Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/u3-tool-0.3/src/u3.h
Examining data/u3-tool-0.3/src/u3_scsi.h
Examining data/u3-tool-0.3/src/sg_err.h
Examining data/u3-tool-0.3/src/u3_error.c
Examining data/u3-tool-0.3/src/u3_commands.h
Examining data/u3-tool-0.3/src/md5.h
Examining data/u3-tool-0.3/src/u3_error.h
Examining data/u3-tool-0.3/src/md5.c
Examining data/u3-tool-0.3/src/display_progress.h
Examining data/u3-tool-0.3/src/secure_input.h
Examining data/u3-tool-0.3/src/display_progress.c
Examining data/u3-tool-0.3/src/secure_input.c
Examining data/u3-tool-0.3/src/u3_commands.c
Examining data/u3-tool-0.3/src/u3_scsi_debug.c
Examining data/u3-tool-0.3/src/u3_scsi_sg.c
Examining data/u3-tool-0.3/src/u3_scsi_spt.c
Examining data/u3-tool-0.3/src/u3_scsi_usb.c
Examining data/u3-tool-0.3/src/main.c
FINAL RESULTS:
data/u3-tool-0.3/src/u3_error.c:33:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(device->err_msg, U3_MAX_ERROR_LEN, fmt, ap);
data/u3-tool-0.3/src/u3_error.c:47:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(device->err_msg, U3_MAX_ERROR_LEN, fmt, ap);
data/u3-tool-0.3/src/main.c:663:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "cdDehil:p:RuvVz")) != -1) {
data/u3-tool-0.3/src/main.c:200:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(iso_filename, "rb")) == NULL) {
data/u3-tool-0.3/src/main.c:649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_string[MAX_FILENAME_STRING_LENGTH+1];
data/u3-tool-0.3/src/main.c:650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size_string[MAX_SIZE_STRING_LENGTH+1];
data/u3-tool-0.3/src/main.c:653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[MAX_PASSWORD_LENGTH+1];
data/u3-tool-0.3/src/main.c:656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_password[MAX_PASSWORD_LENGTH+1];
data/u3-tool-0.3/src/main.c:754:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char validate_password[MAX_PASSWORD_LENGTH+1];
data/u3-tool-0.3/src/md5.c:72:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void md5_process( md5_context *ctx, unsigned char data[64] )
data/u3-tool-0.3/src/md5.c:217:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/u3-tool-0.3/src/md5.c:234:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/u3-tool-0.3/src/md5.c:239:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md5_padding[64] =
data/u3-tool-0.3/src/md5.c:254:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msglen[8];
data/u3-tool-0.3/src/md5.c:298:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/u3-tool-0.3/src/md5.c:300:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "rb" ) ) == NULL )
data/u3-tool-0.3/src/md5.c:359:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmpbuf[16];
data/u3-tool-0.3/src/md5.c:392:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char md5_test_str[7][81] =
data/u3-tool-0.3/src/md5.c:404:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md5_test_sum[7][16] =
data/u3-tool-0.3/src/md5.c:428:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/u3-tool-0.3/src/md5.c:435:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
md5( (unsigned char *) md5_test_str[i],
data/u3-tool-0.3/src/md5.h:18:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /*!< data block being processed */
data/u3-tool-0.3/src/md5.h:19:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipad[64]; /*!< HMAC: inner padding */
data/u3-tool-0.3/src/md5.h:20:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opad[64]; /*!< HMAC: outer padding */
data/u3-tool-0.3/src/u3.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[U3_MAX_ERROR_LEN];
data/u3-tool-0.3/src/u3_commands.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[U3_MAX_SERIAL_LEN]; /* Device Serial number */
data/u3-tool-0.3/src/u3_commands.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char revision[U3_MAX_CHIP_REVISION_LEN];
data/u3-tool-0.3/src/u3_commands.h:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manufacturer[U3_MAX_CHIP_MANUFACTURER_LEN];
data/u3-tool-0.3/src/u3_scsi_sg.c:55:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sg_fd = open(which, O_RDWR)) < 0) {
data/u3-tool-0.3/src/u3_scsi_sg.c:59:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sg_fd = open(which, O_RDONLY | O_NONBLOCK)) < 0) {
data/u3-tool-0.3/src/u3_scsi_sg.c:65:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sg_fd = open(which, O_RDWR)) < 0) {
data/u3-tool-0.3/src/u3_scsi_sg.c:109:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sense_buf[32];
data/u3-tool-0.3/src/u3_scsi_spt.c:62:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lpszDeviceName, (char *) "\\\\.\\*:", 7);
data/u3-tool-0.3/src/u3_scsi_spt.c:125:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptd.Cdb, cmd, U3_CMD_LEN);
data/u3-tool-0.3/src/u3_scsi_usb.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[U3_MAX_ERROR_LEN];
data/u3-tool-0.3/src/u3_scsi_usb.c:327:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cbw.CBWCB), cmd, U3_CBWCB_LEN);
data/u3-tool-0.3/src/main.c:76:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stdin);
data/u3-tool-0.3/src/main.c:88:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stdin);
data/u3-tool-0.3/src/main.c:679:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename_string, optarg, MAX_FILENAME_STRING_LENGTH);
data/u3-tool-0.3/src/main.c:684:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(size_string, optarg, MAX_SIZE_STRING_LENGTH);
data/u3-tool-0.3/src/main.c:742:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(password) == 0) {
data/u3-tool-0.3/src/main.c:758:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_password) == 0) {
data/u3-tool-0.3/src/md5.c:436:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( md5_test_str[i] ), md5sum );
data/u3-tool-0.3/src/secure_input.c:60:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(stdin);
data/u3-tool-0.3/src/secure_input.c:64:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(stdin);
data/u3-tool-0.3/src/secure_input.c:70:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(stdin);
data/u3-tool-0.3/src/u3_commands.c:59:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passlen = strlen(password);
data/u3-tool-0.3/src/u3_error.c:51:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(device->err_msg, ": ",
data/u3-tool-0.3/src/u3_error.c:52:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
U3_MAX_ERROR_LEN - strlen(device->err_msg) - 1);
data/u3-tool-0.3/src/u3_error.c:53:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(device->err_msg, old_msg,
data/u3-tool-0.3/src/u3_error.c:54:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
U3_MAX_ERROR_LEN - strlen(device->err_msg) - 1);
data/u3-tool-0.3/src/u3_scsi_spt.c:55:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(which) != 1 || ! isalpha(which[0])) {
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 3676 in approximately 0.12 seconds (30369 lines/second)
Physical Source Lines of Code (SLOC) = 2320
Hits@level = [0] 150 [1] 16 [2] 33 [3] 1 [4] 2 [5] 0
Hits@level+ = [0+] 202 [1+] 52 [2+] 36 [3+] 3 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 87.069 [1+] 22.4138 [2+] 15.5172 [3+] 1.2931 [4+] 0.862069 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.