Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libconfuse-3.3/doc/listing1.c
Examining data/libconfuse-3.3/doc/listing2.c
Examining data/libconfuse-3.3/doc/listing3.c
Examining data/libconfuse-3.3/doc/listing4.c
Examining data/libconfuse-3.3/doc/listing5.c
Examining data/libconfuse-3.3/doc/listing6.c
Examining data/libconfuse-3.3/doc/listing7.c
Examining data/libconfuse-3.3/doc/listing8.c
Examining data/libconfuse-3.3/examples/addsec.c
Examining data/libconfuse-3.3/examples/cfgtest.c
Examining data/libconfuse-3.3/examples/cli.c
Examining data/libconfuse-3.3/examples/deprecated.c
Examining data/libconfuse-3.3/examples/env.c
Examining data/libconfuse-3.3/examples/ftpconf.c
Examining data/libconfuse-3.3/examples/nested.c
Examining data/libconfuse-3.3/examples/parsebuf.c
Examining data/libconfuse-3.3/examples/reread.c
Examining data/libconfuse-3.3/examples/simple.c
Examining data/libconfuse-3.3/examples/wincfgtest.c
Examining data/libconfuse-3.3/src/compat.h
Examining data/libconfuse-3.3/src/confuse.c
Examining data/libconfuse-3.3/src/confuse.h
Examining data/libconfuse-3.3/src/fmemopen.c
Examining data/libconfuse-3.3/src/reallocarray.c
Examining data/libconfuse-3.3/tests/annotate.c
Examining data/libconfuse-3.3/tests/check_confuse.h
Examining data/libconfuse-3.3/tests/empty_string.c
Examining data/libconfuse-3.3/tests/env.c
Examining data/libconfuse-3.3/tests/ignore_parm.c
Examining data/libconfuse-3.3/tests/include.c
Examining data/libconfuse-3.3/tests/keyval.c
Examining data/libconfuse-3.3/tests/list_plus_syntax.c
Examining data/libconfuse-3.3/tests/modified_flag.c
Examining data/libconfuse-3.3/tests/print_filter.c
Examining data/libconfuse-3.3/tests/quote_before_print.c
Examining data/libconfuse-3.3/tests/searchpath.c
Examining data/libconfuse-3.3/tests/section_add.c
Examining data/libconfuse-3.3/tests/section_getopt.c
Examining data/libconfuse-3.3/tests/section_remove.c
Examining data/libconfuse-3.3/tests/section_title_dupes.c
Examining data/libconfuse-3.3/tests/setmulti_reset.c
Examining data/libconfuse-3.3/tests/setopt_ptr.c
Examining data/libconfuse-3.3/tests/single_title_sections.c
Examining data/libconfuse-3.3/tests/suite_dup.c
Examining data/libconfuse-3.3/tests/suite_func.c
Examining data/libconfuse-3.3/tests/suite_list.c
Examining data/libconfuse-3.3/tests/suite_ptr.c
Examining data/libconfuse-3.3/tests/suite_single.c
Examining data/libconfuse-3.3/tests/suite_validate.c
Examining data/libconfuse-3.3/windows/borland/config.h
Examining data/libconfuse-3.3/windows/devcpp/config.h
Examining data/libconfuse-3.3/windows/mingw/config.h
Examining data/libconfuse-3.3/windows/msvc6/libConfuse/config.h
Examining data/libconfuse-3.3/windows/msvc6/libConfuse/unistd.h
Examining data/libconfuse-3.3/windows/msvs.net/config.h
Examining data/libconfuse-3.3/windows/msvs.net/unistd.h
FINAL RESULTS:
data/libconfuse-3.3/examples/wincfgtest.c:90:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "bool: %s\nstring: %s\nnumber: %ld\nfloat: %f\n",
data/libconfuse-3.3/src/compat.h:24:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf c99_snprintf
data/libconfuse-3.3/src/compat.h:25:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf c99_vsnprintf
data/libconfuse-3.3/src/confuse.c:1224:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libconfuse-3.3/src/confuse.c:1887:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expanded, passwd->pw_dir);
data/libconfuse-3.3/src/confuse.c:1888:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(expanded, file);
data/libconfuse-3.3/tests/check_confuse.h:9:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/libconfuse-3.3/examples/wincfgtest.c:73:16: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hinstLib = LoadLibrary("libConfuse");
data/libconfuse-3.3/examples/cfgtest.c:211:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("test.conf.out", "w");
data/libconfuse-3.3/examples/simple.c:64:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("simple.conf.out", "w");
data/libconfuse-3.3/examples/wincfgtest.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libconfuse-3.3/src/confuse.c:126:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, str, len);
data/libconfuse-3.3/src/confuse.c:674:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dupopts, opts, n * sizeof(cfg_opt_t));
data/libconfuse-3.3/src/confuse.c:1767:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(cfg->filename, "r");
