Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kldap-20.08.2/autotests/testkldap.cpp Examining data/kldap-20.08.2/autotests/testkldap.h Examining data/kldap-20.08.2/tests/testldapclient.h Examining data/kldap-20.08.2/tests/testldapclient.cpp Examining data/kldap-20.08.2/kioslave/src/common.h Examining data/kldap-20.08.2/kioslave/src/ldap/kio_ldap.cpp Examining data/kldap-20.08.2/kioslave/src/ldap/kio_ldap.h Examining data/kldap-20.08.2/src/widgets/ldapconfigurewidget.h Examining data/kldap-20.08.2/src/widgets/ldapclientsearchconfig.h Examining data/kldap-20.08.2/src/widgets/addhostdialog.h Examining data/kldap-20.08.2/src/widgets/ldapconfigwidget.h Examining data/kldap-20.08.2/src/widgets/ldapclientsearchconfig.cpp Examining data/kldap-20.08.2/src/widgets/ldapclient.h Examining data/kldap-20.08.2/src/widgets/addhostdialog.cpp Examining data/kldap-20.08.2/src/widgets/ldapclient.cpp Examining data/kldap-20.08.2/src/widgets/ldapconfigwidget.cpp Examining data/kldap-20.08.2/src/widgets/ldapclientsearch.cpp Examining data/kldap-20.08.2/src/widgets/ldapclientsearch.h Examining data/kldap-20.08.2/src/widgets/ldapconfigurewidget.cpp Examining data/kldap-20.08.2/src/core/ldapobject.cpp Examining data/kldap-20.08.2/src/core/ldapobject.h Examining data/kldap-20.08.2/src/core/ldapserver.h Examining data/kldap-20.08.2/src/core/ldapserver.cpp Examining data/kldap-20.08.2/src/core/ldapdn.h Examining data/kldap-20.08.2/src/core/ldapsearch.h Examining data/kldap-20.08.2/src/core/ldapcontrol.cpp Examining data/kldap-20.08.2/src/core/ber.cpp Examining data/kldap-20.08.2/src/core/ldapurl.cpp Examining data/kldap-20.08.2/src/core/ldapdefs.h Examining data/kldap-20.08.2/src/core/ldif.h Examining data/kldap-20.08.2/src/core/ldapoperation.h Examining data/kldap-20.08.2/src/core/ldapcontrol.h Examining data/kldap-20.08.2/src/core/ldapconnection.cpp Examining data/kldap-20.08.2/src/core/ldapdn.cpp Examining data/kldap-20.08.2/src/core/ldapoperation.cpp Examining data/kldap-20.08.2/src/core/w32-ldap-help.h Examining data/kldap-20.08.2/src/core/ldapsearch.cpp Examining data/kldap-20.08.2/src/core/ldif.cpp Examining data/kldap-20.08.2/src/core/ber.h Examining data/kldap-20.08.2/src/core/ldapconnection.h Examining data/kldap-20.08.2/src/core/ldapurl.h FINAL RESULTS: data/kldap-20.08.2/autotests/testkldap.cpp:75:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ber1.printf(QStringLiteral("i"), ainteger); data/kldap-20.08.2/autotests/testkldap.cpp:76:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ber2.printf(QStringLiteral("o"), &aoctetString1); data/kldap-20.08.2/autotests/testkldap.cpp:77:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ber3.printf(QStringLiteral("O"), &aoctetString2); data/kldap-20.08.2/autotests/testkldap.cpp:78:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ber4.printf(QStringLiteral("s"), &aoctetString3); data/kldap-20.08.2/autotests/testkldap.cpp:79:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ber5.printf(QStringLiteral("{v}"), &alist1); data/kldap-20.08.2/autotests/testkldap.cpp:80:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ber6.printf(QStringLiteral("{V}"), &alist2); data/kldap-20.08.2/autotests/testkldap.cpp:81:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ber7.printf(QStringLiteral("oi{v}O"), &aoctetString1, ainteger, &alist2, &aoctetString2); data/kldap-20.08.2/autotests/testkldap.cpp:85:10: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. bber.scanf(QStringLiteral("i"), &binteger); data/kldap-20.08.2/autotests/testkldap.cpp:90:10: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. bber.scanf(QStringLiteral("o"), &boctetString1); data/kldap-20.08.2/autotests/testkldap.cpp:93:10: