Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kldap-20.08.2/autotests/testkldap.cpp
Examining data/kldap-20.08.2/autotests/testkldap.h
Examining data/kldap-20.08.2/tests/testldapclient.h
Examining data/kldap-20.08.2/tests/testldapclient.cpp
Examining data/kldap-20.08.2/kioslave/src/common.h
Examining data/kldap-20.08.2/kioslave/src/ldap/kio_ldap.cpp
Examining data/kldap-20.08.2/kioslave/src/ldap/kio_ldap.h
Examining data/kldap-20.08.2/src/widgets/ldapconfigurewidget.h
Examining data/kldap-20.08.2/src/widgets/ldapclientsearchconfig.h
Examining data/kldap-20.08.2/src/widgets/addhostdialog.h
Examining data/kldap-20.08.2/src/widgets/ldapconfigwidget.h
Examining data/kldap-20.08.2/src/widgets/ldapclientsearchconfig.cpp
Examining data/kldap-20.08.2/src/widgets/ldapclient.h
Examining data/kldap-20.08.2/src/widgets/addhostdialog.cpp
Examining data/kldap-20.08.2/src/widgets/ldapclient.cpp
Examining data/kldap-20.08.2/src/widgets/ldapconfigwidget.cpp
Examining data/kldap-20.08.2/src/widgets/ldapclientsearch.cpp
Examining data/kldap-20.08.2/src/widgets/ldapclientsearch.h
Examining data/kldap-20.08.2/src/widgets/ldapconfigurewidget.cpp
Examining data/kldap-20.08.2/src/core/ldapobject.cpp
Examining data/kldap-20.08.2/src/core/ldapobject.h
Examining data/kldap-20.08.2/src/core/ldapserver.h
Examining data/kldap-20.08.2/src/core/ldapserver.cpp
Examining data/kldap-20.08.2/src/core/ldapdn.h
Examining data/kldap-20.08.2/src/core/ldapsearch.h
Examining data/kldap-20.08.2/src/core/ldapcontrol.cpp
Examining data/kldap-20.08.2/src/core/ber.cpp
Examining data/kldap-20.08.2/src/core/ldapurl.cpp
Examining data/kldap-20.08.2/src/core/ldapdefs.h
Examining data/kldap-20.08.2/src/core/ldif.h
Examining data/kldap-20.08.2/src/core/ldapoperation.h
Examining data/kldap-20.08.2/src/core/ldapcontrol.h
Examining data/kldap-20.08.2/src/core/ldapconnection.cpp
Examining data/kldap-20.08.2/src/core/ldapdn.cpp
Examining data/kldap-20.08.2/src/core/ldapoperation.cpp
Examining data/kldap-20.08.2/src/core/w32-ldap-help.h
Examining data/kldap-20.08.2/src/core/ldapsearch.cpp
Examining data/kldap-20.08.2/src/core/ldif.cpp
Examining data/kldap-20.08.2/src/core/ber.h
Examining data/kldap-20.08.2/src/core/ldapconnection.h
Examining data/kldap-20.08.2/src/core/ldapurl.h
FINAL RESULTS:
data/kldap-20.08.2/autotests/testkldap.cpp:75:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ber1.printf(QStringLiteral("i"), ainteger);
data/kldap-20.08.2/autotests/testkldap.cpp:76:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ber2.printf(QStringLiteral("o"), &aoctetString1);
data/kldap-20.08.2/autotests/testkldap.cpp:77:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ber3.printf(QStringLiteral("O"), &aoctetString2);
data/kldap-20.08.2/autotests/testkldap.cpp:78:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ber4.printf(QStringLiteral("s"), &aoctetString3);
data/kldap-20.08.2/autotests/testkldap.cpp:79:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ber5.printf(QStringLiteral("{v}"), &alist1);
data/kldap-20.08.2/autotests/testkldap.cpp:80:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ber6.printf(QStringLiteral("{V}"), &alist2);
data/kldap-20.08.2/autotests/testkldap.cpp:81:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ber7.printf(QStringLiteral("oi{v}O"), &aoctetString1, ainteger, &alist2, &aoctetString2);
data/kldap-20.08.2/autotests/testkldap.cpp:85:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
bber.scanf(QStringLiteral("i"), &binteger);
data/kldap-20.08.2/autotests/testkldap.cpp:90:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
bber.scanf(QStringLiteral("o"), &boctetString1);
data/kldap-20.08.2/autotests/testkldap.cpp:93:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
bber.scanf(QStringLiteral("o"), &boctetString2);
data/kldap-20.08.2/autotests/testkldap.cpp:96:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
bber.scanf(QStringLiteral("o"), &boctetString3);
data/kldap-20.08.2/autotests/testkldap.cpp:101:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
bber.scanf(QStringLiteral("v"), &blist1);
data/kldap-20.08.2/autotests/testkldap.cpp:105:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
bber.scanf(QStringLiteral("v"), &blist2);
data/kldap-20.08.2/autotests/testkldap.cpp:115:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
bber.scanf(QStringLiteral("oivO"), &boctetString1, &binteger, &blist2, &boctetString2);
data/kldap-20.08.2/src/core/ber.cpp:114:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int Ber::printf(QString format, ...)
data/kldap-20.08.2/src/core/ber.cpp:219:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int Ber::scanf(QString format, ...)
data/kldap-20.08.2/src/core/ber.cpp:428:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int Ber::printf(QString format, ...)
data/kldap-20.08.2/src/core/ber.cpp:435:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int Ber::scanf(QString format, ...)
data/kldap-20.08.2/src/core/ber.h:105:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf(QString format, ...); // Passing by-value since it's used by va_start
data/kldap-20.08.2/src/core/ber.h:106:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int scanf(QString format, ...);
data/kldap-20.08.2/src/core/ldapcontrol.cpp:113:13: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (ber.scanf(QStringLiteral("{iO}"), &size, &cookie) == -1) {
data/kldap-20.08.2/src/core/ldapcontrol.cpp:125:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ber.printf(QStringLiteral("{iO}"), pagesize, &cookie);
data/kldap-20.08.2/autotests/testkldap.cpp:40:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kldap-20.08.2/src/core/ber.cpp:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/kldap-20.08.2/src/core/ber.cpp:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/kldap-20.08.2/src/core/ber.cpp:301:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/kldap-20.08.2/src/core/ldapoperation.cpp:549:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, value->data(), vallen);
data/kldap-20.08.2/src/core/ldapoperation.cpp:591:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctrl->ldctl_value.bv_val, value.data(), vallen);
data/kldap-20.08.2/src/core/ldapoperation.cpp:1017:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, value.data(), vallen);
data/kldap-20.08.2/src/core/ldapoperation.cpp:1046:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, value.data(), vallen);
data/kldap-20.08.2/src/core/ldapoperation.cpp:1074:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, data.data(), vallen);
data/kldap-20.08.2/src/core/ldapoperation.cpp:1110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, data.data(), vallen);
data/kldap-20.08.2/src/core/ldapoperation.cpp:221:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
interact->len = strlen((const char *)interact->result);
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 10747 in approximately 0.91 seconds (11814 lines/second)
Physical Source Lines of Code (SLOC) = 7503
Hits@level = [0] 2 [1] 1 [2] 10 [3] 0 [4] 22 [5] 0
Hits@level+ = [0+] 35 [1+] 33 [2+] 32 [3+] 22 [4+] 22 [5+] 0
Hits/KSLOC@level+ = [0+] 4.6648 [1+] 4.39824 [2+] 4.26496 [3+] 2.93216 [4+] 2.93216 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.