Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/netpipes-4.2/memmove.c
Examining data/netpipes-4.2/memmove.h
Examining data/netpipes-4.2/sockdown.c
Examining data/netpipes-4.2/version.c
Examining data/netpipes-4.2/common.c
Examining data/netpipes-4.2/common.h
Examining data/netpipes-4.2/encapsulate.c
Examining data/netpipes-4.2/faucet.c
Examining data/netpipes-4.2/getpeername.c
Examining data/netpipes-4.2/hose.c
Examining data/netpipes-4.2/timelimit.c
FINAL RESULTS:
data/netpipes-4.2/encapsulate.c:1408:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(*cmd, cmd);
data/netpipes-4.2/faucet.c:691:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd[0], cmd);
data/netpipes-4.2/hose.c:730:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd[0], cmd);
data/netpipes-4.2/timelimit.c:161:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[2], argv+2);
data/netpipes-4.2/common.c:187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rval[i], ai->ai_addr, ai->ai_addrlen);
data/netpipes-4.2/common.c:210:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)rval[i], hp->h_addr_list[i], hp->h_length);
data/netpipes-4.2/common.c:255:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[INET6_ADDRSTRLEN];
data/netpipes-4.2/common.c:271:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ebuf[40]; /* overflow this, baby */
data/netpipes-4.2/common.c:276:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ebuf, "Unknown error: %i\n", num);
data/netpipes-4.2/encapsulate.c:426:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sp->buf, size);
data/netpipes-4.2/encapsulate.c:431:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sp->buf, sp->len);
data/netpipes-4.2/encapsulate.c:920:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
remote_return_code = (unsigned char )buf[1];
data/netpipes-4.2/encapsulate.c:1073:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char incoming_buf[BUF_SIZE]; /* read from socket, will write to child */
data/netpipes-4.2/encapsulate.c:1074:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outgoing_buf[BUF_SIZE]; /* read from child, will packetize into : */
data/netpipes-4.2/encapsulate.c:1075:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outgoing2_buf[BUF_SIZE+8]; /* packet buf, will write to socket */
data/netpipes-4.2/encapsulate.c:1091:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_buf[8];
data/netpipes-4.2/encapsulate.c:1220:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outgoing2_buf + 8, outgoing_buf, outgoing_len);
data/netpipes-4.2/encapsulate.c:1523:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sockfd = atoi(argv[1]);
data/netpipes-4.2/faucet.c:345:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi(arg+2);
data/netpipes-4.2/faucet.c:347:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi(argv[++i]);
data/netpipes-4.2/faucet.c:432:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
backlog = atoi(argv[++i]);
data/netpipes-4.2/faucet.c:553:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfp = fopen(pidfilename, "w");
data/netpipes-4.2/faucet.c:586:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int rval = open("/dev/tty", O_RDWR);
data/netpipes-4.2/getpeername.c:80:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi(argv[i++]);
data/netpipes-4.2/getpeername.c:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[INET6_ADDRSTRLEN];
data/netpipes-4.2/getpeername.c:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[NI_MAXHOST];
data/netpipes-4.2/hose.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&inet_addr, addresses[j], sizeof(struct sockaddr_storage));
data/netpipes-4.2/hose.c:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tosockbuf[BSIZE], fromsockbuf[BSIZE];
data/netpipes-4.2/hose.c:455:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi(arg+2);
data/netpipes-4.2/hose.c:457:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi(argv[++i]);
data/netpipes-4.2/hose.c:531:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry=atoi(argv[++i]);
data/netpipes-4.2/hose.c:537:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay=atoi(argv[++i]);
data/netpipes-4.2/sockdown.c:60:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi(argv[1]);
data/netpipes-4.2/sockdown.c:71:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
how = atoi(argv[2]);
data/netpipes-4.2/common.c:364:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(srv.sun_path, name, sizeof(srv.sun_path));
data/netpipes-4.2/encapsulate.c:579:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rval = read(pl->pipe[0], buf+*buf_len, buf_size - *buf_len);
data/netpipes-4.2/encapsulate.c:701:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rval = read(fd, buf+*buf_len, desired_read);
data/netpipes-4.2/faucet.c:693:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(duped_stderr,s,strlen(s));
data/netpipes-4.2/getpeername.c:61:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0==strcmp(progname + strlen(progname) - 11, "getsockname") &&
data/netpipes-4.2/getpeername.c:62:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(progname)<12 || progname[strlen(progname)-12] == '/'))
data/netpipes-4.2/getpeername.c:62:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(progname)<12 || progname[strlen(progname)-12] == '/'))
data/netpipes-4.2/getpeername.c:69:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0==strncmp(name, "verbose", strlen(name))) {
data/netpipes-4.2/getpeername.c:71:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (0==strncmp(name, "sock", strlen(name))) {
data/netpipes-4.2/getpeername.c:73:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (0==strncmp(name, "peer", strlen(name))) {
data/netpipes-4.2/hose.c:119:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( unix_addr.sun_path, portname, sizeof(unix_addr.sun_path));
data/netpipes-4.2/hose.c:324:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tosocklen = read(0, tosockbuf, BSIZE);
data/netpipes-4.2/hose.c:336:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fromsocklen = read(sock, fromsockbuf, BSIZE);
data/netpipes-4.2/hose.c:669:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (1==read(jampipe[0], &ch, 1))
data/netpipes-4.2/hose.c:733:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(sparefd,s,strlen(s));
data/netpipes-4.2/hose.c:734:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(sparefd,cmd[0],strlen(cmd[0]));
data/netpipes-4.2/sockdown.c:51:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
0==strncmp(argv[1], "-verbose", strlen(argv[1]))) {
data/netpipes-4.2/sockdown.c:64:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0==strncmp("readonly", argv[2], strlen(argv[2]))) {
data/netpipes-4.2/sockdown.c:66:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (0==strncmp("writeonly", argv[2], strlen(argv[2]))) {
data/netpipes-4.2/sockdown.c:68:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (0==strncmp("totally", argv[2], strlen(argv[2]))) {
data/netpipes-4.2/timelimit.c:122:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch = ch + strlen(ch)-1;
ANALYSIS SUMMARY:
Hits = 55
Lines analyzed = 4337 in approximately 0.14 seconds (31308 lines/second)
Physical Source Lines of Code (SLOC) = 3347
Hits@level = [0] 187 [1] 21 [2] 30 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 242 [1+] 55 [2+] 34 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 72.3036 [1+] 16.4326 [2+] 10.1584 [3+] 1.1951 [4+] 1.1951 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.