Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gupnp-1.2.4/examples/light-client.c
Examining data/gupnp-1.2.4/examples/light-server.c
Examining data/gupnp-1.2.4/libgupnp/gena-protocol.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-acl-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-acl.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-acl.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-connman-manager.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-connman-manager.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-context-manager.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-context-manager.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-context-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-context.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-context.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-control-point.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-control-point.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-device-info-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-device-info.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-device-info.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-device-proxy.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-device-proxy.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-device.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-device.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-error-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-error.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-error.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-linux-context-manager.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-linux-context-manager.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-network-manager.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-network-manager.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-resource-factory-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-resource-factory.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-resource-factory.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-root-device.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-root-device.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-info.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-info.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-introspection-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-introspection.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-introspection.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-proxy-action-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-proxy-action.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-proxy-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-service.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-service.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-simple-context-manager.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-simple-context-manager.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-types-private.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-types.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-types.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-unix-context-manager.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-unix-context-manager.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-uuid.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-white-list.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-white-list.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-windows-context-manager.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-windows-context-manager.h
Examining data/gupnp-1.2.4/libgupnp/gupnp-xml-doc.c
Examining data/gupnp-1.2.4/libgupnp/gupnp-xml-doc.h
Examining data/gupnp-1.2.4/libgupnp/gupnp.h
Examining data/gupnp-1.2.4/libgupnp/gvalue-util.c
Examining data/gupnp-1.2.4/libgupnp/gvalue-util.h
Examining data/gupnp-1.2.4/libgupnp/http-headers.c
Examining data/gupnp-1.2.4/libgupnp/http-headers.h
Examining data/gupnp-1.2.4/libgupnp/xml-util.c
Examining data/gupnp-1.2.4/libgupnp/xml-util.h
Examining data/gupnp-1.2.4/subprojects/guul/guul.c
Examining data/gupnp-1.2.4/subprojects/guul/guul.h
Examining data/gupnp-1.2.4/tests/gtest/test-bugs.c
Examining data/gupnp-1.2.4/tests/gtest/test-context.c
Examining data/gupnp-1.2.4/tests/test-browsing.c
Examining data/gupnp-1.2.4/tests/test-introspection.c
Examining data/gupnp-1.2.4/tests/test-proxy.c
Examining data/gupnp-1.2.4/tests/test-server.c
Examining data/gupnp-1.2.4/tests/test-white-list.c
FINAL RESULTS:
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:1799:35: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
timeout = g_random_int_range (1, timeout / 2);
data/gupnp-1.2.4/libgupnp/gupnp-control-point.c:396:36: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
searched_version = (guint) atol (searched_version_ptr + 1);
data/gupnp-1.2.4/libgupnp/gupnp-control-point.c:400:35: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
current_version = (guint) atol (current_version_ptr + 1);
data/gupnp-1.2.4/libgupnp/gupnp-device-info.c:1010:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
query_ver = atoi (query);
data/gupnp-1.2.4/libgupnp/gupnp-device-info.c:1011:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
base_ver = atoi (colon);
data/gupnp-1.2.4/libgupnp/gupnp-linux-context-manager.c:86:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recvbuf[8196];
data/gupnp-1.2.4/libgupnp/gupnp-linux-context-manager.c:117:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gupnp-1.2.4/libgupnp/gupnp-linux-context-manager.c:157:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii[17] = { 0 };
data/gupnp-1.2.4/libgupnp/gupnp-linux-context-manager.c:158:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[49] = { 0 };
data/gupnp-1.2.4/libgupnp/gupnp-linux-context-manager.c:250:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char essid[IW_ESSID_MAX_SIZE + 1];
data/gupnp-1.2.4/libgupnp/gupnp-linux-context-manager.c:446:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:1787:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi (hdr + strlen ("Second-"));
data/gupnp-1.2.4/libgupnp/gvalue-util.c:102:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (str);
data/gupnp-1.2.4/libgupnp/gvalue-util.c:121:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (str);
data/gupnp-1.2.4/libgupnp/gvalue-util.c:166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[G_ASCII_DTOSTR_BUF_SIZE];
data/gupnp-1.2.4/libgupnp/http-headers.c:301:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536];
data/gupnp-1.2.4/libgupnp/xml-util.c:82:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi ((char *) content);
data/gupnp-1.2.4/libgupnp/gupnp-context.c:883:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
requested_path += strlen (host_path_data->server_path);
data/gupnp-1.2.4/libgupnp/gupnp-context.c:887:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (requested_path);
data/gupnp-1.2.4/libgupnp/gupnp-control-point.c:791:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (usn, "uuid:", strlen ("uuid:"))) {
data/gupnp-1.2.4/libgupnp/gupnp-device-info.c:982:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type_len = strlen (base) - strlen (colon);
data/gupnp-1.2.4/libgupnp/gupnp-device-info.c:982:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type_len = strlen (base) - strlen (colon);
data/gupnp-1.2.4/libgupnp/gupnp-linux-context-manager.c:257:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (iwr.ifr_name, device->name, IFNAMSIZ - 1);
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:711:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->header_pos += strlen("<u:");
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:713:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->header_pos += strlen (ret->name);
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:715:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->header_pos += strlen(" xmlns:u=\"");
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:717:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->header_pos += strlen (service_type);
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:1588:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (hdr) <= strlen ("uuid:") ||
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:1588:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (hdr) <= strlen ("uuid:") ||
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:1589:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp (hdr, "uuid:", strlen ("uuid:")) != 0) {
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:1785:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (hdr, "Second-", strlen ("Second-")) == 0) {
data/gupnp-1.2.4/libgupnp/gupnp-service-proxy.c:1787:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timeout = atoi (hdr + strlen ("Second-"));
data/gupnp-1.2.4/libgupnp/gupnp-service.c:1260:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (start) <= 256) {
data/gupnp-1.2.4/libgupnp/gupnp-service.c:2042:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (property_set));
data/gupnp-1.2.4/libgupnp/gupnp-service.c:2198:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stripped = g_malloc (strlen (camel_str) * 2);
data/gupnp-1.2.4/libgupnp/gupnp-service.c:2200:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, j = 0; i <= strlen (camel_str); i++) {
data/gupnp-1.2.4/libgupnp/http-headers.c:170:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val += strlen (";q=");
ANALYSIS SUMMARY:
Hits = 37
Lines analyzed = 24811 in approximately 0.53 seconds (46485 lines/second)
Physical Source Lines of Code (SLOC) = 15519
Hits@level = [0] 0 [1] 20 [2] 16 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 37 [1+] 37 [2+] 17 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.38417 [1+] 2.38417 [2+] 1.09543 [3+] 0.0644371 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.