Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/rlinetd-0.9.1/port/port.h Examining data/rlinetd-0.9.1/port/lstat.c Examining data/rlinetd-0.9.1/port/malloc.c Examining data/rlinetd-0.9.1/port/memcmp.c Examining data/rlinetd-0.9.1/port/realloc.c Examining data/rlinetd-0.9.1/port/snprintf.c Examining data/rlinetd-0.9.1/port/stat.c Examining data/rlinetd-0.9.1/port/strdup.c Examining data/rlinetd-0.9.1/port/vsnprintf.c Examining data/rlinetd-0.9.1/src/assemble.h Examining data/rlinetd-0.9.1/src/buffer.h Examining data/rlinetd-0.9.1/src/bytecode.h Examining data/rlinetd-0.9.1/src/data.h Examining data/rlinetd-0.9.1/src/db.h Examining data/rlinetd-0.9.1/src/engine.h Examining data/rlinetd-0.9.1/src/error.h Examining data/rlinetd-0.9.1/src/grammar.h Examining data/rlinetd-0.9.1/src/lex.h Examining data/rlinetd-0.9.1/src/libdb.h Examining data/rlinetd-0.9.1/src/parse.h Examining data/rlinetd-0.9.1/src/rlinetd.h Examining data/rlinetd-0.9.1/src/signals.h Examining data/rlinetd-0.9.1/src/stack.h Examining data/rlinetd-0.9.1/src/strings.h Examining data/rlinetd-0.9.1/src/util.h Examining data/rlinetd-0.9.1/src/gettext.h Examining data/rlinetd-0.9.1/src/grammar.c Examining data/rlinetd-0.9.1/src/lex.c Examining data/rlinetd-0.9.1/src/assemble.c Examining data/rlinetd-0.9.1/src/cleanups.c Examining data/rlinetd-0.9.1/src/data.c Examining data/rlinetd-0.9.1/src/libdb.c Examining data/rlinetd-0.9.1/src/util.c Examining data/rlinetd-0.9.1/src/bytecode.c Examining data/rlinetd-0.9.1/src/connect.c Examining data/rlinetd-0.9.1/src/db.c Examining data/rlinetd-0.9.1/src/engine.c Examining data/rlinetd-0.9.1/src/main.c Examining data/rlinetd-0.9.1/src/stack.c Examining data/rlinetd-0.9.1/src/strings.c Examining data/rlinetd-0.9.1/src/signals.c Examining data/rlinetd-0.9.1/src/buffer.c Examining data/rlinetd-0.9.1/src/error.c FINAL RESULTS: data/rlinetd-0.9.1/port/port.h:12:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf(char *, size_t, const char *, ...); data/rlinetd-0.9.1/port/port.h:16:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int vsnprintf(char *, size_t, const char *, va_list); data/rlinetd-0.9.1/port/snprintf.c:7:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf(char *buf, size_t size, const char *format, ...) { data/rlinetd-0.9.1/port/snprintf.c:11:9: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. return vsprintf(buf, format, argp); data/rlinetd-0.9.1/port/strdup.c:14:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, str); data/rlinetd-0.9.1/port/vsnprintf.c:7:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int vsnprintf(char *buf, size_t size, const char *format, va_list ap) { data/rlinetd-0.9.1/port/vsnprintf.c:8:9: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. return vsprintf(buf, format, ap); data/rlinetd-0.9.1/src/bytecode.c:101:8: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(execv(str, argv->argv)) { data/rlinetd-0.9.1/src/bytecode.c:461:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf + strlen (buf), "%s%d", i ? ", " : "", *(op + i + 1)); data/rlinetd-0.9.1/src/db.c:87:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, #tab " get %d, %d\n", i, num##tab); \ data/rlinetd-0.9.1/src/db.c:88:32: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (i < 0 || i >= num##tab) { fprintf(stderr, #tab ", %d >= %d\n", i, num##tab); return 0; } \ data/rlinetd-0.9.1/src/db.c:89:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else if (print) fprintf(stderr, #tab "[%d] = %s\n", i, tab[i]); \ data/rlinetd-0.9.1/src/error.c:78:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message + cur_len, max_len, fmt, argp); data/rlinetd-0.9.1/src/grammar.c:1000:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/rlinetd-0.9.1/src/grammar.c:3699:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(file, dir); data/rlinetd-0.9.1/src/grammar.c:3701:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(file, de->d_name); data/rlinetd-0.9.1/src/bytecode.c:137:8: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if(chroot(argv->str)) data/rlinetd-0.9.1/src/main.c:68:6: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt_long