data/libconfuse-3.3/src/fmemopen.c:45:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &ops->buf[ops->pos], len);
data/libconfuse-3.3/src/fmemopen.c:62:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ops->buf[ops->pos], buf, len);
data/libconfuse-3.3/src/fmemopen.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tp[MAX_PATH - 13];
data/libconfuse-3.3/src/fmemopen.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAX_PATH + 1];
data/libconfuse-3.3/tests/empty_string.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100]; /* should be enough */
data/libconfuse-3.3/tests/print_filter.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200]; /* should be enough */
data/libconfuse-3.3/tests/quote_before_print.c:29:7: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fp = tmpfile();
data/libconfuse-3.3/tests/setopt_ptr.c:14:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptr = atoi(value);
data/libconfuse-3.3/tests/suite_list.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *multi[2];
data/libconfuse-3.3/tests/suite_list.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *multi[3];
data/libconfuse-3.3/tests/suite_list.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *multi[3];
data/libconfuse-3.3/tests/suite_list.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *multi[3];
data/libconfuse-3.3/tests/suite_ptr.c:18:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptr = atoi(value);
data/libconfuse-3.3/tests/suite_single.c:37:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char ec[6];
data/libconfuse-3.3/tests/suite_single.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[18];
data/libconfuse-3.3/tests/suite_single.c:55:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
data/libconfuse-3.3/tests/suite_single.c:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/libconfuse-3.3/tests/suite_single.c:64:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
data/libconfuse-3.3/tests/suite_single.c:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*(void **)result, tmp, 6);
data/libconfuse-3.3/tests/suite_single.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/libconfuse-3.3/examples/cli.c:105:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(stdin);
data/libconfuse-3.3/src/confuse.c:121:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/libconfuse-3.3/src/confuse.c:141:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r, s, n);
data/libconfuse-3.3/src/confuse.c:211:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = title + strlen(title);
data/libconfuse-3.3/src/confuse.c:225:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(ch, ch + 1, strlen(ch));
data/libconfuse-3.3/src/confuse.c:792:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp = fmemopen(buf, strlen(buf), "r");
data/libconfuse-3.3/src/confuse.c:798:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0)
data/libconfuse-3.3/src/confuse.c:1697:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dir) + strlen(file) + 2;
data/libconfuse-3.3/src/confuse.c:1697:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dir) + strlen(file) + 2;
data/libconfuse-3.3/src/confuse.c:1798:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp = fmemopen((void *)buf, strlen(buf), "r");
data/libconfuse-3.3/src/confuse.c:1804:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0)
data/libconfuse-3.3/src/confuse.c:1871:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file = filename + strlen(filename);
data/libconfuse-3.3/src/confuse.c:1877:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(user, filename + 1, file - filename - 1);
data/libconfuse-3.3/src/confuse.c:1883:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expanded = malloc(strlen(passwd->pw_dir) + strlen(file) + 1);
data/libconfuse-3.3/src/confuse.c:1883:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expanded = malloc(strlen(passwd->pw_dir) + strlen(file) + 1);
data/libconfuse-3.3/tests/suite_validate.c:64:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 42)
ANALYSIS SUMMARY:
Hits = 50
Lines analyzed = 8798 in approximately 0.30 seconds (29441 lines/second)
Physical Source Lines of Code (SLOC) = 5531
Hits@level = [0] 119 [1] 16 [2] 26 [3] 1 [4] 7 [5] 0
Hits@level+ = [0+] 169 [1+] 50 [2+] 34 [3+] 8 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 30.5551 [1+] 9.03996 [2+] 6.14717 [3+] 1.44639 [4+] 1.26559 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.