Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libapache2-mod-auth-tkt-2.3.99~b1/src/ap22_compat.h
Examining data/libapache2-mod-auth-tkt-2.3.99~b1/src/ap_compat.h
Examining data/libapache2-mod-auth-tkt-2.3.99~b1/src/sha2.h
Examining data/libapache2-mod-auth-tkt-2.3.99~b1/src/sha2.c
Examining data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c
FINAL RESULTS:
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:873:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)&buf[len], secret);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:875:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)&buf[len], uid);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:878:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)&buf[len], tokens);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:881:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)&buf[len], user_data);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:229:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(param);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:284:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seconds = atoi(param);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:306:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int minutes = atoi(param);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:399:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seconds = atoi(param);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:421:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int debug = atoi(param);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:570:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parsed->uid, &ticket[(sconf->digest_sz + TSTAMP_SZ)],
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:904:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2, digest, sconf->digest_sz);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:905:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf2[sconf->digest_sz], secret, len - sconf->digest_sz);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1359:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uuid_length = atoi(uuid_length_str);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/sha2.c:113:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
data/libapache2-mod-auth-tkt-2.3.99~b1/src/sha2.c:117:33: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
data/libapache2-mod-auth-tkt-2.3.99~b1/src/sha2.c:593:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* mat_SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
data/libapache2-mod-auth-tkt-2.3.99~b1/src/sha2.c:925:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* mat_SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
data/libapache2-mod-auth-tkt-2.3.99~b1/src/sha2.c:1001:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* mat_SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:238:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unit = param[strlen(param)-1];
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:283:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (apr_isdigit(param[0]) && apr_isdigit(param[strlen(param) - 1])) {
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:398:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (apr_isdigit(param[0]) && apr_isdigit(param[strlen(param) - 1])) {
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:522:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ticket);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:555:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ticket);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:629:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cookie_name = apr_palloc(cr->r->pool, strlen(cr->cookie_name) + 2);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:630:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cookie_name, cr->cookie_name, strlen(cr->cookie_name));
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:630:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(cookie_name, cr->cookie_name, strlen(cr->cookie_name));
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:631:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cookie_name[strlen(cr->cookie_name)] = '=';
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:632:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cookie_name[strlen(cr->cookie_name) + 1] = '\0';
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:642:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value += strlen(cookie_name);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:647:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cookiebuf)) {
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:795:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cr->cookie) < sconf->digest_sz + TSTAMP_SZ) {
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:800:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sconf->digest_type, strlen(cr->cookie), sconf->digest_sz + TSTAMP_SZ);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:821:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TSTAMP_SZ + strlen(secret) + strlen(uid) + 1 + strlen(tokens) + 1 + strlen(user_data) + 1);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:821:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TSTAMP_SZ + strlen(secret) + strlen(uid) + 1 + strlen(tokens) + 1 + strlen(user_data) + 1);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:821:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TSTAMP_SZ + strlen(secret) + strlen(uid) + 1 + strlen(tokens) + 1 + strlen(user_data) + 1);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:821:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TSTAMP_SZ + strlen(secret) + strlen(uid) + 1 + strlen(tokens) + 1 + strlen(user_data) + 1);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:822:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned char *buf2 = apr_palloc(r->pool, sconf->digest_sz + strlen(secret));
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:874:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(secret);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:876:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(uid);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:879:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(tokens);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:882:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(user_data);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:903:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sconf->digest_sz + strlen(secret);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:925:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(digest) > sconf->digest_sz) digest[sconf->digest_sz] = 0;
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1017:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tokens == NULL || strlen(tokens) == 0) {
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1030:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int token_len = strlen(auth_tokens[i]);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1172:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(strip) != strlen(key) || strncmp(key,strip,strlen(strip)) != 0)
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1172:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(strip) != strlen(key) || strncmp(key,strip,strlen(strip)) != 0)
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1172:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(strip) != strlen(key) || strncmp(key,strip,strlen(strip)) != 0)
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1176:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_args) > 0)
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1200:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *copy = apr_palloc(p, 3 * strlen(segment) + 1);
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1241:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(query) > 0) {
data/libapache2-mod-auth-tkt-2.3.99~b1/src/mod_auth_tkt.c:1376:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guest_user_length = strlen(guest_user);
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 2972 in approximately 0.27 seconds (11168 lines/second)
Physical Source Lines of Code (SLOC) = 2213
Hits@level = [0] 31 [1] 34 [2] 14 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 83 [1+] 52 [2+] 18 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 37.5056 [1+] 23.4975 [2+] 8.13376 [3+] 1.8075 [4+] 1.8075 [5+] 0
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.