Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nwrite-1.9.2/acconfig.h
Examining data/nwrite-1.9.2/nwrite.c
FINAL RESULTS:
data/nwrite-1.9.2/nwrite.c:729:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(bufptr, utmp_entry.ut_name, UT_NAMESIZE);
data/nwrite-1.9.2/nwrite.c:731:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(bufptr, utmp_entry.ut_line, UT_LINESIZE);
data/nwrite-1.9.2/nwrite.c:322:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mytty, myttyname + 1);
data/nwrite-1.9.2/nwrite.c:325:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mytty, buf);
data/nwrite-1.9.2/nwrite.c:370:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s%s", option, pref_str);
data/nwrite-1.9.2/nwrite.c:381:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scratch_buf, pref_str);
data/nwrite-1.9.2/nwrite.c:398:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scratch_buf, pref_str);
data/nwrite-1.9.2/nwrite.c:407:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefTarget->preftty, pref_str);
data/nwrite-1.9.2/nwrite.c:548:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(usr->info.local->ttys->name, TTY_DIR);
data/nwrite-1.9.2/nwrite.c:549:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(usr->info.local->ttys->name, argv[optind]);
data/nwrite-1.9.2/nwrite.c:557:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(usr->info.local->ttys->name, argv[optind]);
data/nwrite-1.9.2/nwrite.c:600:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_tty->name, TTY_PREFIX2);
data/nwrite-1.9.2/nwrite.c:603:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_tty->name, ttyptr);
data/nwrite-1.9.2/nwrite.c:678:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_tty->name, TTY_DIR);
data/nwrite-1.9.2/nwrite.c:992:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(tty->file, BOLD_START "EOF");
data/nwrite-1.9.2/nwrite.c:998:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(tty->file, BOLD_END "\n");
data/nwrite-1.9.2/nwrite.c:1081:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temptr, bold_start);
data/nwrite-1.9.2/nwrite.c:1088:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temptr, bold_end);
data/nwrite-1.9.2/nwrite.c:1106:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output, input);
data/nwrite-1.9.2/nwrite.c:1121:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(char *str, size_t n, char const *fmt, ...)
data/nwrite-1.9.2/nwrite.c:1124:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(str, n, fmt, va_alist)
data/nwrite-1.9.2/nwrite.c:1139:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
result = vsprintf(str, fmt, ap);
data/nwrite-1.9.2/nwrite.c:460:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "ai:D")) != -1)
data/nwrite-1.9.2/nwrite.c:462:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "i:D")) != -1)
data/nwrite-1.9.2/nwrite.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preftty[TTYNAMESZ];
data/nwrite-1.9.2/nwrite.c:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [TTYNAMESZ]; /* name of this tty */
data/nwrite-1.9.2/nwrite.c:228:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mytty[TTYNAMESZ];
data/nwrite-1.9.2/nwrite.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/nwrite-1.9.2/nwrite.c:334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefsFileName[PATH_MAX];
data/nwrite-1.9.2/nwrite.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/nwrite-1.9.2/nwrite.c:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[BUFSIZE];
data/nwrite-1.9.2/nwrite.c:350:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref_str[BUFSIZE];
data/nwrite-1.9.2/nwrite.c:351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch_buf[BUFSIZE];
data/nwrite-1.9.2/nwrite.c:359:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
prefs = fopen(prefsFileName, "r");
data/nwrite-1.9.2/nwrite.c:373:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(pref_str);
data/nwrite-1.9.2/nwrite.c:391:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prefTarget->bold = atoi(scratch_buf);
data/nwrite-1.9.2/nwrite.c:426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/nwrite-1.9.2/nwrite.c:467:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idle_limit = atoi(optarg)*60;
data/nwrite-1.9.2/nwrite.c:623:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((utmpd = fopen(UTMP_FILE, "r")) == NULL) {
data/nwrite-1.9.2/nwrite.c:716:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tty_fd = open(the_tty->name, TTY_FLAGS);
data/nwrite-1.9.2/nwrite.c:724:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "nwrite: could not open ");
data/nwrite-1.9.2/nwrite.c:727:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bufptr, ", ");
data/nwrite-1.9.2/nwrite.c:870:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[BUFSIZE + BUFSIZE];
data/nwrite-1.9.2/nwrite.c:1021:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timebuf[32] = "";
data/nwrite-1.9.2/nwrite.c:317:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, myttyname, TTYNAMESZ);
data/nwrite-1.9.2/nwrite.c:390:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(scratch_buf) == 1) /* backwards compat */
data/nwrite-1.9.2/nwrite.c:594:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tty->name, TTY_DIR, sizeof(new_tty->name));
data/nwrite-1.9.2/nwrite.c:679:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(the_tty->name, utmp_entry.ut_line,
data/nwrite-1.9.2/nwrite.c:730:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bufptr, ".");
data/nwrite-1.9.2/nwrite.c:733:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/nwrite-1.9.2/nwrite.c:1038:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(timebuf, ttime + 11, 8);
data/nwrite-1.9.2/nwrite.c:1072:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempsize = sizeof(BOLD_START) + sizeof(BOLD_END) + 3 + strlen(myname);
data/nwrite-1.9.2/nwrite.c:1103:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *output = malloc(strlen(input) + 1);
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 1231 in approximately 0.04 seconds (27379 lines/second)
Physical Source Lines of Code (SLOC) = 927
Hits@level = [0] 53 [1] 9 [2] 20 [3] 2 [4] 20 [5] 2
Hits@level+ = [0+] 106 [1+] 53 [2+] 44 [3+] 24 [4+] 22 [5+] 2
Hits/KSLOC@level+ = [0+] 114.347 [1+] 57.1737 [2+] 47.4649 [3+] 25.89 [4+] 23.7325 [5+] 2.1575
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.