Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/hyphen-show-20000425/hyphen_show.c FINAL RESULTS: data/hyphen-show-20000425/hyphen_show.c:305:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tns,pp+2); data/hyphen-show-20000425/hyphen_show.c:311:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tns_alt, tns); data/hyphen-show-20000425/hyphen_show.c:351:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). return strcat(strncpy(&wortanf[0],&stra[k],n-k),&ht[0]); data/hyphen-show-20000425/hyphen_show.c:401:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(&neu[neu_max][0],tcp); data/hyphen-show-20000425/hyphen_show.c:466:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). tgesp = strcat(ttap,terr); data/hyphen-show-20000425/hyphen_show.c:468:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&hh[0],tgesp); data/hyphen-show-20000425/hyphen_show.c:596:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). font_codep = strcpy(&font_code[0],FONT_CODE_2); data/hyphen-show-20000425/hyphen_show.c:603:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { font_codep = strcpy(&font_code[0],v_arg[2]); data/hyphen-show-20000425/hyphen_show.c:609:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { hauptdateip = strcpy(&hauptdatei[0],v_arg[3]); data/hyphen-show-20000425/hyphen_show.c:611:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { verdateip = strcpy(&verdatei[0],v_arg[4]);} data/hyphen-show-20000425/hyphen_show.c:615:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { hauptdateip = strcpy(&hauptdatei[0],v_arg[1]); data/hyphen-show-20000425/hyphen_show.c:616:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). verdateip = strcpy(&verdatei[0],v_arg[2]); data/hyphen-show-20000425/hyphen_show.c:625:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { hauptdateip = strcpy(&hauptdatei[0],v_arg[1]); data/hyphen-show-20000425/hyphen_show.c:626:36: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (n_arg == 3) {verdateip = strcpy(&verdatei[0],v_arg[2]);}; data/hyphen-show-20000425/hyphen_show.c:648:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(ver_dat,"%s", & hck[hck_p][0]); data/hyphen-show-20000425/hyphen_show.c:656:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(ver_dat,"%s", & hck[hck_p][0]); data/hyphen-show-20000425/hyphen_show.c:53:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const char *, int,...); data/hyphen-show-20000425/hyphen_show.c:73:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const char *, int); data/hyphen-show-20000425/hyphen_show.c:134:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char buffer[BUFLEN_E]; data/hyphen-show-20000425/hyphen_show.c:169:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/hyphen-show-20000425/hyphen_show.c:179:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tns_alt[80]; data/hyphen-show-20000425/hyphen_show.c:293:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&s_puffer[0],"%c %d",(char) code, (int) hw); data/hyphen-show-20000425/hyphen_show.c:301:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char * pp,tns[80]; data/hyphen-show-20000425/hyphen_show.c:325:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char ht[2] = {(char)0, (char)0}; data/hyphen-show-20000425/hyphen_show.c:630:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. { hauptdateip = strcat(hauptdateip,".dvi"); data/hyphen-show-20000425/hyphen_show.c:634:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. ausdateip = strcat(ausdateip,".hyp"); data/hyphen-show-20000425/hyphen_show.c:636:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). filed1=open(hauptdateip,O_RDONLY); data/hyphen-show-20000425/hyphen_show.c:639:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). a_file=fopen(ausdateip,"w+"); data/hyphen-show-20000425/hyphen_show.c:644:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { ver_dat = fopen(verdateip,"r"); data/hyphen-show-20000425/hyphen_show.c:55:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read(int,void *,size_t); data/hyphen-show-20000425/hyphen_show.c:75:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read(int,char *,unsigned); data/hyphen-show-20000425/hyphen_show.c:139:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). {cnt=read(filed1,buffer,BUFLEN_E); data/hyphen-show-20000425/hyphen_show.c:204:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). seitep[s_p] = strncpy(&seite[s_p][0],&s_puffer[0],s_puffer_p); data/hyphen-show-20000425/hyphen_show.c:294:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s_puffer_p = strlen(&s_puffer[0]); data/hyphen-show-20000425/hyphen_show.c:318:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(str); data/hyphen-show-20000425/hyphen_show.c:327:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(str); data/hyphen-show-20000425/hyphen_show.c:332:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&stra[0], &str[k],n-k); data/hyphen-show-20000425/hyphen_show.c:351:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). return strcat(strncpy(&wortanf[0],&stra[k],n-k),&ht[0]); data/hyphen-show-20000425/hyphen_show.c:356:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(str); data/hyphen-show-20000425/hyphen_show.c:364:12: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). return strncpy(&wortend[0],&str[k1],k-k1); data/hyphen-show-20000425/hyphen_show.c:381:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(str); data/hyphen-show-20000425/hyphen_show.c:427:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(str) > 0) data/hyphen-show-20000425/hyphen_show.c:428:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { cc = (char) str[strlen(str)-1]; data/hyphen-show-20000425/hyphen_show.c:430:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { str[strlen(str)-1] = (char) 0;} data/hyphen-show-20000425/hyphen_show.c:434:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (n < strlen(str)) data/hyphen-show-20000425/hyphen_show.c:442:12: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). return strncpy(&hh1[0], &str[n], strlen(&str[n])); data/hyphen-show-20000425/hyphen_show.c:442:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncpy(&hh1[0], &str[n], strlen(&str[n])); data/hyphen-show-20000425/hyphen_show.c:458:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ttapl = strlen(ttap); data/hyphen-show-20000425/hyphen_show.c:629:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(hauptdateip) <= 4) || (strstr(hauptdateip,".dvi") == 0)) data/hyphen-show-20000425/hyphen_show.c:633:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). ausdateip = strncpy(&ausdatei[0],hauptdateip, strlen(hauptdateip)-4); data/hyphen-show-20000425/hyphen_show.c:633:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ausdateip = strncpy(&ausdatei[0],hauptdateip, strlen(hauptdateip)-4); ANALYSIS SUMMARY: Hits = 51 Lines analyzed = 723 in approximately 0.05 seconds (14865 lines/second) Physical Source Lines of Code (SLOC) = 610 Hits@level = [0] 28 [1] 22 [2] 13 [3] 0 [4] 16 [5] 0 Hits@level+ = [0+] 79 [1+] 51 [2+] 29 [3+] 16 [4+] 16 [5+] 0 Hits/KSLOC@level+ = [0+] 129.508 [1+] 83.6066 [2+] 47.541 [3+] 26.2295 [4+] 26.2295 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.