Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/safecat-1.13/alloc.c
Examining data/safecat-1.13/alloc.h
Examining data/safecat-1.13/alloc_re.c
Examining data/safecat-1.13/auto-str.c
Examining data/safecat-1.13/auto_home.h
Examining data/safecat-1.13/buffer.h
Examining data/safecat-1.13/byte.h
Examining data/safecat-1.13/byte_chr.c
Examining data/safecat-1.13/byte_copy.c
Examining data/safecat-1.13/byte_cr.c
Examining data/safecat-1.13/byte_diff.c
Examining data/safecat-1.13/byte_zero.c
Examining data/safecat-1.13/env.h
Examining data/safecat-1.13/envread.c
Examining data/safecat-1.13/error.c
Examining data/safecat-1.13/error_str.c
Examining data/safecat-1.13/exit.h
Examining data/safecat-1.13/fmt.h
Examining data/safecat-1.13/fmt_uint64.c
Examining data/safecat-1.13/gen_alloc.h
Examining data/safecat-1.13/gen_allocdefs.h
Examining data/safecat-1.13/getln.c
Examining data/safecat-1.13/getln.h
Examining data/safecat-1.13/getln2.c
Examining data/safecat-1.13/hier.c
Examining data/safecat-1.13/hostname.c
Examining data/safecat-1.13/hostname.h
Examining data/safecat-1.13/install.c
Examining data/safecat-1.13/instcheck.c
Examining data/safecat-1.13/open.h
Examining data/safecat-1.13/open_append.c
Examining data/safecat-1.13/open_read.c
Examining data/safecat-1.13/open_trunc.c
Examining data/safecat-1.13/readwrite.h
Examining data/safecat-1.13/sig.c
Examining data/safecat-1.13/sig.h
Examining data/safecat-1.13/stat_dir.c
Examining data/safecat-1.13/stat_dir.h
Examining data/safecat-1.13/str.h
Examining data/safecat-1.13/str_diffn.c
Examining data/safecat-1.13/str_len.c
Examining data/safecat-1.13/stralloc.h
Examining data/safecat-1.13/stralloc_arts.c
Examining data/safecat-1.13/stralloc_cat.c
Examining data/safecat-1.13/stralloc_catb.c
Examining data/safecat-1.13/stralloc_cats.c
Examining data/safecat-1.13/stralloc_copy.c
Examining data/safecat-1.13/stralloc_eady.c
Examining data/safecat-1.13/stralloc_num.c
Examining data/safecat-1.13/stralloc_opyb.c
Examining data/safecat-1.13/stralloc_opys.c
Examining data/safecat-1.13/stralloc_pend.c
Examining data/safecat-1.13/strcat_alloc.c
Examining data/safecat-1.13/strcat_alloc.h
Examining data/safecat-1.13/strerr.h
Examining data/safecat-1.13/strerr_die.c
Examining data/safecat-1.13/strerr_sys.c
Examining data/safecat-1.13/subfd.h
Examining data/safecat-1.13/subfderr.c
Examining data/safecat-1.13/subfdin.c
Examining data/safecat-1.13/subfdins.c
Examining data/safecat-1.13/subfdout.c
Examining data/safecat-1.13/subfdouts.c
Examining data/safecat-1.13/substdi.c
Examining data/safecat-1.13/substdio.c
Examining data/safecat-1.13/substdio.h
Examining data/safecat-1.13/substdio_copy.c
Examining data/safecat-1.13/substdo.c
Examining data/safecat-1.13/tai.h
Examining data/safecat-1.13/taia.h
Examining data/safecat-1.13/taia_fmtfrac.c
Examining data/safecat-1.13/taia_now.c
Examining data/safecat-1.13/taia_tai.c
Examining data/safecat-1.13/tempfile.c
Examining data/safecat-1.13/tempfile.h
Examining data/safecat-1.13/trycpp.c
Examining data/safecat-1.13/tryerrno.c
Examining data/safecat-1.13/trysgact.c
Examining data/safecat-1.13/tryulong32.c
Examining data/safecat-1.13/tryulong64.c
Examining data/safecat-1.13/writefile.h
Examining data/safecat-1.13/error.h
Examining data/safecat-1.13/safecat.c
Examining data/safecat-1.13/writefile.c
FINAL RESULTS:
data/safecat-1.13/install.c:23:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(home,uid,gid) == -1)
data/safecat-1.13/install.c:25:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(home,mode) == -1)
data/safecat-1.13/install.c:41:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(subdir,uid,gid) == -1)
data/safecat-1.13/install.c:43:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(subdir,mode) == -1)
data/safecat-1.13/install.c:96:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(file,uid,gid) == -1)
data/safecat-1.13/install.c:98:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(file,mode) == -1)
data/safecat-1.13/install.c:134:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(file,uid,gid) == -1)
data/safecat-1.13/install.c:136:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(file,mode) == -1)
