Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/p910nd-0.97/p910nd.c FINAL RESULTS: data/p910nd-0.97/p910nd.c:225:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, msg, argp); data/p910nd-0.97/p910nd.c:239:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void)snprintf(lpname, sizeof(lpname), PRINTERFILE, lpnumber); data/p910nd-0.97/p910nd.c:256:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void)snprintf(lockname, sizeof(lockname), LOCKFILE, lpnumber); data/p910nd-0.97/p910nd.c:561:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void)snprintf(pidfilename, sizeof(pidfilename), PIDFILE, lpnumber); data/p910nd-0.97/p910nd.c:691:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "bdi:f:v")) != EOF) { data/p910nd-0.97/p910nd.c:162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFFER_SIZE]; /* Buffered data goes here. */ data/p910nd-0.97/p910nd.c:234:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lpname[sizeof(PRINTERFILE)]; data/p910nd-0.97/p910nd.c:243:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((lp = open(device, bidir ? (O_RDWR|O_NONBLOCK) : O_WRONLY)) == -1) { data/p910nd-0.97/p910nd.c:253:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockname[sizeof(LOCKFILE)]; data/p910nd-0.97/p910nd.c:257:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((lockfd = open(lockname, O_CREAT | O_RDWR, 0666)) < 0) { data/p910nd-0.97/p910nd.c:503:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[INET6_ADDRSTRLEN]; data/p910nd-0.97/p910nd.c:527:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidfilename[sizeof(PIDFILE)]; data/p910nd-0.97/p910nd.c:528:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service[sizeof(BASEPORT+lpnumber-'0')+1]; data/p910nd-0.97/p910nd.c:558:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/null", O_RDWR); /* stdin */ data/p910nd-0.97/p910nd.c:562:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(pidfilename, "w")) == NULL) { data/p910nd-0.97/p910nd.c:632:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[INET6_ADDRSTRLEN]; data/p910nd-0.97/p910nd.c:186:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(s, "Unknown AF", maxlen); data/p910nd-0.97/p910nd.c:325:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = read(b->infd, b->buffer + b->endidx, avail); data/p910nd-0.97/p910nd.c:557:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void)umask(022); data/p910nd-0.97/p910nd.c:718:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(argv[0]) > 1) { ANALYSIS SUMMARY: Hits = 20 Lines analyzed = 741 in approximately 0.03 seconds (24253 lines/second) Physical Source Lines of Code (SLOC) = 541 Hits@level = [0] 7 [1] 4 [2] 11 [3] 1 [4] 4 [5] 0 Hits@level+ = [0+] 27 [1+] 20 [2+] 16 [3+] 5 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 49.9076 [1+] 36.9686 [2+] 29.5749 [3+] 9.24214 [4+] 7.39372 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.