Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/yubiserver-0.6/yubiserver.c
Examining data/yubiserver-0.6/yubiserver.h
Examining data/yubiserver-0.6/yubiserver-admin.c
FINAL RESULTS:
data/yubiserver-0.6/yubiserver-admin.c:835:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "Vhlyopa:x:e:d:b:", long_options,
data/yubiserver-0.6/yubiserver.c:1496:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "Vhp:d:l:", long_options, &option_index))
data/yubiserver-0.6/yubiserver-admin.c:402:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retval = atoi((char *)sqlite3_column_text(stmt, 0)) + 1;
data/yubiserver-0.6/yubiserver.c:70:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(yubiserver_log, O_CREAT| O_WRONLY | O_APPEND, 0644)) >= 0)
data/yubiserver-0.6/yubiserver.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hex_otp, modhex_otp, OTP_TOKEN);
data/yubiserver-0.6/yubiserver.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2]={' ','\0'};
data/yubiserver-0.6/yubiserver.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] = {' ', '\0'};
data/yubiserver-0.6/yubiserver.c:296:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(otp_buffer, otp + 12, OTP_MSG_SIZE);
data/yubiserver-0.6/yubiserver.c:407:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chrotpcounter[7];
data/yubiserver-0.6/yubiserver.c:416:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chrotptimestamp[7];
data/yubiserver-0.6/yubiserver.c:425:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chrotpcounter[5];
data/yubiserver-0.6/yubiserver.c:433:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chrotpcounter[3];
data/yubiserver-0.6/yubiserver.c:478:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*db_counter = atoi((const char *)sqlite3_column_text(stmt, 0));
data/yubiserver-0.6/yubiserver.c:479:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*db_timestamp = atoi((const char *)sqlite3_column_text(stmt, 1));
data/yubiserver-0.6/yubiserver.c:691:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[20];
data/yubiserver-0.6/yubiserver.c:730:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hmac_result[20];
data/yubiserver-0.6/yubiserver.c:734:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Counter[8]= {
data/yubiserver-0.6/yubiserver.c:760:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(final_hotp, HOTP + strlen(HOTP) - digits, digits);
data/yubiserver-0.6/yubiserver.c:802:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oyubikey->counter = atoi((const char *)sqlite3_column_text(stmt, 0));
data/yubiserver-0.6/yubiserver.c:973:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *token1,*token[7];
data/yubiserver-0.6/yubiserver.c:1022:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tokens->timeout = atoi(find_token(token[j]));
data/yubiserver-0.6/yubiserver.c:1033:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *token1, *token[7];
data/yubiserver-0.6/yubiserver.c:1065:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ipv4_addr[INET_ADDRSTRLEN]; /* We do not support IPv6 */
data/yubiserver-0.6/yubiserver.c:1066:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char validation_date[DATE_BUFSIZE];
data/yubiserver-0.6/yubiserver.c:1067:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char datetmp[20];
data/yubiserver-0.6/yubiserver.c:1077:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *status[12] = {"OK","BAD_OTP","REPLAYED_OTP","DELAYED_OTP",
data/yubiserver-0.6/yubiserver.c:1087:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, cli->buffer, cli->ret);
data/yubiserver-0.6/yubiserver.c:1199:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(tokens->timestamp) == 1)
data/yubiserver-0.6/yubiserver.c:1208:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sl = atoi(tokens->sl);
data/yubiserver-0.6/yubiserver.c:1415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuff[BUFSIZE + 1];
data/yubiserver-0.6/yubiserver.c:1476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portStr[6];
data/yubiserver-0.6/yubiserver.c:1517:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(optarg);
data/yubiserver-0.6/yubiserver.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char publicname[PUBLIC_NAME_SIZE + 1]; /* Database Public Name */
data/yubiserver-0.6/yubiserver.h:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char creation_date[DATE_BUFSIZE]; /* Database account creation datetime */
data/yubiserver-0.6/yubiserver.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char private_id[PRIVATE_ID_SIZE + 1]; /* Database private ID */
data/yubiserver-0.6/yubiserver.h:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oprivate_id[OPRIVATE_ID_SIZE + 1]; /* Database OATH private ID */
data/yubiserver-0.6/yubiserver.h:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aeskey[AES_SIZE + 1]; /* Database AES Key */
data/yubiserver-0.6/yubiserver-admin.c:469:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ext_db && (Argc != 7 || (strlen(user) > 16 || strlen(Argv[4]) != 12 ||
data/yubiserver-0.6/yubiserver-admin.c:469:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ext_db && (Argc != 7 || (strlen(user) > 16 || strlen(Argv[4]) != 12 ||
data/yubiserver-0.6/yubiserver-admin.c:470:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Argv[5]) != 12 ||
data/yubiserver-0.6/yubiserver-admin.c:471:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Argv[6]) != 32))) {
data/yubiserver-0.6/yubiserver-admin.c:474:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (ext_db && (Argc != 9 || (strlen(user) > 16 ||
