Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libio-aio-perl-4.72/libeio/xthread.h
Examining data/libio-aio-perl-4.72/libeio/etp.c
Examining data/libio-aio-perl-4.72/libeio/eio.h
Examining data/libio-aio-perl-4.72/libeio/eio.c
Examining data/libio-aio-perl-4.72/libeio/ecb.h
Examining data/libio-aio-perl-4.72/def0.h
Examining data/libio-aio-perl-4.72/schmorp.h
FINAL RESULTS:
data/libio-aio-perl-4.72/libeio/eio.c:117:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod(path,mode) _chmod (path, mode)
data/libio-aio-perl-4.72/libeio/eio.c:125:11: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
#define chown(path,uid,gid) EIO_ENOSYS ()
data/libio-aio-perl-4.72/libeio/eio.c:131:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
#define readlink(path,buf,s) EIO_ENOSYS ()
data/libio-aio-perl-4.72/libeio/eio.c:1058:23: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
req->result = readlink (tmp1, res, EIO_PATH_MAX);
data/libio-aio-perl-4.72/libeio/eio.c:1138:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
linklen = readlink (tmpbuf->ptr, tmp1, EIO_PATH_MAX);
data/libio-aio-perl-4.72/libeio/eio.c:1997:41: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
case EIO_CHOWN: req->result = chown (path , req->int2, req->int3); break;
data/libio-aio-perl-4.72/libeio/eio.c:1998:41: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
case EIO_CHMOD: req->result = chmod (path , (mode_t)req->int2); break;
data/libio-aio-perl-4.72/libeio/eio.c:2013:41: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
req->result = readlink (path, req->ptr2, EIO_PATH_MAX);
data/libio-aio-perl-4.72/libeio/eio.c:1385:5: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_snprintf (path, MAX_PATH, fmt, reqpath);
data/libio-aio-perl-4.72/libeio/ecb.h:863:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&r, &x, 4);
data/libio-aio-perl-4.72/libeio/ecb.h:903:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&r, &x, 4);
data/libio-aio-perl-4.72/libeio/ecb.h:933:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&r, &x, 8);
data/libio-aio-perl-4.72/libeio/ecb.h:973:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&r, &x, 8);
data/libio-aio-perl-4.72/libeio/eio.c:382:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1]; /* actually, a 0-terminated canonical path */
data/libio-aio-perl-4.72/libeio/eio.c:592:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
eio__utimes (const char *filename, const struct timeval times[2])
data/libio-aio-perl-4.72/libeio/eio.c:1053:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open (rel, O_RDONLY | O_NONBLOCK | O_NOCTTY | O_NOATIME);
data/libio-aio-perl-4.72/libeio/eio.c:1057:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp1, "/proc/self/fd/%d", fd);
data/libio-aio-perl-4.72/libeio/eio.c:1087:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, wd->str, len = wd->len);
data/libio-aio-perl-4.72/libeio/eio.c:1132:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res + 1, beg, len);
data/libio-aio-perl-4.72/libeio/eio.c:1167:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp2, tmp1, linklen);
data/libio-aio-perl-4.72/libeio/eio.c:1198:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits [9 + sizeof (eio_ino_t) * 8];
data/libio-aio-perl-4.72/libeio/eio.c:1243:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *bit_stk [9 + sizeof (eio_ino_t) * 8];
data/libio-aio-perl-4.72/libeio/eio.c:1271:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!(((unsigned char *)a)[O] & M))
data/libio-aio-perl-4.72/libeio/eio.c:1526:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (names + namesoffs, name, len);
data/libio-aio-perl-4.72/libeio/eio.c:1661:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, wd->str, l1);
data/libio-aio-perl-4.72/libeio/eio.c:1663:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res + l1 + 1, path, l2 + 1);
data/libio-aio-perl-4.72/libeio/eio.c:1709:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res->str, tmpbuf->ptr, len);
data/libio-aio-perl-4.72/libeio/eio.c:2000:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
case EIO_OPEN: req->result = open (path , req->int1, (mode_t)req->int2); break;
data/libio-aio-perl-4.72/libeio/eio.c:2001:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
case EIO_SLURP: eio__slurp ( open (path , O_RDONLY | O_CLOEXEC), req); break;
data/libio-aio-perl-4.72/libeio/eio.c:2050:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (req->ptr2, self->tmpbuf.ptr, req->result);
data/libio-aio-perl-4.72/libeio/etp.c:323:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16 + 1];
data/libio-aio-perl-4.72/libeio/etp.c:330:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (name + (len <= namelen - 4 ? len : namelen - 4), "/eio");
data/libio-aio-perl-4.72/schmorp.h:458:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [9];
data/libio-aio-perl-4.72/libeio/eio.c:317:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define D_NAMLEN(entp) strlen (D_NAME (entp))
data/libio-aio-perl-4.72/libeio/eio.c:1084:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (res);
data/libio-aio-perl-4.72/libeio/eio.c:1151:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rellen = strlen (rel);
data/libio-aio-perl-4.72/libeio/eio.c:1373:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen ((const char *)req->ptr1);
data/libio-aio-perl-4.72/libeio/eio.c:1657:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l2 = strlen (path);
data/libio-aio-perl-4.72/libeio/eio.c:1916:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
: read (req->int1, req->ptr2, req->size); break;
data/libio-aio-perl-4.72/libeio/etp.c:329:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (name);
data/libio-aio-perl-4.72/libeio/xthread.h:176:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define respipe_read(a,b,c) read ((a), (b), (c))
data/libio-aio-perl-4.72/schmorp.h:463:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (epp->fd [0], buf, sizeof (buf));
ANALYSIS SUMMARY:
Hits = 42
Lines analyzed = 5834 in approximately 0.18 seconds (33319 lines/second)
Physical Source Lines of Code (SLOC) = 4375
Hits@level = [0] 1 [1] 9 [2] 24 [3] 0 [4] 1 [5] 8
Hits@level+ = [0+] 43 [1+] 42 [2+] 33 [3+] 9 [4+] 9 [5+] 8
Hits/KSLOC@level+ = [0+] 9.82857 [1+] 9.6 [2+] 7.54286 [3+] 2.05714 [4+] 2.05714 [5+] 1.82857
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.