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. bber.scanf(QStringLiteral("o"), &boctetString2); data/kldap-20.08.2/autotests/testkldap.cpp:96:10: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. bber.scanf(QStringLiteral("o"), &boctetString3); data/kldap-20.08.2/autotests/testkldap.cpp:101:10: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. bber.scanf(QStringLiteral("v"), &blist1); data/kldap-20.08.2/autotests/testkldap.cpp:105:10: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. bber.scanf(QStringLiteral("v"), &blist2); data/kldap-20.08.2/autotests/testkldap.cpp:115:10: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. bber.scanf(QStringLiteral("oivO"), &boctetString1, &binteger, &blist2, &boctetString2); data/kldap-20.08.2/src/core/ber.cpp:114:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. int Ber::printf(QString format, ...) data/kldap-20.08.2/src/core/ber.cpp:219:10: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. int Ber::scanf(QString format, ...) data/kldap-20.08.2/src/core/ber.cpp:428:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. int Ber::printf(QString format, ...) data/kldap-20.08.2/src/core/ber.cpp:435:10: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. int Ber::scanf(QString format, ...) data/kldap-20.08.2/src/core/ber.h:105:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. int printf(QString format, ...); // Passing by-value since it's used by va_start data/kldap-20.08.2/src/core/ber.h:106:9: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. int scanf(QString format, ...); data/kldap-20.08.2/src/core/ldapcontrol.cpp:113:13: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (ber.scanf(QStringLiteral("{iO}"), &size, &cookie) == -1) { data/kldap-20.08.2/src/core/ldapcontrol.cpp:125:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ber.printf(QStringLiteral("{iO}"), pagesize, &cookie); data/kldap-20.08.2/autotests/testkldap.cpp:40:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/kldap-20.08.2/src/core/ber.cpp:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[2]; data/kldap-20.08.2/src/core/ber.cpp:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[2]; data/kldap-20.08.2/src/core/ber.cpp:301:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[255]; data/kldap-20.08.2/src/core/ldapoperation.cpp:549:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(berval->bv_val, value->data(), vallen); data/kldap-20.08.2/src/core/ldapoperation.cpp:591:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctrl->ldctl_value.bv_val, value.data(), vallen); data/kldap-20.08.2/src/core/ldapoperation.cpp:1017:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(berval->bv_val, value.data(), vallen); data/kldap-20.08.2/src/core/ldapoperation.cpp:1046:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(berval->bv_val, value.data(), vallen); data/kldap-20.08.2/src/core/ldapoperation.cpp:1074:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(berval->bv_val, data.data(), vallen); data/kldap-20.08.2/src/core/ldapoperation.cpp:1110:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(berval->bv_val, data.data(), vallen); data/kldap-20.08.2/src/core/ldapoperation.cpp:221:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). interact->len = strlen((const char *)interact->result); ANALYSIS SUMMARY: Hits = 33 Lines analyzed = 10747 in approximately 0.91 seconds (11814 lines/second) Physical Source Lines of Code (SLOC) = 7503 Hits@level = [0] 2 [1] 1 [2] 10 [3] 0 [4] 22 [5] 0 Hits@level+ = [0+] 35 [1+] 33 [2+] 32 [3+] 22 [4+] 22 [5+] 0 Hits/KSLOC@level+ = [0+] 4.6648 [1+] 4.39824 [2+] 4.26496 [3+] 2.93216 [4+] 2.93216 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.