Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tdbcpostgres-1.1.1/generic/pqStubs.h
Examining data/tdbcpostgres-1.1.1/generic/pqStubInit.c
Examining data/tdbcpostgres-1.1.1/generic/int2ptr_ptr2int.h
Examining data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c
Examining data/tdbcpostgres-1.1.1/generic/fakepq.h
Examining data/tdbcpostgres-1.1.1/win/nmakehlp.c
FINAL RESULTS:
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:60:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:60:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:954:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(isoName, value);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1932:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retval, stmtName);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:33:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/tdbcpostgres-1.1.1/win/nmakehlp.c:33:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/tdbcpostgres-1.1.1/win/nmakehlp.c:250:5: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcat(cmdline, option);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:388:2: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcat(cmdline, options[i]);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:677:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(szBuffer);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:258:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tdbcpostgres-1.1.1/win/nmakehlp.c:258:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tdbcpostgres-1.1.1/win/nmakehlp.c:392:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tdbcpostgres-1.1.1/win/nmakehlp.c:392:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * savedOpts[INDX_MAX]; /* Saved configuration options */
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1043:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portval[10]; /* String representation of port number */
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1048:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char connInfo[CONNINFO_LEN]; /* Configuration string for PQconnectdb() */
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1157:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(portval, "%d", optionValue);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1927:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmtName[30];
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:2094:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[16];
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:2109:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbuf, "#%d", count);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:2173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[30]; /* Temporary array for strings */
data/tdbcpostgres-1.1.1/win/nmakehlp.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STATICBUFFERSIZE];
data/tdbcpostgres-1.1.1/win/nmakehlp.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tdbcpostgres-1.1.1/win/nmakehlp.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tdbcpostgres-1.1.1/win/nmakehlp.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/tdbcpostgres-1.1.1/win/nmakehlp.c:244:5: [2] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
lstrcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X -Fp.\\_junk.pch ");
data/tdbcpostgres-1.1.1/win/nmakehlp.c:256:5: [2] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
lstrcat(cmdline, " .\\nul");
data/tdbcpostgres-1.1.1/win/nmakehlp.c:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tdbcpostgres-1.1.1/win/nmakehlp.c:340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[255];
data/tdbcpostgres-1.1.1/win/nmakehlp.c:380:5: [2] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
lstrcpy(cmdline, "link.exe -nologo ");
data/tdbcpostgres-1.1.1/win/nmakehlp.c:387:2: [2] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
lstrcat(cmdline, " \"");
data/tdbcpostgres-1.1.1/win/nmakehlp.c:507:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuffer[100];
data/tdbcpostgres-1.1.1/win/nmakehlp.c:509:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "rt");
data/tdbcpostgres-1.1.1/win/nmakehlp.c:540:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, p, q - p);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:615:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuffer[1024], szCopy[1024];
data/tdbcpostgres-1.1.1/win/nmakehlp.c:620:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rt");
data/tdbcpostgres-1.1.1/win/nmakehlp.c:627:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sp = fopen(substitutions, "rt");
data/tdbcpostgres-1.1.1/win/nmakehlp.c:674:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, szCopy, sizeof(szCopy));
data/tdbcpostgres-1.1.1/win/nmakehlp.c:709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCwd[MAX_PATH + 1];
data/tdbcpostgres-1.1.1/win/nmakehlp.c:727:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH+1];
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:953:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
isoName = (char*) ckalloc(strlen(value) + 1);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1175:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&connInfo[j], optStringNames[i], CONNINFO_LEN - j);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1176:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j+=strlen(optStringNames[i]);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1177:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(&connInfo[j], " = '", CONNINFO_LEN - j);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1178:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j+=strlen(" = '");
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1179:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&connInfo[j], cdata->savedOpts[i], CONNINFO_LEN - j);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1180:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j+=strlen(cdata->savedOpts[i]);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1181:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(&connInfo[j], "' ", CONNINFO_LEN - j);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1182:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j+=strlen("' ");
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:1931:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = (char *)ckalloc(strlen(stmtName) + 1);
data/tdbcpostgres-1.1.1/generic/tdbcpostgres.c:3192:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(nTuples) == 0) {
data/tdbcpostgres-1.1.1/win/nmakehlp.c:389:2: [1] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
lstrcat(cmdline, "\"");
data/tdbcpostgres-1.1.1/win/nmakehlp.c:525:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(match);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:671:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen(p->key);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:733:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = strlen(dir);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:736:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, dir, dirlen);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:737:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(path+dirlen, "\\*", 3); /* Including terminating \0 */
data/tdbcpostgres-1.1.1/win/nmakehlp.c:738:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(keypath);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:763:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sublen = strlen(finfo.cFileName);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:766:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path+dirlen+1, finfo.cFileName, sublen);
data/tdbcpostgres-1.1.1/win/nmakehlp.c:768:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path+dirlen+1+sublen+1, keypath, keylen+1);
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 4588 in approximately 0.12 seconds (37994 lines/second)
Physical Source Lines of Code (SLOC) = 2851
Hits@level = [0] 16 [1] 21 [2] 27 [3] 4 [4] 9 [5] 0
Hits@level+ = [0+] 77 [1+] 61 [2+] 40 [3+] 13 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 27.0081 [1+] 21.396 [2+] 14.0302 [3+] 4.5598 [4+] 3.15679 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.