stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyByteChar.c
Examining data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyByteDouble.c
Examining data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyByteFloat.c
Examining data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyByteInt.c
Examining data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyByteLong.c
Examining data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyByteShort.c
Examining data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyCommon.c
Examining data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/unix.c

FINAL RESULTS:

data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/unix.c:299:14:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    retval = readlink(plinkname, plinkvalue, linkvallen);
data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/unix.c:317:14:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    retval = chmod(plinkname, mode);
data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/unix.c:334:14:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    retval = chown(plinkname, uid, gid);
data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyCommon.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * args[2];
data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyCommon.c:104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * args[2];
data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyCommon.c:163:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * args[2];
data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/copyCommon.c:221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * args[2];
data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/unix.c:98:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *args[2];
data/libsis-base-java-18.09~pre1+git20180928.45fbd31+dfsg/source/c/unix.c:295:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char plinkvalue[linkvallen + 1];

ANALYSIS SUMMARY:

Hits = 9
Lines analyzed = 1219 in approximately 0.07 seconds (18327 lines/second)
Physical Source Lines of Code (SLOC) = 813
Hits@level = [0]   7 [1]   0 [2]   6 [3]   0 [4]   0 [5]   3
Hits@level+ = [0+]  16 [1+]   9 [2+]   9 [3+]   3 [4+]   3 [5+]   3
Hits/KSLOC@level+ = [0+] 19.6802 [1+] 11.0701 [2+] 11.0701 [3+] 3.69004 [4+] 3.69004 [5+] 3.69004
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.