data/yubiserver-0.6/yubiserver-admin.c:475:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Argv[6]) != 12 ||
data/yubiserver-0.6/yubiserver-admin.c:476:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Argv[7]) != 12 ||
data/yubiserver-0.6/yubiserver-admin.c:477:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Argv[8]) != 32))) {
data/yubiserver-0.6/yubiserver-admin.c:549:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ext_db && (Argc != 6 || (strlen(user) > 16 || strlen(Argv[4]) != 12 ||
data/yubiserver-0.6/yubiserver-admin.c:549:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ext_db && (Argc != 6 || (strlen(user) > 16 || strlen(Argv[4]) != 12 ||
data/yubiserver-0.6/yubiserver-admin.c:550:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Argv[5]) != 40))) {
data/yubiserver-0.6/yubiserver-admin.c:553:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (ext_db && (Argc != 8 || (strlen(user) > 16 ||
data/yubiserver-0.6/yubiserver-admin.c:554:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Argv[6]) != 12 ||
data/yubiserver-0.6/yubiserver-admin.c:555:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Argv[7]) != 40))) {
data/yubiserver-0.6/yubiserver-admin.c:641:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ext_db && (strlen(Argv[4]) != 20)) {
data/yubiserver-0.6/yubiserver-admin.c:643:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (ext_db && (strlen(Argv[6]) != 20)) {
data/yubiserver-0.6/yubiserver.c:60:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(num, logbuffer, strlen(logbuffer));
data/yubiserver-0.6/yubiserver.c:72:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, logbuffer, strlen(logbuffer));
data/yubiserver-0.6/yubiserver.c:106:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(modhex_otp); i++)
data/yubiserver-0.6/yubiserver.c:206:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0);
data/yubiserver-0.6/yubiserver.c:460:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0);
data/yubiserver-0.6/yubiserver.c:533:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0);
data/yubiserver-0.6/yubiserver.c:578:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0);
data/yubiserver-0.6/yubiserver.c:586:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(stmt, 1, id, strlen(id), 0);
data/yubiserver-0.6/yubiserver.c:702:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(password);
data/yubiserver-0.6/yubiserver.c:714:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = strlen(data);
data/yubiserver-0.6/yubiserver.c:743:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
td = mhash_hmac_init(MHASH_SHA1, key, strlen(key),
data/yubiserver-0.6/yubiserver.c:760:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(final_hotp, HOTP + strlen(HOTP) - digits, digits);
data/yubiserver-0.6/yubiserver.c:785:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0);
data/yubiserver-0.6/yubiserver.c:858:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0);
data/yubiserver-0.6/yubiserver.c:904:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hotp_val = calloc(1, strlen(otp) - 12 + 1);
data/yubiserver-0.6/yubiserver.c:905:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(hotp_val, strlen(otp) - 12 + 1, "%s", otp + 12);
data/yubiserver-0.6/yubiserver.c:906:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hotp_val) % 2 != 0)
data/yubiserver-0.6/yubiserver.c:920:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = hotp(Key, counter, strlen(hotp_val));
data/yubiserver-0.6/yubiserver.c:1137:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tokens->otp) > OTP_TOKEN)
data/yubiserver-0.6/yubiserver.c:1156:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (otp_n == NULL || strlen(tokens->otp) != OTP_TOKEN)
data/yubiserver-0.6/yubiserver.c:1178:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tokens->nonce) < 16 || strlen(tokens->nonce) > 40)
data/yubiserver-0.6/yubiserver.c:1178:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tokens->nonce) < 16 || strlen(tokens->nonce) > 40)
data/yubiserver-0.6/yubiserver.c:1212:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cli->fd, fstr, strlen(fstr));
data/yubiserver-0.6/yubiserver.c:1245:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cli->fd, fstr, strlen(fstr));
data/yubiserver-0.6/yubiserver.c:1292:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(oath_tokens->otp) == 18 ||
data/yubiserver-0.6/yubiserver.c:1293:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(oath_tokens->otp) == 20))
data/yubiserver-0.6/yubiserver.c:1306:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(oath_tokens->otp) > 20)
data/yubiserver-0.6/yubiserver.c:1313:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cli->fd, fstr, strlen(fstr));
data/yubiserver-0.6/yubiserver.c:1318:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cli->fd, fstr, strlen(fstr));
data/yubiserver-0.6/yubiserver.c:1341:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cli->fd, buffer, strlen(buffer));
data/yubiserver-0.6/yubiserver.c:1353:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(cli->fd, buffer, strlen(buffer));
data/yubiserver-0.6/yubiserver.c:1418:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(cli->fd, &rbuff, BUFSIZE);
ANALYSIS SUMMARY:
Hits = 85
Lines analyzed = 2619 in approximately 0.10 seconds (25917 lines/second)
Physical Source Lines of Code (SLOC) = 2176
Hits@level = [0] 117 [1] 48 [2] 35 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 202 [1+] 85 [2+] 37 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 92.8309 [1+] 39.0625 [2+] 17.0037 [3+] 0.919118 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.