Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/st-1.9/examples/lookupdns.c
Examining data/st-1.9/examples/error.c
Examining data/st-1.9/examples/proxy.c
Examining data/st-1.9/examples/res.c
Examining data/st-1.9/examples/server.c
Examining data/st-1.9/extensions/dnscache.c
Examining data/st-1.9/extensions/common.h
Examining data/st-1.9/extensions/lrucache.c
Examining data/st-1.9/extensions/dnsres.c
Examining data/st-1.9/extensions/stx.h
Examining data/st-1.9/extensions/stx_fileio.c
Examining data/st-1.9/extensions/stx_fileio.h
Examining data/st-1.9/extensions/testdns.c
Examining data/st-1.9/event.c
Examining data/st-1.9/io.c
Examining data/st-1.9/key.c
Examining data/st-1.9/public.h
Examining data/st-1.9/common.h
Examining data/st-1.9/sched.c
Examining data/st-1.9/stk.c
Examining data/st-1.9/sync.c
Examining data/st-1.9/md.h
FINAL RESULTS:
data/st-1.9/examples/error.c:140:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "[%02d/%s/%d:%02d:%02d:%02d] ", tmp->tm_mday,
data/st-1.9/examples/error.c:159:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, err_tstamp()); /* prepend a message with time stamp */
data/st-1.9/examples/error.c:160:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf + strlen(buf), fmt, ap);
data/st-1.9/examples/error.c:162:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf + strlen(buf), ": %s\n", strerror(errno_save));
data/st-1.9/examples/proxy.c:233:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host, str);
data/st-1.9/examples/server.c:907:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len += sprintf(buf + len, "\nListening Socket #%d:\n"
data/st-1.9/extensions/testdns.c:86:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%s", str) != 1)
data/st-1.9/examples/proxy.c:91:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "l:r:p:Saht:X")) != EOF) {
data/st-1.9/examples/server.c:298:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "b:p:l:t:u:q:aiSh")) != EOF) {
data/st-1.9/stk.c:97:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long offset = (random() % extra) & ~0xf;
data/st-1.9/stk.c:170:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((unsigned int) st_utime());
data/st-1.9/event.c:521:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pollfds, pq->pds, sizeof(struct pollfd) * pq->npds);
data/st-1.9/event.c:548:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pq->pds, pollfds, sizeof(struct pollfd) * pq->npds);
data/st-1.9/event.c:723:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_st_kq_data->addlist + _st_kq_data->addlist_cnt, kev,
data/st-1.9/event.c:747:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_st_kq_data->dellist + _st_kq_data->dellist_cnt, kev,
data/st-1.9/examples/error.c:131:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[32];
data/st-1.9/examples/error.c:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLINE];
data/st-1.9/examples/proxy.c:109:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_procs = atoi(optarg);
data/st-1.9/examples/proxy.c:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[128], *p;
data/st-1.9/examples/proxy.c:239:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = (unsigned short) atoi(p);
data/st-1.9/examples/proxy.c:259:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
data/st-1.9/examples/proxy.c:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IOBUFSIZE];
data/st-1.9/examples/proxy.c:389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IOBUFSIZE];
data/st-1.9/examples/res.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPACKET];
data/st-1.9/examples/res.c:123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, cp, n);
data/st-1.9/examples/res.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXDNAME], **domain;
data/st-1.9/examples/server.c:309:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vp_count = atoi(optarg);
data/st-1.9/examples/server.c:319:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_threads = atoi(c);
data/st-1.9/examples/server.c:327:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listenq_size = atoi(optarg);
data/st-1.9/examples/server.c:455:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = (unsigned short) atoi(c);
data/st-1.9/examples/server.c:477:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&serv_addr.sin_addr, hp->h_addr, hp->h_length);
data/st-1.9/examples/server.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/st-1.9/examples/server.c:535:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(PID_FILE, O_CREAT | O_WRONLY | O_TRUNC, 0644)) < 0)
data/st-1.9/examples/server.c:537:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d\n", (int)getpid());
data/st-1.9/examples/server.c:543:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(ERRORS_FILE, O_CREAT | O_WRONLY | O_APPEND, 0644)) < 0)
