Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/simpleproxy-3.5/cfg.c Examining data/simpleproxy-3.5/cfg.h Examining data/simpleproxy-3.5/simpleproxy.c FINAL RESULTS: data/simpleproxy-3.5/simpleproxy.c:328:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(HTTPSBasicAuthString,PROXY_HEADER_FMT,HTTPSAuthHash); data/simpleproxy-3.5/simpleproxy.c:1164:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "CONNECT %s:%i HTTP/1.0\nUser-agent: %s%s\r\n\r\n", data/simpleproxy-3.5/simpleproxy.c:1245:19: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void)vsnprintf(buffer, MBUFSIZ, format, ap); data/simpleproxy-3.5/simpleproxy.c:1251:19: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void)vsprintf(buffer, format, ap); data/simpleproxy-3.5/simpleproxy.c:1262:20: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) vfprintf(stderr, format, ap); data/simpleproxy-3.5/simpleproxy.c:194:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(ac, av, "iVv7dhuL:R:H:f:p:P:D:S:s:a:A:t:")) != -1) data/simpleproxy-3.5/cfg.c:70:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((f=fopen(name,"wb"))==NULL) data/simpleproxy-3.5/cfg.c:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[MAXTOKENLEN]; data/simpleproxy-3.5/cfg.c:133:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((f=fopen(name,"rb"))==NULL) data/simpleproxy-3.5/cfg.c:298:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cfg->dict,last,sizeof(struct Dict *)*cfg->nelements); data/simpleproxy-3.5/cfg.c:350:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[80]; data/simpleproxy-3.5/cfg.c:351:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"%lu",v); data/simpleproxy-3.5/cfg.c:363:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[80]; data/simpleproxy-3.5/cfg.c:364:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"%0*lu",w, v); data/simpleproxy-3.5/simpleproxy.c:191:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hbuf[NI_MAXHOST]; data/simpleproxy-3.5/simpleproxy.c:289:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Delay = atol(optarg); data/simpleproxy-3.5/simpleproxy.c:534:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (void) open("/", O_RDONLY); data/simpleproxy-3.5/simpleproxy.c:596:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&res , he->h_addr , he->h_length); data/simpleproxy-3.5/simpleproxy.c:674:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result,s,n); data/simpleproxy-3.5/simpleproxy.c:707:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[MBUFSIZ]; data/simpleproxy-3.5/simpleproxy.c:860:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(tmp): data/simpleproxy-3.5/simpleproxy.c:871:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((f=fopen(filename,"w"))==nil) data/simpleproxy-3.5/simpleproxy.c:889:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2048]; data/simpleproxy-3.5/simpleproxy.c:893:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((f=fopen(popfile,"r"))==nil) data/simpleproxy-3.5/simpleproxy.c:996:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[MBUFSIZ]; data/simpleproxy-3.5/simpleproxy.c:1159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[MBUFSIZ]; data/simpleproxy-3.5/simpleproxy.c:1242:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MBUFSIZ]; data/simpleproxy-3.5/simpleproxy.c:1337:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dtable[64]; data/simpleproxy-3.5/simpleproxy.c:1358:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char igroup[3]; data/simpleproxy-3.5/simpleproxy.c:1399:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer_name[NI_MAXHOST+16]; /* 16 bytes from column and port number */ data/simpleproxy-3.5/simpleproxy.c:1400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trace_header[256]; data/simpleproxy-3.5/simpleproxy.c:1406:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int tfd = open(Tracefile, O_CREAT | O_WRONLY| O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH); data/simpleproxy-3.5/simpleproxy.c:1418:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hbuf[NI_MAXHOST]; data/simpleproxy-3.5/simpleproxy.c:1431:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(peer_name, "unknown source"); data/simpleproxy-3.5/cfg.c:140:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c=fgetc(f))!=EOF) data/simpleproxy-3.5/simpleproxy.c:327:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HTTPSBasicAuthString = malloc(strlen(HTTPSAuthHash) + strlen(PROXY_HEADER_FMT)); data/simpleproxy-3.5/simpleproxy.c:327:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HTTPSBasicAuthString = malloc(strlen(HTTPSAuthHash) + strlen(PROXY_HEADER_FMT)); data/simpleproxy-3.5/simpleproxy.c:530:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0); data/simpleproxy-3.5/simpleproxy.c:639:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(uri); data/simpleproxy-3.5/simpleproxy.c:650:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len < (slen = strlen(*pp))) continue; data/simpleproxy-3.5/simpleproxy.c:655:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len < (slen = strlen(*pp))) continue; data/simpleproxy-3.5/simpleproxy.c:661:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (pos = len; pos > (slen = strlen(*pp)); pos = strrindex(uri,'/',pos)) { data/simpleproxy-3.5/simpleproxy.c:733:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int authlen=strlen(PROXY_HEADER)+strlen(http_authhash); data/simpleproxy-3.5/simpleproxy.c:733:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int authlen=strlen(PROXY_HEADER)+strlen(http_authhash); data/simpleproxy-3.5/simpleproxy.c:735:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(match+strlen(PROXY_HEADER),http_authhash,strlen(http_authhash))==0 && data/simpleproxy-3.5/simpleproxy.c:735:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(match+strlen(PROXY_HEADER),http_authhash,strlen(http_authhash))==0 && data/simpleproxy-3.5/simpleproxy.c:949:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(fd, buf, siz); data/simpleproxy-3.5/simpleproxy.c:1005:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writen(user, SIMPLEPROXY_VERSION, strlen(SIMPLEPROXY_VERSION)); data/simpleproxy-3.5/simpleproxy.c:1020:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writen(user,errmsg2,strlen(errmsg2)); /* Send error to client */ data/simpleproxy-3.5/simpleproxy.c:1031:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writen(user,errmsg1,strlen(errmsg1)); /* Send error to client */ data/simpleproxy-3.5/simpleproxy.c:1040:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writen(user,errmsg0,strlen(errmsg0)); /* Send error to client */ data/simpleproxy-3.5/simpleproxy.c:1045:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writen(server,buff,strlen(buff)); data/simpleproxy-3.5/simpleproxy.c:1051:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writen(user,buff,strlen(buff)); data/simpleproxy-3.5/simpleproxy.c:1068:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writen(user,errmsg3,strlen(errmsg3)); /* Send error to client */ data/simpleproxy-3.5/simpleproxy.c:1073:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writen(server,buff,strlen(buff)); data/simpleproxy-3.5/simpleproxy.c:1078:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writen(user,buff,strlen(buff)); /* forward server response to client */ data/simpleproxy-3.5/simpleproxy.c:1166:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(buff); data/simpleproxy-3.5/simpleproxy.c:1353:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cryptext = malloc(strlen(plaintext)*2); ANALYSIS SUMMARY: Hits = 58 Lines analyzed = 1866 in approximately 0.06 seconds (33598 lines/second) Physical Source Lines of Code (SLOC) = 1417 Hits@level = [0] 15 [1] 24 [2] 28 [3] 1 [4] 5 [5] 0 Hits@level+ = [0+] 73 [1+] 58 [2+] 34 [3+] 6 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 51.5173 [1+] 40.9315 [2+] 23.9944 [3+] 4.2343 [4+] 3.52858 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.