Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/remote-tty-4.0/bitypes.h
Examining data/remote-tty-4.0/connutil.c
Examining data/remote-tty-4.0/locbrok.c
Examining data/remote-tty-4.0/locbrok.h
Examining data/remote-tty-4.0/misc.c
Examining data/remote-tty-4.0/misc.h
Examining data/remote-tty-4.0/rtty.h
Examining data/remote-tty-4.0/ttyprot.c
Examining data/remote-tty-4.0/ttyprot.h
Examining data/remote-tty-4.0/rtty.c
Examining data/remote-tty-4.0/ttysrv.c
FINAL RESULTS:
data/remote-tty-4.0/locbrok.c:254:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(db->name, name);
data/remote-tty-4.0/rtty.c:101:16: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
if (!(Login = getlogin())) {
data/remote-tty-4.0/rtty.c:142:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(WhoAmI, "%s@%s", Login, TtyName);
data/remote-tty-4.0/rtty.c:151:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(n.sun_path, ServSpec);
data/remote-tty-4.0/rtty.c:317:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, RESTRICTED_HELP_STR);
data/remote-tty-4.0/rtty.c:318:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, UNRESTRICTED_HELP_STR);
data/remote-tty-4.0/rtty.c:491:37: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char passwd[TP_MAXVAR], s[3], *c, *crypt();
data/remote-tty-4.0/rtty.c:588:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
c = crypt(passwd, s);
data/remote-tty-4.0/rtty.h:29:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define USAGE(x) { fprintf x;\
data/remote-tty-4.0/rtty.h:40:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define dprintf if (Debug) fprintf
data/remote-tty-4.0/ttysrv.c:245:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(n.sun_path, LServSpec);
data/remote-tty-4.0/ttysrv.c:608:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ParityBuf, (char *)T.c);
data/remote-tty-4.0/ttysrv.c:658:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(data, "%s [%s] (idle %d sec%s)",
data/remote-tty-4.0/ttysrv.c:733:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(data, "%s - no such user", T.c);
data/remote-tty-4.0/ttysrv.c:786:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s disconnected\07", WhosOn[fd]->who);
data/remote-tty-4.0/ttysrv.c:978:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, ap);
data/remote-tty-4.0/locbrok.c:82:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "s:x:")) != EOF) {
data/remote-tty-4.0/rtty.c:114:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "s:x:l:7r")) != EOF) {
data/remote-tty-4.0/ttysrv.c:146:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "o:s:r:t:l:b:p:w:x:i:")) != EOF) {
data/remote-tty-4.0/connutil.c:93:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(port = htons(atoi(service)))) {
data/remote-tty-4.0/connutil.c:133:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(*hp, (caddr_t)&n.sin_addr.s_addr, h->h_length);
data/remote-tty-4.0/locbrok.c:88:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Debug = atoi(optarg);
data/remote-tty-4.0/locbrok.c:95:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (isnumber(Service) && (Port = atoi(Service))) {
data/remote-tty-4.0/locbrok.h:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lb_name[LB_MAXNAMELEN];
data/remote-tty-4.0/rtty.c:121:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Debug = atoi(optarg);
data/remote-tty-4.0/rtty.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/remote-tty-4.0/rtty.c:187:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", lb.lb_port);
data/remote-tty-4.0/rtty.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/remote-tty-4.0/rtty.c:394:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(new = atoi(buf))) {
data/remote-tty-4.0/rtty.c:421:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(new = atoi(buf))) {
data/remote-tty-4.0/rtty.c:475:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Log = open(LogSpec, O_CREAT|O_APPEND|O_WRONLY, 0640);
data/remote-tty-4.0/rtty.c:491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[TP_MAXVAR], s[3], *c, *crypt();
data/remote-tty-4.0/ttysrv.c:110:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Hostname[MAXHOSTNAMELEN];
data/remote-tty-4.0/ttysrv.c:172:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Baud = atoi(optarg);
data/remote-tty-4.0/ttysrv.c:178:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Wordsize = atoi(optarg);
data/remote-tty-4.0/ttysrv.c:182:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Debug = atoi(optarg);
data/remote-tty-4.0/ttysrv.c:196:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (0 > (Tty = open(TtySpec, O_NONBLOCK|O_RDWR))) {
data/remote-tty-4.0/ttysrv.c:300:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(PidFile, "w");
data/remote-tty-4.0/ttysrv.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[3];
data/remote-tty-4.0/ttysrv.c:652:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[TP_MAXVAR];
data/remote-tty-4.0/ttysrv.c:673:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TP_MAXVAR];
data/remote-tty-4.0/ttysrv.c:675:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%-*.*s connected\07", i, i, T.c);
data/remote-tty-4.0/ttysrv.c:696:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TP_MAXVAR];
data/remote-tty-4.0/ttysrv.c:731:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[TP_MAXVAR];
data/remote-tty-4.0/ttysrv.c:759:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[TP_MAXVAR];
data/remote-tty-4.0/ttysrv.c:761:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(data, "login incorrect");
data/remote-tty-4.0/ttysrv.c:784:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TP_MAXVAR];
data/remote-tty-4.0/ttysrv.c:793:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *) WhosOn[fd]);
