Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mm-1.4.2/mm.h
Examining data/mm-1.4.2/mm_alloc.c
Examining data/mm-1.4.2/mm_core.c
Examining data/mm-1.4.2/mm_global.c
Examining data/mm-1.4.2/mm_lib.c
Examining data/mm-1.4.2/mm_test.c
Examining data/mm-1.4.2/mm_vers.c
FINAL RESULTS:
data/mm-1.4.2/mm_core.c:452:20: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (rc == 0 && chmod(mc->mc_fnmem, mode) < 0)
data/mm-1.4.2/mm_core.c:454:20: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (rc == 0 && chown(mc->mc_fnmem, owner, group) < 0)
data/mm-1.4.2/mm_core.c:458:20: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (rc == 0 && chmod(mc->mc_fnsem, mode) < 0)
data/mm-1.4.2/mm_core.c:460:20: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (rc == 0 && chown(mc->mc_fnsem, owner, group) < 0)
data/mm-1.4.2/mm_core.c:228:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(filename, MM_CORE_DEFAULT_FILE, (int)getpid());
data/mm-1.4.2/mm_core.c:236:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(shmfilename, "%s.mem", file);
data/mm-1.4.2/mm_core.c:240:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(semfilename, "%s.sem", file);
data/mm-1.4.2/mm.h:125:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy(to,from,len) bcopy(from,to,len)
data/mm-1.4.2/mm.h:125:29: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy(to,from,len) bcopy(from,to,len)
data/mm-1.4.2/mm.h:127:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy(to,from,len) \
data/mm-1.4.2/mm.h:291:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mc_fnmem[MM_MAXPATH];
data/mm-1.4.2/mm.h:308:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mc_fnsem[MM_MAXPATH];
data/mm-1.4.2/mm_alloc.c:381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vp, ptr, mc->mc_usize);
data/mm-1.4.2/mm_alloc.c:428:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vp, str, n+1);
data/mm-1.4.2/mm_core.c:133:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(mc->mc_fnsem, O_WRONLY, MM_CORE_FILEMODE);
data/mm-1.4.2/mm_core.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shmfilename[MM_MAXPATH];
data/mm-1.4.2/mm_core.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char semfilename[MM_MAXPATH];
data/mm-1.4.2/mm_core.c:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MM_MAXPATH];
data/mm-1.4.2/mm_core.c:272:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdmem = open("/dev/zero", O_RDWR, MM_CORE_FILEMODE)) == -1)
data/mm-1.4.2/mm_core.c:286:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdmem = open(fnmem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1)
data/mm-1.4.2/mm_core.c:315:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdsem = open(fnsem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1)
data/mm-1.4.2/mm_core.c:325:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdsem = open(fnsem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1)
data/mm-1.4.2/mm_core.c:380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mc->mc_fnmem, fnmem, MM_MAXPATH);
data/mm-1.4.2/mm_core.c:383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mc->mc_fnsem, fnsem, MM_MAXPATH);
data/mm-1.4.2/mm_core.c:500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnmem[MM_MAXPATH];
data/mm-1.4.2/mm_core.c:503:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnsem[MM_MAXPATH];
data/mm-1.4.2/mm_core.c:523:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnmem, mc->mc_fnmem, MM_MAXPATH);
data/mm-1.4.2/mm_core.c:526:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnsem, mc->mc_fnsem, MM_MAXPATH);
data/mm-1.4.2/mm_lib.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mm_lib_error[MM_LIB_ERROR_MAXLEN+1] = { NUL };
data/mm-1.4.2/mm_lib.c:68:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mm_lib_error, "mm:alloc: ");
data/mm-1.4.2/mm_lib.c:70:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mm_lib_error, "mm:core: ");
data/mm-1.4.2/mm_lib.c:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mm_lib_error+l, str, n+1);
data/mm-1.4.2/mm_lib.c:79:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mm_lib_error+l, " (");
data/mm-1.4.2/mm_lib.c:86:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mm_lib_error+l, cp, n+1);
data/mm-1.4.2/mm_test.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp[1025];
data/mm-1.4.2/mm_alloc.c:425:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(str);
data/mm-1.4.2/mm_lib.c:71:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(mm_lib_error);
data/mm-1.4.2/mm_lib.c:72:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(str);
data/mm-1.4.2/mm_lib.c:83:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cp);
data/mm-1.4.2/mm_lib.c:89:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mm_lib_error+l, ")");
ANALYSIS SUMMARY:
Hits = 40
Lines analyzed = 2128 in approximately 0.07 seconds (30544 lines/second)
Physical Source Lines of Code (SLOC) = 1484
Hits@level = [0] 54 [1] 5 [2] 28 [3] 0 [4] 3 [5] 4
Hits@level+ = [0+] 94 [1+] 40 [2+] 35 [3+] 7 [4+] 7 [5+] 4
Hits/KSLOC@level+ = [0+] 63.3423 [1+] 26.9542 [2+] 23.5849 [3+] 4.71698 [4+] 4.71698 [5+] 2.69542
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.