Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/syncmaildir-1.3.0/mddiff.c Examining data/syncmaildir-1.3.0/smd-applet.c FINAL RESULTS: data/syncmaildir-1.3.0/mddiff.c:51:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "error [" tostring(cause) "]: " msg);\ data/syncmaildir-1.3.0/mddiff.c:52:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, "ERROR " msg);\ data/syncmaildir-1.3.0/mddiff.c:56:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "warning [" tostring(cause) "]: " msg) data/syncmaildir-1.3.0/mddiff.c:58:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (verbose) fprintf(stderr,"debug [" tostring(cause) "]: " msg) data/syncmaildir-1.3.0/mddiff.c:60:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (verbose) fprintf(stderr,msg) data/syncmaildir-1.3.0/mddiff.c:450:10: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. ERROR(fscanf,"malformed db file '%s', please remove it\n", data/syncmaildir-1.3.0/mddiff.c:480:10: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. ERROR(fscanf, "%s: malformed line %d: %d != 3 fields." data/syncmaildir-1.3.0/mddiff.c:1027:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "vhndls", long_options, &option_index); data/syncmaildir-1.3.0/smd-applet.c:5408:12: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. _tmp28_ = g_get_home_dir (); data/syncmaildir-1.3.0/mddiff.c:82:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. STATIC char tmpbuff_1[SHA_DIGEST_LENGTH * 2 + 1]; data/syncmaildir-1.3.0/mddiff.c:83:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. STATIC char tmpbuff_2[SHA_DIGEST_LENGTH * 2 + 1]; data/syncmaildir-1.3.0/mddiff.c:84:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. STATIC char tmpbuff_3[SHA_DIGEST_LENGTH * 2 + 1]; data/syncmaildir-1.3.0/mddiff.c:85:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. STATIC char tmpbuff_4[SHA_DIGEST_LENGTH * 2 + 1]; data/syncmaildir-1.3.0/mddiff.c:88:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. STATIC char tmpbuff_5[MAX_EMAIL_NAME_LEN]; data/syncmaildir-1.3.0/mddiff.c:89:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. STATIC char tmpbuff_6[MAX_EMAIL_NAME_LEN]; data/syncmaildir-1.3.0/mddiff.c:102:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. STATIC void shatxt(const char string[41], unsigned char outbuff[]) { data/syncmaildir-1.3.0/mddiff.c:164:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bsha[SHA_DIGEST_LENGTH]; // body hash value data/syncmaildir-1.3.0/mddiff.c:165:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hsha[SHA_DIGEST_LENGTH]; // header hash value data/syncmaildir-1.3.0/mddiff.c:237:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fname, O_RDONLY | O_NOATIME); data/syncmaildir-1.3.0/mddiff.c:241:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fname, O_RDONLY); data/syncmaildir-1.3.0/mddiff.c:342:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(dbfile, O_RDONLY | O_NOATIME)) == -1) goto err_open; data/syncmaildir-1.3.0/mddiff.c:406:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_dbname[PATH_MAX]; data/syncmaildir-1.3.0/mddiff.c:410:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(new_dbname,"w"); data/syncmaildir-1.3.0/mddiff.c:411:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fd == NULL) ERROR(fopen,"unable to save db file '%s'\n",new_dbname); data/syncmaildir-1.3.0/mddiff.c:426:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(new_dbname,"w"); data/syncmaildir-1.3.0/mddiff.c:427:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fd == NULL) ERROR(fopen,"unable to save db file '%s'\n",new_dbname); data/syncmaildir-1.3.0/mddiff.c:439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_dbname[PATH_MAX]; data/syncmaildir-1.3.0/mddiff.c:443:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(new_dbname,"r"); data/syncmaildir-1.3.0/mddiff.c:445:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). WARNING(fopen,"unable to open db file '%s'\n",new_dbname); data/syncmaildir-1.3.0/mddiff.c:456:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(dbname,"r"); data/syncmaildir-1.3.0/mddiff.c:458:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). WARNING(fopen,"unable to open db file '%s'\n",dbname); data/syncmaildir-1.3.0/mddiff.c:602:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). WARNING(open,"unable to open file '%s': %s\n", mail_name(m), data/syncmaildir-1.3.0/mddiff.c:604:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). WARNING(open,"ignoring '%s'\n", mail_name(m)); data/syncmaildir-1.3.0/mddiff.c:838:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fd == -1) ERROR(open,"unable to open file '%s'\n",file); data/syncmaildir-1.3.0/mddiff.c:900:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fd == -1) ERROR(open,"unable to open file '%s'\n",file); data/syncmaildir-1.3.0/mddiff.c:1125:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(data,"r"); data/syncmaildir-1.3.0/mddiff.c:1127:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ERROR(fopen,"unable to open fifo %s\n",data); data/syncmaildir-1.3.0/mddiff.c:1132:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_name[MAX_EMAIL_NAME_LEN]; data/syncmaildir-1.3.0/mddiff.c:1133:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tgt_name[MAX_EMAIL_NAME_LEN]; data/syncmaildir-1.3.0/mddiff.c:1145:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_EMAIL_NAME_LEN]; data/syncmaildir-1.3.0/smd-applet.c:3183:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _tmp40_ = atoi (_tmp39_); data/syncmaildir-1.3.0/smd-applet.c:3197:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _tmp45_ = atoi (_tmp44_); data/syncmaildir-1.3.0/mddiff.c:111:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(string); data/syncmaildir-1.3.0/mddiff.c:126:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(string); data/syncmaildir-1.3.0/mddiff.c:285:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(&names[name]); data/syncmaildir-1.3.0/mddiff.c:784:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(path) + 1 + strlen(dir_entry->d_name) + 1; data/syncmaildir-1.3.0/mddiff.c:784:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(path) + 1 + strlen(dir_entry->d_name) + 1; data/syncmaildir-1.3.0/mddiff.c:799:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (data[strlen(data)-1] == '/') data[strlen(data)-1] = '\0'; data/syncmaildir-1.3.0/mddiff.c:799:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (data[strlen(data)-1] == '/') data[strlen(data)-1] = '\0'; data/syncmaildir-1.3.0/mddiff.c:827:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t src_len = strlen(src_name); data/syncmaildir-1.3.0/smd-applet.c:1512:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp13_ = strlen (_tmp12_); data/syncmaildir-1.3.0/smd-applet.c:2003:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp6_ = strlen (self); data/syncmaildir-1.3.0/smd-applet.c:2507:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp69_ = strlen (_tmp68_); ANALYSIS SUMMARY: Hits = 53 Lines analyzed = 6861 in approximately 0.17 seconds (41451 lines/second) Physical Source Lines of Code (SLOC) = 6309 Hits@level = [0] 67 [1] 11 [2] 33 [3] 2 [4] 7 [5] 0 Hits@level+ = [0+] 120 [1+] 53 [2+] 42 [3+] 9 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 19.0204 [1+] 8.4007 [2+] 6.65716 [3+] 1.42653 [4+] 1.10953 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.