Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcli-1.10.4/clitest.c
Examining data/libcli-1.10.4/libcli.c
Examining data/libcli-1.10.4/libcli.h

FINAL RESULTS:

data/libcli-1.10.4/libcli.c:51:10:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  size = vsnprintf(NULL, 0, fmt, argCopy);
data/libcli-1.10.4/libcli.c:57:10:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  size = vsnprintf(*strp, size + 1, fmt, args);
data/libcli-1.10.4/libcli.c:72:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int fprintf(FILE *stream, const char *fmt, ...) {
data/libcli-1.10.4/libcli.c:828:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(p, argv[i]);
data/libcli-1.10.4/libcli.c:996:76:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
  if (des || !strncmp(pass, MD5_PREFIX, sizeof(MD5_PREFIX) - 1)) attempt = crypt(attempt, pass);
data/libcli-1.10.4/libcli.c:1412:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy((cmd + l), comphelp.entries[0]);
data/libcli-1.10.4/libcli.c:2548:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tptr, quoteChar);
data/libcli-1.10.4/libcli.c:2549:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tptr, word);
data/libcli-1.10.4/libcli.c:2550:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tptr, quoteChar);
data/libcli-1.10.4/libcli.h:212:84:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void cli_print(struct cli_def *cli, const char *format, ...) __attribute__((format(printf, 2, 3)));
data/libcli-1.10.4/libcli.h:213:87:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void cli_bufprint(struct cli_def *cli, const char *format, ...) __attribute__((format(printf, 2, 3)));
data/libcli-1.10.4/libcli.h:215:84:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void cli_error(struct cli_def *cli, const char *format, ...) __attribute__((format(printf, 2, 3)));
data/libcli-1.10.4/clitest.c:213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sidename[50], *value;
data/libcli-1.10.4/clitest.c:457:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fh = fopen("clitest.txt", "r"))) {
data/libcli-1.10.4/libcli.c:354:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char string[64];
data/libcli-1.10.4/libcli.c:1764:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[CLI_MAX_LINE_LENGTH];
data/libcli-1.10.4/libcli.c:2517:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char quoteChar[2] = "";
data/libcli-1.10.4/libcli.h:59:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *history[MAX_HISTORY];
data/libcli-1.10.4/libcli.h:173:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *words[CLI_MAX_LINE_WORDS];
data/libcli-1.10.4/clitest.c:231:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!value || !strncmp(*shape, value, strlen(value))) {
data/libcli-1.10.4/clitest.c:279:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!word || !strncmp(*color, word, strlen(word))) {
data/libcli-1.10.4/libcli.c:37:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
int read(int fd, void *buf, unsigned int count) {
data/libcli-1.10.4/libcli.c:304:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    c->unique_len = strlen(c->command);
data/libcli-1.10.4/libcli.c:819:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(argv[i]);
data/libcli-1.10.4/libcli.c:826:12:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    if (i) strcat(p, " ");
data/libcli-1.10.4/libcli.c:867:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((!stage->words[0] || (command[strlen(command) - 1] == ' ')) && (stage->words[stage->num_words - 1]))
data/libcli-1.10.4/libcli.c:885:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (stage->words[i] && strncasecmp(c->command, stage->words[i], strlen(stage->words[i]))) continue;
data/libcli-1.10.4/libcli.c:897:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (stage->words[i] && (strlen(stage->words[i]) < c->unique_len) && strcmp(stage->words[i], c->command)) continue;
data/libcli-1.10.4/libcli.c:1007:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (cli->hostname) len += write(sockfd, cli->hostname, strlen(cli->hostname));
data/libcli-1.10.4/libcli.c:1009:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (cli->modestring) len += write(sockfd, cli->modestring, strlen(cli->modestring));
data/libcli-1.10.4/libcli.c:1012:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += write(sockfd, cli->buildmode->cname, strlen(cli->buildmode->cname));
data/libcli-1.10.4/libcli.c:1014:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (cli->buildmode->mode_text) len += write(sockfd, cli->buildmode->mode_text, strlen(cli->buildmode->mode_text));
