stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pykcs11-1.5.9/resource.h
Examining data/pykcs11-1.5.9/src/ck_attribute_smart.cpp
Examining data/pykcs11-1.5.9/src/ck_attribute_smart.h
Examining data/pykcs11-1.5.9/src/dyn_generic.h
Examining data/pykcs11-1.5.9/src/dyn_unix.c
Examining data/pykcs11-1.5.9/src/dyn_win32.c
Examining data/pykcs11-1.5.9/src/opensc/pkcs11.h
Examining data/pykcs11-1.5.9/src/pkcs11lib.cpp
Examining data/pykcs11-1.5.9/src/pkcs11lib.h
Examining data/pykcs11-1.5.9/src/pykcs11.cpp
Examining data/pykcs11-1.5.9/src/pykcs11.h
Examining data/pykcs11-1.5.9/src/pykcs11string.cpp
Examining data/pykcs11-1.5.9/src/pykcs11string.h
Examining data/pykcs11-1.5.9/src/stdafx.cpp
Examining data/pykcs11-1.5.9/src/stdafx.h
Examining data/pykcs11-1.5.9/src/utility.cpp
Examining data/pykcs11-1.5.9/src/utility.h

FINAL RESULTS:

data/pykcs11-1.5.9/src/dyn_win32.c:51:15:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	*pvLHandle = LoadLibrary(pcLibrary);
data/pykcs11-1.5.9/src/dyn_unix.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_function_name[256];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:202:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char manufacturer_id[32];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:204:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char library_description[32];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:219:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char slot_description[64];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:220:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char manufacturer_id[32];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:235:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char label[32];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:236:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char manufacturer_id[32];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:237:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char model[16];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:238:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char serial_number[16];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:252:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char utc_time[16];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:472:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char year[4];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:473:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char month[2];
data/pykcs11-1.5.9/src/opensc/pkcs11.h:474:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char day[2];
data/pykcs11-1.5.9/src/ck_attribute_smart.cpp:185:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (szValue && strlen(szValue))
data/pykcs11-1.5.9/src/ck_attribute_smart.cpp:188:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t iLen = strlen(szValue);

ANALYSIS SUMMARY:

Hits = 16
Lines analyzed = 3650 in approximately 0.09 seconds (41012 lines/second)
Physical Source Lines of Code (SLOC) = 2760
Hits@level = [0]   4 [1]   2 [2]  13 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  20 [1+]  16 [2+]  14 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 7.24638 [1+] 5.7971 [2+] 5.07246 [3+] 0.362319 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.