Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/input-utils-1.0/linux-input.h Examining data/input-utils-1.0/list.h Examining data/input-utils-1.0/tcp.c Examining data/input-utils-1.0/tcp.h Examining data/input-utils-1.0/input-events.c Examining data/input-utils-1.0/input-recv.c Examining data/input-utils-1.0/input-send.c Examining data/input-utils-1.0/input-kbd.c Examining data/input-utils-1.0/lsinput.c Examining data/input-utils-1.0/input.c Examining data/input-utils-1.0/input.h FINAL RESULTS: data/input-utils-1.0/input-events.c:104:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if (-1 == (c = getopt(argc, argv, "hgt:"))) data/input-utils-1.0/input-kbd.c:249:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if (-1 == (c = getopt(argc, argv, "hf:"))) data/input-utils-1.0/input-recv.c:35:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if (-1 == (c = getopt(argc, argv, "h"))) data/input-utils-1.0/input-send.c:193:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if (-1 == (c = getopt(argc, argv, "hdgt:"))) data/input-utils-1.0/input-events.c:108:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). timeout = atoi(optarg); data/input-utils-1.0/input-events.c:123:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). devnr = atoi(argv[optind]); data/input-utils-1.0/input-kbd.c:127:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[80],scancode[80],keycode[80]; data/input-utils-1.0/input-kbd.c:157:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). entry.keycode = atoi(keycode); data/input-utils-1.0/input-kbd.c:217:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(mapfile,"r"); data/input-utils-1.0/input-kbd.c:265:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). devnr = atoi(argv[optind]); data/input-utils-1.0/input-send.c:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peerhost[INET6_ADDRSTRLEN+1]; data/input-utils-1.0/input-send.c:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peerserv[33]; data/input-utils-1.0/input-send.c:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[16]; data/input-utils-1.0/input-send.c:163:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open("/dev/null",O_RDWR); dup(0); dup(0); data/input-utils-1.0/input-send.c:201:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). timeout = atoi(optarg); data/input-utils-1.0/input-send.c:215:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). devnr = atoi(argv[optind]); data/input-utils-1.0/input.c:14:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *EV_NAME[EV_CNT] = { data/input-utils-1.0/input.c:18:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *REL_NAME[REL_CNT] = { data/input-utils-1.0/input.c:22:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *ABS_NAME[ABS_CNT] = { data/input-utils-1.0/input.c:26:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *MSC_NAME[MSC_CNT] = { data/input-utils-1.0/input.c:30:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *LED_NAME[LED_CNT] = { data/input-utils-1.0/input.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *SND_NAME[SND_CNT] = { data/input-utils-1.0/input.c:42:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *REP_NAME[REP_CNT] = { data/input-utils-1.0/input.c:46:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *KEY_NAME[KEY_CNT] = { data/input-utils-1.0/input.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *SW_NAME[SW_CNT] = { data/input-utils-1.0/input.c:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **EV_TYPE_NAME[EV_CNT] = { data/input-utils-1.0/input.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[32]; data/input-utils-1.0/input.c:90:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename,O_RDONLY); data/input-utils-1.0/input.c:106:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/input-utils-1.0/input.c:143:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ts[32]; data/input-utils-1.0/input.h:11:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *EV_NAME[EV_CNT]; data/input-utils-1.0/input.h:13:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char **EV_TYPE_NAME[EV_CNT]; data/input-utils-1.0/linux-input.h:1077:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(struct input_dev *dev); data/input-utils-1.0/linux-input.h:1214:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open; data/input-utils-1.0/lsinput.c:14:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[32]; data/input-utils-1.0/tcp.c:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uaddr[INET6_ADDRSTRLEN+1]; data/input-utils-1.0/tcp.c:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uport[33]; data/input-utils-1.0/tcp.c:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uhost[INET6_ADDRSTRLEN+1]; data/input-utils-1.0/tcp.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userv[33]; data/input-utils-1.0/tcp.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uaddr[INET6_ADDRSTRLEN+1]; data/input-utils-1.0/tcp.c:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uport[33]; data/input-utils-1.0/input-events.c:58:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (read(fd,&event,sizeof(event))) { data/input-utils-1.0/input-kbd.c:131:12: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (2 != sscanf(line," %80s = %80s", scancode, keycode)) { data/input-utils-1.0/input-recv.c:63:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(sock,&ev,sizeof(ev)); data/input-utils-1.0/input-send.c:133:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(conn->socket,dummy,sizeof(dummy)); data/input-utils-1.0/input-send.c:141:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(input,&ev,sizeof(ev)); ANALYSIS SUMMARY: Hits = 46 Lines analyzed = 2700 in approximately 0.10 seconds (26092 lines/second) Physical Source Lines of Code (SLOC) = 1900 Hits@level = [0] 52 [1] 5 [2] 37 [3] 4 [4] 0 [5] 0 Hits@level+ = [0+] 98 [1+] 46 [2+] 41 [3+] 4 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 51.5789 [1+] 24.2105 [2+] 21.5789 [3+] 2.10526 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.