data/libcli-1.10.4/libcli.c:1017:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return len + write(sockfd, cli->promptchar, strlen(cli->promptchar));
data/libcli-1.10.4/libcli.c:1035:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    _write(sockfd, negotiate, strlen(negotiate));
data/libcli-1.10.4/libcli.c:1106:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            _write(sockfd, "Username: ", strlen("Username: "));
data/libcli-1.10.4/libcli.c:1110:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            _write(sockfd, "Password: ", strlen("Password: "));
data/libcli-1.10.4/libcli.c:1124:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            _write(sockfd, "Password: ", strlen("Password: "));
data/libcli-1.10.4/libcli.c:1168:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if ((n = read(sockfd, &c, 1)) < 0) {
data/libcli-1.10.4/libcli.c:1401:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            _write(sockfd, comphelp.entries[i], strlen(comphelp.entries[i]));
data/libcli-1.10.4/libcli.c:1413:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            l += strlen(comphelp.entries[0]);
data/libcli-1.10.4/libcli.c:1416:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            _write(sockfd, comphelp.entries[0], strlen(comphelp.entries[0]));
data/libcli-1.10.4/libcli.c:1441:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          k = strlen(tptr);
data/libcli-1.10.4/libcli.c:1455:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (j = 0; (j < k) && (j < (int)strlen(wptr)); j++) {
data/libcli-1.10.4/libcli.c:1467:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(cmd + l, tptr, k);
data/libcli-1.10.4/libcli.c:1546:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(cmd, cli->history[in_history], CLI_MAX_LINE_LENGTH - 1);
data/libcli-1.10.4/libcli.c:1547:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          l = cursor = strlen(cmd);
data/libcli-1.10.4/libcli.c:1834:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (p != cli->buffer) memmove(cli->buffer, p, strlen(p));
data/libcli-1.10.4/libcli.c:1878:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((*value++ == '-') && (*value) && (strspn(value, "vie") == strlen(value))) return CLI_OK;
data/libcli-1.10.4/libcli.c:2515:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t oldlen = strlen(cmdline);
data/libcli-1.10.4/libcli.c:2516:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t wordlen = strlen(word);
data/libcli-1.10.4/libcli.c:2547:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(tptr, " ");
data/libcli-1.10.4/libcli.c:2713:99:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((!strcmp(c->command, optarg_pair->name)) && (!word || !strncmp(word, optarg_pair->name, strlen(word)))) {
data/libcli-1.10.4/libcli.c:2781:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncasecmp(c->command, stage->words[start_word], strlen(stage->words[start_word]))) continue;
data/libcli-1.10.4/libcli.c:3045:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  namewidth = strlen(nameptr);
data/libcli-1.10.4/libcli.c:3056:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    toprint = strlen(helpptr);
data/libcli-1.10.4/libcli.c:3098:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!(anchor_word && !strncmp(anchor_word, optarg->name, strlen(anchor_word)))) {
data/libcli-1.10.4/libcli.c:3127:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!(anchor_word && !strncmp(anchor_word, optarg->name, strlen(anchor_word)))) {
data/libcli-1.10.4/libcli.c:3204:92:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      } while (lineptr && nameptr && helpptr && (next_word && (strncmp(next_word, nameptr, strlen(next_word)))));
data/libcli-1.10.4/libcli.c:3210:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if ((!anchor_word || !strncmp(anchor_word, optarg->name, strlen(anchor_word))) &&
data/libcli-1.10.4/libcli.c:3300:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 !strncasecmp(oaptr->name, stage->words[word_idx], strlen(stage->words[word_idx]))) {

ANALYSIS SUMMARY:

Hits = 60
Lines analyzed = 4319 in approximately 0.13 seconds (32206 lines/second)
Physical Source Lines of Code (SLOC) = 3326
Hits@level = [0]  33 [1]  41 [2]   7 [3]   0 [4]  12 [5]   0
Hits@level+ = [0+]  93 [1+]  60 [2+]  19 [3+]  12 [4+]  12 [5+]   0
Hits/KSLOC@level+ = [0+] 27.9615 [1+] 18.0397 [2+] 5.71257 [3+] 3.60794 [4+] 3.60794 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.