stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/portreserve-0.0.4/src/portreserve.c

FINAL RESULTS:

data/portreserve-0.0.4/src/portreserve.c:94:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (addr.sun_path, UNIX_SOCKET);
data/portreserve-0.0.4/src/portreserve.c:222:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (addr.sun_path, UNIX_SOCKET);
data/portreserve-0.0.4/src/portreserve.c:251:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cfgfile, dir);
data/portreserve-0.0.4/src/portreserve.c:260:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (cfgf, d->d_name);
data/portreserve-0.0.4/src/portreserve.c:123:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *f = fopen (file, "r");
data/portreserve-0.0.4/src/portreserve.c:128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char service[100];
data/portreserve-0.0.4/src/portreserve.c:129:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *protocols[2] = { "tcp", "udp" };
data/portreserve-0.0.4/src/portreserve.c:280:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char service[100];
data/portreserve-0.0.4/src/portreserve.c:342:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((pid_fd = open(pidfile, O_RDWR | O_CREAT | O_EXCL, mode)) == -1)
data/portreserve-0.0.4/src/portreserve.c:354:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                if ((pid_fd = open(pidfile, O_RDWR)) == -1)
data/portreserve-0.0.4/src/portreserve.c:369:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pid[32];
data/portreserve-0.0.4/src/portreserve.c:98:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	send (s, service, strlen (service), 0);
data/portreserve-0.0.4/src/portreserve.c:244:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *cfgfile = malloc (strlen (dir) + NAME_MAX + 1);
data/portreserve-0.0.4/src/portreserve.c:245:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *cfgf = cfgfile + strlen (dir);
data/portreserve-0.0.4/src/portreserve.c:378:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (write(fd, pid, strlen(pid)) != strlen(pid)) {
data/portreserve-0.0.4/src/portreserve.c:378:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (write(fd, pid, strlen(pid)) != strlen(pid)) {

ANALYSIS SUMMARY:

Hits = 16
Lines analyzed = 445 in approximately 0.03 seconds (14660 lines/second)
Physical Source Lines of Code (SLOC) = 341
Hits@level = [0]   7 [1]   5 [2]   7 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+]  23 [1+]  16 [2+]  11 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 67.4487 [1+] 46.9208 [2+] 32.2581 [3+] 11.7302 [4+] 11.7302 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.