data/rlinetd-0.9.1/src/main.c:70:6: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt data/rlinetd-0.9.1/src/assemble.c:169:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp->elems, a->elems, sizeof(rl_opcode_t) * a->len); data/rlinetd-0.9.1/src/assemble.c:317:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o->bytes, opm->bytes, sizeof(rl_opcode_t)*opm->len); data/rlinetd-0.9.1/src/assemble.c:320:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (opm->fixup) memcpy(o->fixup, opm->fixup, sizeof(opmeta_fixup_ptr)*opm->len); data/rlinetd-0.9.1/src/bytecode.c:214:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_ip[100]; data/rlinetd-0.9.1/src/bytecode.c:455:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/rlinetd-0.9.1/src/data.c:110:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*to, from, sizeof(**to)); data/rlinetd-0.9.1/src/error.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1024]; data/rlinetd-0.9.1/src/gettext.h:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_ctxt_id[msgctxt_len + msgid_len]; data/rlinetd-0.9.1/src/gettext.h:203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/rlinetd-0.9.1/src/gettext.h:211:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); data/rlinetd-0.9.1/src/gettext.h:213:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); data/rlinetd-0.9.1/src/gettext.h:247:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_ctxt_id[msgctxt_len + msgid_len]; data/rlinetd-0.9.1/src/gettext.h:249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/rlinetd-0.9.1/src/gettext.h:257:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); data/rlinetd-0.9.1/src/gettext.h:259:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); data/rlinetd-0.9.1/src/grammar.c:1246:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/rlinetd-0.9.1/src/grammar.c:1433:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/rlinetd-0.9.1/src/grammar.c:1673:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((logcur->index = open(logcur->path, O_CREAT|O_APPEND|O_WRONLY, logcur->mode)) < 0) { data/rlinetd-0.9.1/src/grammar.c:2528:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/rlinetd-0.9.1/src/grammar.c:3029:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((yyin = fopen(files[curfile], "r"))) { data/rlinetd-0.9.1/src/grammar.c:3487:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, from, sizeof(*to)); data/rlinetd-0.9.1/src/grammar.c:3504:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to->filter, from->filter, from->filterlen); data/rlinetd-0.9.1/src/grammar.c:3578:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(yyin = fopen(rl_config, "r"))) { data/rlinetd-0.9.1/src/grammar.c:3668:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[128]; data/rlinetd-0.9.1/src/lex.c:1407:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(yylval.cp, yytext + 1, yyleng - 2); data/rlinetd-0.9.1/src/libdb.c:382:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufs[idx].addr, buf, len); data/rlinetd-0.9.1/src/libdb.c:426:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to->ops_list, from->ops_list, len); data/rlinetd-0.9.1/src/libdb.c:493:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fdsets + numfdsets - 1, fds, sizeof(*fds)); data/rlinetd-0.9.1/src/signals.c:88:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->inst->rusage, &rusage, sizeof(rusage)); data/rlinetd-0.9.1/src/strings.c:96:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(l->arg, "<unknown>"); data/rlinetd-0.9.1/src/strings.c:116:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(l->arg, "<unknown>"); data/rlinetd-0.9.1/src/strings.c:233:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l->arg, &tt, sizeof(tt)); /* ugh */ data/rlinetd-0.9.1/src/util.c:18:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fd = open(path, O_RDONLY)) < 0) { data/rlinetd-0.9.1/port/strdup.c:11:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(str) + 1); data/rlinetd-0.9.1/src/buffer.c:14:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). err = read(sock, buf, len); data/rlinetd-0.9.1/src/bytecode.c:461:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (buf + strlen (buf), "%s%d", i ? ", " : "", *(op + i + 1)); data/rlinetd-0.9.1/src/error.c:74:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur_len = strlen(message); data/rlinetd-0.9.1/src/gettext.h:197:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msgctxt_len = strlen (msgctxt) + 1; data/rlinetd-0.9.1/src/gettext.h:198:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msgid_len = strlen (msgid) + 1; data/rlinetd-0.9.1/src/gettext.h:243:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msgctxt_len = strlen (msgctxt) + 1; data/rlinetd-0.9.1/src/gettext.h:244:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msgid_len = strlen (msgid) + 1; data/rlinetd-0.9.1/src/grammar.c:100:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define NAMLEN(dirent) strlen((dirent)->d_name) data/rlinetd-0.9.1/src/grammar.c:1146:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/rlinetd-0.9.1/src/grammar.c:3695:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file = malloc(strlen(dir) + NAMLEN(de) + 2); data/rlinetd-0.9.1/src/grammar.c:3700:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(file, "/"); data/rlinetd-0.9.1/src/grammar.c:3735:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cb = buftab_addbuf(b, strlen(b)); data/rlinetd-0.9.1/src/lex.c:899:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/rlinetd-0.9.1/src/lex.c:2172:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes(yystr,(int) strlen(yystr) ); data/rlinetd-0.9.1/src/libdb.c:58:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(arg); data/rlinetd-0.9.1/src/libdb.c:64:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loglist_append(idx, LOG_TEXT, start, strlen(start)); data/rlinetd-0.9.1/src/libdb.c:75:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loglist_append(idx, LOG_TEXT, start, strlen(start)); data/rlinetd-0.9.1/src/libdb.c:82:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loglist_append(idx, LOG_TEXT, start, strlen(start)); data/rlinetd-0.9.1/src/libdb.c:114:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(argvs[idx].ents[i].arg, arg, len); data/rlinetd-0.9.1/src/libdb.c:207:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(arg); data/rlinetd-0.9.1/src/libdb.c:214:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loglist_append(idx, LOG_TEXT, start, strlen(start)); data/rlinetd-0.9.1/src/libdb.c:224:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loglist_append(idx, LOG_TEXT, start, strlen(start)); data/rlinetd-0.9.1/src/libdb.c:232:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loglist_append(idx, LOG_TEXT, start, strlen(start)); data/rlinetd-0.9.1/src/libdb.c:247:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). loglist_append(idx, LOG_TEXT, start, strlen(start)); data/rlinetd-0.9.1/src/strings.c:44:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(a->str, a->ents[i].arg, a->ents[i].len); data/rlinetd-0.9.1/src/strings.c:97:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l->len = strlen(l->arg); data/rlinetd-0.9.1/src/strings.c:110:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(l->arg, inet_ntoa(((struct sockaddr_in *)inst->sin)->sin_addr), 80); data/rlinetd-0.9.1/src/strings.c:112:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l->len = strlen(l->arg); data/rlinetd-0.9.1/src/strings.c:117:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l->len = strlen(l->arg); data/rlinetd-0.9.1/src/util.c:30:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read(fd, tmp, st.st_size) < 0) { ANALYSIS SUMMARY: Hits = 83 Lines analyzed = 10202 in approximately 0.27 seconds (37904 lines/second) Physical Source Lines of Code (SLOC) = 8072 Hits@level = [0] 46 [1] 31 [2] 33 [3] 3 [4] 16 [5] 0 Hits@level+ = [0+] 129 [1+] 83 [2+] 52 [3+] 19 [4+] 16 [5+] 0 Hits/KSLOC@level+ = [0+] 15.9812 [1+] 10.2825 [2+] 6.44202 [3+] 2.35382 [4+] 1.98216 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.