Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/librpcsecgss-0.19/src/authgss_prot.c
Examining data/librpcsecgss-0.19/src/clnt_simple.c
Examining data/librpcsecgss-0.19/src/svc_auth_gss.c
Examining data/librpcsecgss-0.19/src/svc_simple.c
Examining data/librpcsecgss-0.19/src/svc_auth.c
Examining data/librpcsecgss-0.19/src/svc_udp.c
Examining data/librpcsecgss-0.19/src/svc.c
Examining data/librpcsecgss-0.19/src/svc_auth_unix.c
Examining data/librpcsecgss-0.19/src/rpc_commondata.c
Examining data/librpcsecgss-0.19/src/clnt_raw.c
Examining data/librpcsecgss-0.19/src/svc_auth_none.c
Examining data/librpcsecgss-0.19/src/clnt_perror.c
Examining data/librpcsecgss-0.19/src/clnt_generic.c
Examining data/librpcsecgss-0.19/src/svc_raw.c
Examining data/librpcsecgss-0.19/src/svc_run.c
Examining data/librpcsecgss-0.19/src/clnt_tcp.c
Examining data/librpcsecgss-0.19/src/clnt_udp.c
Examining data/librpcsecgss-0.19/src/auth_gss.c
Examining data/librpcsecgss-0.19/src/svc_tcp.c
Examining data/librpcsecgss-0.19/include/rpcsecgss/rpc/auth_gss.h
Examining data/librpcsecgss-0.19/include/rpcsecgss/rpc/svc_auth.h
Examining data/librpcsecgss-0.19/include/rpcsecgss/rpc/rpc.h
Examining data/librpcsecgss-0.19/include/rpcsecgss/rpc/rpcsecgss_rename.h
Examining data/librpcsecgss-0.19/include/rpcsecgss/rpc/svc.h
Examining data/librpcsecgss-0.19/include/rpcsecgss/rpc/auth.h
FINAL RESULTS:
data/librpcsecgss-0.19/include/rpcsecgss/rpc/auth.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/librpcsecgss-0.19/src/auth_gss.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mechbuf[1024];
data/librpcsecgss-0.19/src/auth_gss.c:320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAX_AUTH_BYTES];
data/librpcsecgss-0.19/src/auth_gss.c:403:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
data/librpcsecgss-0.19/src/authgss_prot.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuff[1024];
data/librpcsecgss-0.19/src/authgss_prot.c:375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuff[1024];
data/librpcsecgss-0.19/src/authgss_prot.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuff[256];
data/librpcsecgss-0.19/src/authgss_prot.c:396:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
written = sprintf(m, " %04x: ", (u_int)(i + offset));
data/librpcsecgss-0.19/src/authgss_prot.c:403:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
written = sprintf(m, "%02x ", (u_int) buf[i+j]);
data/librpcsecgss-0.19/src/authgss_prot.c:405:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
written = sprintf(m, "%02x", (u_int) buf[i+j]);
data/librpcsecgss-0.19/src/authgss_prot.c:410:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
written = sprintf(m, " ");
data/librpcsecgss-0.19/src/authgss_prot.c:412:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
written = sprintf(m, " ");
data/librpcsecgss-0.19/src/authgss_prot.c:421:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m, "%c", c);
data/librpcsecgss-0.19/src/clnt_generic.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)&sin.sin_addr, h->h_addr, h->h_length);
data/librpcsecgss-0.19/src/clnt_perror.c:191:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (char *)rpc_errlist[errnum];
data/librpcsecgss-0.19/src/clnt_perror.c:261:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (char *)auth_errlist[errnum];
data/librpcsecgss-0.19/src/clnt_raw.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _raw_buf[UDPMSGSIZE];
data/librpcsecgss-0.19/src/clnt_raw.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mashl_callmsg[MCALL_MSG_SIZE];
data/librpcsecgss-0.19/src/clnt_simple.c:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&server_addr.sin_addr, hp->h_addr, hp->h_length);
data/librpcsecgss-0.19/src/clnt_tcp.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ct_mcall[MCALL_MSG_SIZE]; /* marshalled callmsg */
data/librpcsecgss-0.19/src/clnt_udp.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cu_inbuf[1];
data/librpcsecgss-0.19/src/svc.c:104:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fds, __svc_fdset, howmany(__svc_fdsetsize,
data/librpcsecgss-0.19/src/svc.c:125:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, xports, xportssize * sizeof(SVCXPRT *));
data/librpcsecgss-0.19/src/svc.c:437:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cred_area[2*MAX_AUTH_BYTES + RQCRED_SIZE];
data/librpcsecgss-0.19/src/svc_auth_gss.c:340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gr->gr_ctx.value, gd->ctx, sizeof(gss_union_ctx_id_desc));
data/librpcsecgss-0.19/src/svc_auth_gss.c:441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
data/librpcsecgss-0.19/src/svc_auth_gss.c:739:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pname, gd->cname.value, gd->cname.length);
data/librpcsecgss-0.19/src/svc_auth_unix.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char area_machname[MAX_MACHINE_NAME+1];
data/librpcsecgss-0.19/src/svc_auth_unix.c:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
data/librpcsecgss-0.19/src/svc_raw.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _raw_buf[UDPMSGSIZE];
data/librpcsecgss-0.19/src/svc_raw.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verf_body[MAX_AUTH_BYTES];
data/librpcsecgss-0.19/src/svc_run.c:60:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fds, __svc_fdset, bytes);
data/librpcsecgss-0.19/src/svc_simple.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xdrbuf[UDPMSGSIZE];
data/librpcsecgss-0.19/src/svc_tcp.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verf_body[MAX_AUTH_BYTES];
data/librpcsecgss-0.19/src/svc_tcp.c:378:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fds, __svc_fdset, bytes);
data/librpcsecgss-0.19/src/svc_udp.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */
data/librpcsecgss-0.19/src/auth_gss.c:238:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sname.length = strlen(service);
data/librpcsecgss-0.19/src/authgss_prot.c:415:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(m, " ");
data/librpcsecgss-0.19/src/authgss_prot.c:424:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(m, "\n");
data/librpcsecgss-0.19/src/clnt_perror.c:143:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(strstart, "\n");
data/librpcsecgss-0.19/src/clnt_simple.c:112:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(crp->oldhost, host, MAXHOSTNAMELEN-1);
data/librpcsecgss-0.19/src/clnt_tcp.c:513:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (len = read(ct->ct_sock, buf, len)) {
data/librpcsecgss-0.19/src/svc_auth_gss.c:118:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namebuf.length = strlen(principal);
data/librpcsecgss-0.19/src/svc_tcp.c:407:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(sock, buf, len)) > 0) {
ANALYSIS SUMMARY:
Hits = 44
Lines analyzed = 6975 in approximately 0.30 seconds (22873 lines/second)
Physical Source Lines of Code (SLOC) = 4593
Hits@level = [0] 28 [1] 8 [2] 36 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 72 [1+] 44 [2+] 36 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 15.676 [1+] 9.5798 [2+] 7.83801 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.