data/st-1.9/examples/server.c:669:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((errfd = open(ERRORS_FILE, O_CREAT | O_WRONLY | O_APPEND, 0644)) < 0)
data/st-1.9/examples/server.c:766:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((errfd = open(ERRORS_FILE, O_CREAT | O_WRONLY | O_APPEND, 0644)) < 0)
data/st-1.9/examples/server.c:905:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(buf, "\n\nProcess #%d (pid %d):\n", my_index, (int)my_pid);
data/st-1.9/examples/server.c:935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/st-1.9/extensions/dnscache.c:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrs, data->addrs, n * sizeof(*addrs));
data/st-1.9/extensions/dnscache.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->addrs, addrs, n);
data/st-1.9/extensions/dnscache.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[128];
data/st-1.9/extensions/dnscache.c:149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrs, addr_list, n * sizeof(*addrs));
data/st-1.9/extensions/dnsres.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPACKET];
data/st-1.9/extensions/dnsres.c:120:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addrs[i++], cp, n);
data/st-1.9/extensions/dnsres.c:215:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXDNAME], **domain;
data/st-1.9/extensions/stx_fileio.c:90:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FILEREADER_MAX_READ];
data/st-1.9/extensions/testdns.c:22:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("%-40s %s\n", (char *)host, inet_ntoa(addrs[0]));
data/st-1.9/extensions/testdns.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/st-1.9/extensions/testdns.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[sizeof(line)];
data/st-1.9/io.c:613:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp_iov[0].iov_base = &(((char *)iov[index].iov_base)[n]);
data/st-1.9/io.c:764:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((osfd = open(path, oflags | O_NONBLOCK, mode)) < 0) {
data/st-1.9/md.h:212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(_sp) - MD_STACK_PAD_SIZE, \
data/st-1.9/md.h:316:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(_bsp) - MD_STACK_PAD_SIZE, \
data/st-1.9/sched.c:641:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread->context, save_jb, sizeof(jmp_buf));
data/st-1.9/sched.c:648:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread->context, save_jb, sizeof(jmp_buf));
data/st-1.9/sched.c:668:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save_jb, thread->context, sizeof(jmp_buf));
data/st-1.9/stk.c:132:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((zero_fd = open("/dev/zero", O_RDWR, 0)) < 0)
data/st-1.9/examples/error.c:160:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsprintf(buf + strlen(buf), fmt, ap);
data/st-1.9/examples/error.c:162:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), ": %s\n", strerror(errno_save));
data/st-1.9/examples/error.c:164:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/st-1.9/examples/error.c:165:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, buf, strlen(buf));
data/st-1.9/examples/proxy.c:488:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(022);
data/st-1.9/examples/res.c:283:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name + n, *domain, maxlen - n);
data/st-1.9/examples/server.c:394:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(022);
data/st-1.9/examples/server.c:538:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, str, strlen(str)) != strlen(str))
data/st-1.9/examples/server.c:538:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, str, strlen(str)) != strlen(str))
data/st-1.9/extensions/dnscache.c:109:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry = stx_cache_entry_create(key, data, strlen(host) + 1 +
data/st-1.9/extensions/dnsres.c:283:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name + n, *domain, maxlen - n);
data/st-1.9/extensions/stx_fileio.c:94:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (sizeof(cb) == read(control_pipe[0], &cb, sizeof(cb))) {
data/st-1.9/extensions/stx_fileio.c:103:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nb = read(fd, buf, cb.nbytes);
data/st-1.9/io.c:437:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(fd->osfd, buf, nbyte)) < 0) {
data/st-1.9/io.c:492:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd->osfd, (*iov)->iov_base, (*iov)->iov_len);
ANALYSIS SUMMARY:
Hits = 73
Lines analyzed = 8359 in approximately 0.23 seconds (36558 lines/second)
Physical Source Lines of Code (SLOC) = 5581
Hits@level = [0] 47 [1] 15 [2] 47 [3] 4 [4] 7 [5] 0
Hits@level+ = [0+] 120 [1+] 73 [2+] 58 [3+] 11 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 21.5015 [1+] 13.0801 [2+] 10.3924 [3+] 1.97097 [4+] 1.25426 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.