12 [2] 8 [3] 2 [4] 1 [5] 0
Hits@level+ = [0+] 49 [1+] 23 [2+] 11 [3+] 3 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 18.0745 [1+] 8.48395 [2+] 4.05754 [3+] 1.1066 [4+] 0.368868 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.