Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ngetty-1.1/check_first.c
Examining data/ngetty-1.1/cleanutmp.c
Examining data/ngetty-1.1/const_io.c
Examining data/ngetty-1.1/dumputmp.c
Examining data/ngetty-1.1/fmt_nmb_.c
Examining data/ngetty-1.1/fmt_number.h
Examining data/ngetty-1.1/fmt_str_.c
Examining data/ngetty-1.1/fmt_time.c
Examining data/ngetty-1.1/fmt_ulong.c
Examining data/ngetty-1.1/fmt_utmp_ip.c
Examining data/ngetty-1.1/fmt_xlong.c
Examining data/ngetty-1.1/fork_and_exec.c
Examining data/ngetty-1.1/get_uptime.c
Examining data/ngetty-1.1/lib.h
Examining data/ngetty-1.1/ngetty-argv.c
Examining data/ngetty-1.1/ngetty.c
Examining data/ngetty-1.1/nv_gmtime.c
Examining data/ngetty-1.1/nwho.c
Examining data/ngetty-1.1/opts_make.c
Examining data/ngetty-1.1/out_put.c
Examining data/ngetty-1.1/sortpfd.h
Examining data/ngetty-1.1/splitmem.c
Examining data/ngetty-1.1/str_add.c
Examining data/ngetty-1.1/str_copy.c
Examining data/ngetty-1.1/str_copynz.c
Examining data/ngetty-1.1/str_diffn.c
Examining data/ngetty-1.1/str_len.c
Examining data/ngetty-1.1/test-helper.c
Examining data/ngetty-1.1/tryboottime.c
Examining data/ngetty-1.1/trysysinfo.c
Examining data/ngetty-1.1/tryvhangup.c
Examining data/ngetty-1.1/tzmap.c
Examining data/ngetty-1.1/utmp_do.c
Examining data/ngetty-1.1/utmp_io.c
Examining data/ngetty-1.1/utmp_struct.h
Examining data/ngetty-1.1/utmp_users.c
Examining data/ngetty-1.1/x_atoi.c
Examining data/ngetty-1.1/sig_action.h
Examining data/ngetty-1.1/ngetty-helper.c
FINAL RESULTS:
data/ngetty-1.1/ngetty.c:127:11: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(m,0,0))
data/ngetty-1.1/ngetty.c:137:3: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(path, 0, 0);
data/ngetty-1.1/ngetty.c:138:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(path, 0600);
data/ngetty-1.1/ngetty-helper.c:51:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define Out_MAX(X) x=X; len=sizeof(X); goto system
data/ngetty-1.1/ngetty-helper.c:69:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system:
data/ngetty-1.1/ngetty-argv.c:104:19: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
case 'r': if (chroot(s)) { e(s, ": chroot error"); return 100; } break;
data/ngetty-1.1/ngetty-helper.c:309:25: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if ((s=o[Ochroot])) chroot(s);
data/ngetty-1.1/check_first.c:39:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((k=open(lock, O_WRONLY|O_CREAT|O_TRUNC, 0644)) < 0 || close(k))
data/ngetty-1.1/cleanutmp.c:47:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(Utmp_File,O_RDWR)) <0 &&
data/ngetty-1.1/cleanutmp.c:48:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open(Utmp_File,O_RDONLY)) <0)
data/ngetty-1.1/cleanutmp.c:64:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wfd=open(Wtmp_File, O_WRONLY|O_APPEND);
data/ngetty-1.1/dumputmp.c:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ngetty-1.1/dumputmp.c:22:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_RDONLY);
data/ngetty-1.1/fmt_time.c:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16], *m;
data/ngetty-1.1/fmt_utmp_ip.c:5:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int fmt_utmp_ip(char *buf, const char ip[16]) /*EXTRACT_INCL*/{
data/ngetty-1.1/fmt_utmp_ip.c:5:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int fmt_utmp_ip(char *buf, const char ip[16]) /*EXTRACT_INCL*/{
data/ngetty-1.1/fork_and_exec.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *qq[4] = { "/bin/sh", "-c", line, 0 };
data/ngetty-1.1/ngetty-argv.c:124:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(flagpid, O_RDWR | O_TRUNC | O_CREAT, 0644);
data/ngetty-1.1/ngetty-argv.c:126:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3*sizeof(unsigned long)];
data/ngetty-1.1/ngetty-helper.c:33:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c0, c1, *x = (unsigned char *)o[Oprint];
data/ngetty-1.1/ngetty-helper.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ubuf[8 + 3*sizeof(unsigned long)], *x = ubuf;
data/ngetty-1.1/ngetty-helper.c:129:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (s[0] && (fd=open(s, O_RDONLY)) >= 0) {
data/ngetty-1.1/ngetty-helper.c:229:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(NGETTY_HOME "/Conf", O_RDONLY)) >=0) {
data/ngetty-1.1/ngetty.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[23]; /* expanded ttyname; /dev/ttyX or /dev/vc/X */
data/ngetty-1.1/ngetty.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *arg[4] = { helper, a1, login, 0 };
data/ngetty-1.1/ngetty.c:143:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR | O_NOCTTY);
data/ngetty-1.1/nwho.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ngetty-1.1/nwho.c:61:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(p, O_RDONLY);
data/ngetty-1.1/opts_make.c:7:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *p = buf;
data/ngetty-1.1/opts_make.c:8:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opt_len[512];
data/ngetty-1.1/out_put.c:4:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf_space[256];
data/ngetty-1.1/test-helper.c:17:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (0 != open(argv[2], O_RDWR | O_NOCTTY)) _exit(111);
data/ngetty-1.1/tzmap.c:54:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(tzfile,O_RDONLY);
data/ngetty-1.1/tzmap.c:74:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd=open("/etc/localtime",O_RDONLY))>=0) {
data/ngetty-1.1/utmp_do.c:64:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd=open(Utmp_File, O_RDWR);
data/ngetty-1.1/utmp_do.c:93:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(Wtmp_File, O_WRONLY|O_APPEND);
data/ngetty-1.1/utmp_users.c:12:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(Utmp_File, O_RDONLY);
data/ngetty-1.1/lib.h:26:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(s=alloca(len+plus))==0 || const_io((int(*)())read,fd,s,len)
data/ngetty-1.1/ngetty-helper.c:147:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(0,c,1)<1) {
data/ngetty-1.1/ngetty.c:274:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(0, pi, sizeof pi);
data/ngetty-1.1/tzmap.c:60:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (const_io((int(*)())read,fd,T,L))
data/ngetty-1.1/utmp_io.c:18:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = const_io((type==F_WRLCK) ? (int(*)())write : (int(*)())read,
ANALYSIS SUMMARY:
Hits = 42
Lines analyzed = 1955 in approximately 0.07 seconds (29051 lines/second)
Physical Source Lines of Code (SLOC) = 1588
Hits@level = [0] 0 [1] 5 [2] 30 [3] 2 [4] 2 [5] 3
Hits@level+ = [0+] 42 [1+] 42 [2+] 37 [3+] 7 [4+] 5 [5+] 3
Hits/KSLOC@level+ = [0+] 26.4484 [1+] 26.4484 [2+] 23.2997 [3+] 4.40806 [4+] 3.14861 [5+] 1.88917
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.