data/remote-tty-4.0/ttysrv.c:915:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[TP_MAXVAR];
data/remote-tty-4.0/ttysrv.c:917:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(data, "authorization needed");
data/remote-tty-4.0/ttysrv.c:925:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[TP_MAXVAR];
data/remote-tty-4.0/ttysrv.c:927:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(data, "authorized");
data/remote-tty-4.0/ttysrv.c:949:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(LogF = fopen(LogSpec, "a+"))) {
data/remote-tty-4.0/locbrok.c:179:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (0 >= read(fd, &lb, sizeof lb)) {
data/remote-tty-4.0/locbrok.c:196:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lb.lb_nlen = min(strlen(db->name), LB_MAXNAMELEN);
data/remote-tty-4.0/locbrok.c:197:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lb.lb_name, db->name, lb.lb_nlen);
data/remote-tty-4.0/locbrok.c:253:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db->name = safe_malloc(strlen(name)+1);
data/remote-tty-4.0/rtty.c:174:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = min(LB_MAXNAMELEN, strlen(ServSpec));
data/remote-tty-4.0/rtty.c:176:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lb.lb_name, ServSpec, len);
data/remote-tty-4.0/rtty.c:178:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT(read(loc, &lb, sizeof lb)==sizeof lb, "read lb");
data/remote-tty-4.0/rtty.c:205:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_sendctl(Serv, TP_WHOSON, strlen(WhoAmI), (u_char*)WhoAmI);
data/remote-tty-4.0/rtty.c:251:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(fd, buf, 1)) == 1) {
data/remote-tty-4.0/rtty.c:363:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (read(fd, buf, 1)) {
data/remote-tty-4.0/rtty.c:391:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1] == '\n') {
data/remote-tty-4.0/rtty.c:392:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/remote-tty-4.0/rtty.c:407:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1] == '\n') {
data/remote-tty-4.0/rtty.c:408:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/remote-tty-4.0/rtty.c:410:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_sendctl(Serv, TP_PARITY, strlen(buf),
data/remote-tty-4.0/rtty.c:472:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (LogSpec[strlen(LogSpec) - 1] == '\n')
data/remote-tty-4.0/rtty.c:473:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LogSpec[strlen(LogSpec)-1] = '\0';
data/remote-tty-4.0/rtty.c:495:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (0 >= (nchars = read(fd, &T, TP_FIXED))) {
data/remote-tty-4.0/rtty.c:508:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (i != (nchars = read(fd, T.c, i))) {
data/remote-tty-4.0/rtty.c:547:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (i != (nchars = read(fd, T.c, i))) {
data/remote-tty-4.0/rtty.c:565:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_sendctl(Serv, TP_LOGIN, strlen(Login), (u_char*)Login);
data/remote-tty-4.0/rtty.c:578:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (1 != read(Tty, c, 1))
data/remote-tty-4.0/rtty.c:589:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_sendctl(Serv, TP_PASSWD, strlen(c), (u_char*)c);
data/remote-tty-4.0/ttyprot.c:78:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = c ?min(strlen((char *)c), TP_MAXVAR) :0;
data/remote-tty-4.0/ttyprot.c:107:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nchars = read(fd, tp->c, len)) != len) {
data/remote-tty-4.0/ttysrv.c:282:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = min(LB_MAXNAMELEN, strlen(RServSpec));
data/remote-tty-4.0/ttysrv.c:289:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lb.lb_name, RServSpec, len);
data/remote-tty-4.0/ttysrv.c:385:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x = read(fd, buf+nchars, TP_MAXVAR-nchars);
data/remote-tty-4.0/ttysrv.c:509:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (TP_FIXED != (nchars = read(fd, &T, TP_FIXED))) {
data/remote-tty-4.0/ttysrv.c:602:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Parity), (u_char *)Parity);
data/remote-tty-4.0/ttysrv.c:662:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_senddata(fd, (u_char *)data, strlen(data),
data/remote-tty-4.0/ttysrv.c:676:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
broadcast((u_char *)buf, strlen(buf), TP_NOTICE);
data/remote-tty-4.0/ttysrv.c:717:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_senddata(fd, (u_char*)Version, strlen(Version), TP_NOTICE);
data/remote-tty-4.0/ttysrv.c:734:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_senddata(fd, (u_char*)data, strlen(data),
data/remote-tty-4.0/ttysrv.c:755:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, WhosOn[fd]->auth, 2);
data/remote-tty-4.0/ttysrv.c:765:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_senddata(fd, (u_char*)data, strlen(data),
data/remote-tty-4.0/ttysrv.c:787:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
broadcast((u_char*)buf, strlen(buf), TP_NOTICE);
data/remote-tty-4.0/ttysrv.c:918:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_senddata(fd, (u_char*)data, strlen(data), TP_NOTICE);
data/remote-tty-4.0/ttysrv.c:928:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_senddata(fd, (u_char*)data, strlen(data), TP_NOTICE);
ANALYSIS SUMMARY:
Hits = 92
Lines analyzed = 2586 in approximately 0.08 seconds (33169 lines/second)
Physical Source Lines of Code (SLOC) = 2089
Hits@level = [0] 52 [1] 39 [2] 34 [3] 3 [4] 16 [5] 0
Hits@level+ = [0+] 144 [1+] 92 [2+] 53 [3+] 19 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 68.9325 [1+] 44.0402 [2+] 25.371 [3+] 9.09526 [4+] 7.65917 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.