data/safecat-1.13/strcat_alloc.c:24:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(retval,filename);
data/safecat-1.13/alloc.c:9:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { char irrelevant[ALIGNMENT]; double d; } aligned;
data/safecat-1.13/auto-str.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[256];
data/safecat-1.13/auto-str.c:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char octal[4];
data/safecat-1.13/install.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[SUBSTDIO_INSIZE];
data/safecat-1.13/install.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[SUBSTDIO_OUTSIZE];
data/safecat-1.13/open_append.c:6:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY | O_APPEND | O_CREAT,0600); }
data/safecat-1.13/open_read.c:6:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_RDONLY | O_NDELAY); }
data/safecat-1.13/open_trunc.c:6:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY | O_TRUNC | O_CREAT,0644); }
data/safecat-1.13/safecat.c:98:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = open(tmppath.s,O_WRONLY | O_EXCL | O_CREAT | O_LARGEFILE,0666);
data/safecat-1.13/strcat_alloc.c:17:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retval,path,strlen(path));
data/safecat-1.13/subfderr.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subfd_errbuf[256];
data/safecat-1.13/subfdin.c:11:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subfd_inbuf[SUBSTDIO_INSIZE];
data/safecat-1.13/subfdins.c:11:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subfd_inbufsmall[256];
data/safecat-1.13/subfdout.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subfd_outbuf[SUBSTDIO_OUTSIZE];
data/safecat-1.13/subfdouts.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subfd_outbufsmall[256];
data/safecat-1.13/tempfile.c:16:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[256];
data/safecat-1.13/tempfile.c:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secbuf[11];
data/safecat-1.13/tempfile.c:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atto[TAIA_FMTFRAC];
data/safecat-1.13/tempfile.c:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidbuf[6];
data/safecat-1.13/writefile.c:15:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[512];
data/safecat-1.13/writefile.c:16:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[512];
data/safecat-1.13/install.c:69:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
substdio_fdbuf(&ssin,read,fdin,inbuf,sizeof inbuf);
data/safecat-1.13/install.c:146:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077);
data/safecat-1.13/readwrite.h:4:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern int read();
data/safecat-1.13/strcat_alloc.c:10:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *retval = (char *)malloc(strlen(path) + strlen(filename) + 2);
data/safecat-1.13/strcat_alloc.c:10:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *retval = (char *)malloc(strlen(path) + strlen(filename) + 2);
data/safecat-1.13/strcat_alloc.c:17:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(retval,path,strlen(path));
data/safecat-1.13/strcat_alloc.c:18:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(retval[strlen(path)] != '/') {
data/safecat-1.13/strcat_alloc.c:19:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval[strlen(path)] = '/';
data/safecat-1.13/strcat_alloc.c:20:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval[strlen(path) + 1] = '\0';
data/safecat-1.13/subfdin.c:8:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd,buf,len);
data/safecat-1.13/subfdins.c:8:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd,buf,len);
data/safecat-1.13/writefile.c:23:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
substdio_fdbuf(&ssin,read,0,inbuf,sizeof(inbuf));
ANALYSIS SUMMARY:
Hits = 42
Lines analyzed = 2321 in approximately 0.10 seconds (22448 lines/second)
Physical Source Lines of Code (SLOC) = 1932
Hits@level = [0] 3 [1] 12 [2] 21 [3] 0 [4] 1 [5] 8
Hits@level+ = [0+] 45 [1+] 42 [2+] 30 [3+] 9 [4+] 9 [5+] 8
Hits/KSLOC@level+ = [0+] 23.2919 [1+] 21.7391 [2+] 15.528 [3+] 4.65839 [4+] 4.65839 [5+] 4.14079
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.