Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libio-aio-perl-4.72/libeio/xthread.h Examining data/libio-aio-perl-4.72/libeio/etp.c Examining data/libio-aio-perl-4.72/libeio/eio.h Examining data/libio-aio-perl-4.72/libeio/eio.c Examining data/libio-aio-perl-4.72/libeio/ecb.h Examining data/libio-aio-perl-4.72/def0.h Examining data/libio-aio-perl-4.72/schmorp.h FINAL RESULTS: data/libio-aio-perl-4.72/libeio/eio.c:117:11: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. #define chmod(path,mode) _chmod (path, mode) data/libio-aio-perl-4.72/libeio/eio.c:125:11: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. #define chown(path,uid,gid) EIO_ENOSYS () data/libio-aio-perl-4.72/libeio/eio.c:131:11: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. #define readlink(path,buf,s) EIO_ENOSYS () data/libio-aio-perl-4.72/libeio/eio.c:1058:23: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. req->result = readlink (tmp1, res, EIO_PATH_MAX); data/libio-aio-perl-4.72/libeio/eio.c:1138:19: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. linklen = readlink (tmpbuf->ptr, tmp1, EIO_PATH_MAX); data/libio-aio-perl-4.72/libeio/eio.c:1997:41: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. case EIO_CHOWN: req->result = chown (path , req->int2, req->int3); break; data/libio-aio-perl-4.72/libeio/eio.c:1998:41: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. case EIO_CHMOD: req->result = chmod (path , (mode_t)req->int2); break; data/libio-aio-perl-4.72/libeio/eio.c:2013:41: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. req->result = readlink (path, req->ptr2, EIO_PATH_MAX); data/libio-aio-perl-4.72/libeio/eio.c:1385:5: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _snprintf (path, MAX_PATH, fmt, reqpath); data/libio-aio-perl-4.72/libeio/ecb.h:863:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&r, &x, 4); data/libio-aio-perl-4.72/libeio/ecb.h:903:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&r, &x, 4); data/libio-aio-perl-4.72/libeio/ecb.h:933:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&r, &x, 8); data/libio-aio-perl-4.72/libeio/ecb.h:973:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&r, &x, 8); data/libio-aio-perl-4.72/libeio/eio.c:382:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1]; /* actually, a 0-terminated canonical path */ data/libio-aio-perl-4.72/libeio/eio.c:592:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. eio__utimes (const char *filename, const struct timeval times[2]) data/libio-aio-perl-4.72/libeio/eio.c:1053:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open (rel, O_RDONLY | O_NONBLOCK | O_NOCTTY | O_NOATIME); data/libio-aio-perl-4.72/libeio/eio.c:1057:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tmp1, "/proc/self/fd/%d", fd); data/libio-aio-perl-4.72/libeio/eio.c:1087:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, wd->str, len = wd->len); data/libio-aio-perl-4.72/libeio/eio.c:1132:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res + 1, beg, len); data/libio-aio-perl-4.72/libeio/eio.c:1167:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp2, tmp1, linklen); data/libio-aio-perl-4.72/libeio/eio.c:1198:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bits [9 + sizeof (eio_ino_t) * 8]; data/libio-aio-perl-4.72/libeio/eio.c:1243:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *bit_stk [9 + sizeof (eio_ino_t) * 8]; data/libio-aio-perl-4.72/libeio/eio.c:1271:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (!(((unsigned char *)a)[O] & M)) data/libio-aio-perl-4.72/libeio/eio.c:1526:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (names + namesoffs, name, len); data/libio-aio-perl-4.72/libeio/eio.c:1661:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, wd->str, l1); data/libio-aio-perl-4.72/libeio/eio.c:1663:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res + l1 + 1, path, l2 + 1); data/libio-aio-perl-4.72/libeio/eio.c:1709:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res->str, tmpbuf->ptr, len); data/libio-aio-perl-4.72/libeio/eio.c:2000:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). case EIO_OPEN: req->result = open (path , req->int1, (mode_t)req->int2); break; data/libio-aio-perl-4.72/libeio/eio.c:2001:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). case EIO_SLURP: eio__slurp ( open (path , O_RDONLY | O_CLOEXEC), req); break; data/libio-aio-perl-4.72/libeio/eio.c:2050:31: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (req->ptr2, self->tmpbuf.ptr, req->result); data/libio-aio-perl-4.72/libeio/etp.c:323:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16 + 1]; data/libio-aio-perl-4.72/libeio/etp.c:330:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (name + (len <= namelen - 4 ? len : namelen - 4), "/eio"); data/libio-aio-perl-4.72/schmorp.h:458:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [9]; data/libio-aio-perl-4.72/libeio/eio.c:317:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define D_NAMLEN(entp) strlen (D_NAME (entp)) data/libio-aio-perl-4.72/libeio/eio.c:1084:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (res); data/libio-aio-perl-4.72/libeio/eio.c:1151:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int rellen = strlen (rel); data/libio-aio-perl-4.72/libeio/eio.c:1373:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen ((const char *)req->ptr1); data/libio-aio-perl-4.72/libeio/eio.c:1657:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l2 = strlen (path); data/libio-aio-perl-4.72/libeio/eio.c:1916:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). : read (req->int1, req->ptr2, req->size); break; data/libio-aio-perl-4.72/libeio/etp.c:329:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/libio-aio-perl-4.72/libeio/xthread.h:176:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define respipe_read(a,b,c) read ((a), (b), (c)) data/libio-aio-perl-4.72/schmorp.h:463:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (epp->fd [0], buf, sizeof (buf)); ANALYSIS SUMMARY: Hits = 42 Lines analyzed = 5834 in approximately 0.18 seconds (33319 lines/second) Physical Source Lines of Code (SLOC) = 4375 Hits@level = [0] 1 [1] 9 [2] 24 [3] 0 [4] 1 [5] 8 Hits@level+ = [0+] 43 [1+] 42 [2+] 33 [3+] 9 [4+] 9 [5+] 8 Hits/KSLOC@level+ = [0+] 9.82857 [1+] 9.6 [2+] 7.54286 [3+] 2.05714 [4+] 2.05714 [5+] 1.82857 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.