Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.h Examining data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.h Examining data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c Examining data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c Examining data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.h Examining data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.h Examining data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c Examining data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c FINAL RESULTS: data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:1214:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(error_msg, stomp->error); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:1216:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(error_msg, stomp->error_details); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:168:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(stomp->error_details, STOMP_BUFSIZE, fmt, ap); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.h:90:117: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void stomp_set_error(stomp_t *stomp, const char *error, int errnum, const char *fmt, ...) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 4, 0); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c:1185:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(error_msg, stomp->error); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c:1187:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(error_msg, stomp->error_details); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:160:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(stomp->error_details, STOMP_BUFSIZE, fmt, ap); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.h:90:117: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void stomp_set_error(stomp_t *stomp, const char *error, int errnum, const char *fmt, ...) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 4, 0); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:1215:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(error_msg, "\n\n"); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error[1024]; data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:211:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stomp->host, host, strlen(host)); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:432:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, stomp->read_buffer.buf, recv_size); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:435:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, stomp->read_buffer.buf, length); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:442:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, stomp->read_buffer.pos, length); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:448:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, stomp->read_buffer.pos, stomp->read_buffer.size); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:503:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + length, stomp->read_buffer.pos, i); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:530:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endline[1]; data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:657:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endbuffer[2]; data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:659:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). f->body_length = atoi(length_str); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.h:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STOMP_BUFSIZE]; data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c:376:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stomp_obj_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c:1186:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(error_msg, "\n\n"); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error[1024]; data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:202:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stomp->host, host, strlen(host)); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:412:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, stomp->read_buffer.buf, recv_size); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:415:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, stomp->read_buffer.buf, length); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:422:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, stomp->read_buffer.pos, length); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:428:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, stomp->read_buffer.pos, stomp->read_buffer.size); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:483:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + length, stomp->read_buffer.pos, i); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:510:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endline[1]; data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:638:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endbuffer[2]; data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:640:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). f->body_length = atoi(Z_STRVAL_P(length_str)); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.h:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STOMP_BUFSIZE]; data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:66:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zend_hash_add(h, string_key, strlen(string_key)+1, Z_STRVAL_PP(value), Z_STRLEN_PP(value)+1, NULL); \ data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:494:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). url_parts = php_url_parse_ex(broker, strlen(broker)); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:540:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). username_len = strlen(username); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:544:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). password_len = strlen(password); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:1083:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). INIT_FRAME_L(frame, cmd, strlen(cmd)); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:1213:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *error_msg = (char *) emalloc(strlen(stomp->error) + strlen(stomp->error_details) + 10); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/php_stomp.c:1213:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *error_msg = (char *) emalloc(strlen(stomp->error) + strlen(stomp->error_details) + 10); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:210:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stomp->host = (char *) emalloc(strlen(host) + 1); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:211:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(stomp->host, host, strlen(host)); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:212:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stomp->host[strlen(host)] = '\0'; data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:351:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). smart_str_appendl(&buf, frame->body, frame->body_length > 0 ? frame->body_length : strlen(frame->body)); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:649:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zend_hash_add(f->headers, key, strlen(key) + 1, value, strlen(value) + 1, NULL); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:649:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zend_hash_add(f->headers, key, strlen(key) + 1, value, strlen(value) + 1, NULL); data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:698:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(receipt) == strlen(receipt_id) data/php-stomp-2.0.2+1.0.9/stomp-1.0.9/stomp.c:698:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(receipt) == strlen(receipt_id) data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c:477:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zend_string_init(STOMP_G(default_broker), strlen(STOMP_G(default_broker)), 0) : NULL; data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c:530:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). username = zend_string_init(STOMP_G(default_username), strlen(STOMP_G(default_username)), 0); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c:536:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). password = zend_string_init(STOMP_G(default_password), strlen(STOMP_G(default_password)), 0); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c:1184:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *error_msg = (char *) emalloc(strlen(stomp->error) + strlen(stomp->error_details) + 10); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/php_stomp.c:1184:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *error_msg = (char *) emalloc(strlen(stomp->error) + strlen(stomp->error_details) + 10); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:201:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stomp->host = (char *) emalloc(strlen(host) + 1); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:202:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(stomp->host, host, strlen(host)); data/php-stomp-2.0.2+1.0.9/stomp-2.0.2/stomp.c:203:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stomp->host[strlen(host)] = '\0'; ANALYSIS SUMMARY: Hits = 56 Lines analyzed = 4537 in approximately 0.11 seconds (41300 lines/second) Physical Source Lines of Code (SLOC) = 3350 Hits@level = [0] 8 [1] 23 [2] 25 [3] 0 [4] 8 [5] 0 Hits@level+ = [0+] 64 [1+] 56 [2+] 33 [3+] 8 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 19.1045 [1+] 16.7164 [2+] 9.85075 [3+] 2.38806 [4+] 2.38806 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.