Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/athena-jot-9.0/debian/patches/jot.c Examining data/athena-jot-9.0/jot.c FINAL RESULTS: data/athena-jot-9.0/jot.c:158:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(format, *av + 2); data/athena-jot-9.0/jot.c:162:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(format, *++av); data/athena-jot-9.0/jot.c:166:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sepstring, *av + 2); data/athena-jot-9.0/jot.c:170:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sepstring, *++av); data/athena-jot-9.0/jot.c:337:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(format, *dp); data/athena-jot-9.0/jot.c:339:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(format, x); data/athena-jot-9.0/jot.c:349:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, msg, s); data/athena-jot-9.0/debian/patches/jot.c:15:4: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom((int) s); data/athena-jot-9.0/debian/patches/jot.c:18:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. - *y = (double) random() / INT_MAX; data/athena-jot-9.0/debian/patches/jot.c:21:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. + randval = random(); data/athena-jot-9.0/jot.c:65:9: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom srand48 data/athena-jot-9.0/jot.c:66:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/athena-jot-9.0/jot.c:66:16: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random lrand48 data/athena-jot-9.0/jot.c:68:9: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom srand data/athena-jot-9.0/jot.c:68:17: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom srand data/athena-jot-9.0/jot.c:69:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random rand data/athena-jot-9.0/jot.c:117:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom((int) s); data/athena-jot-9.0/jot.c:121:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. randval = random(); data/athena-jot-9.0/jot.c:91:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sepstring[BUFSIZ] = "\n"; data/athena-jot-9.0/jot.c:92:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[BUFSIZ]; data/athena-jot-9.0/jot.c:174:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). prec = atoi(*av + 2); data/athena-jot-9.0/jot.c:178:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). prec = atoi(*++av); data/athena-jot-9.0/jot.c:393:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(p, "%%.%df", prec); data/athena-jot-9.0/jot.c:395:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(p, "%c"); data/athena-jot-9.0/jot.c:196:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ender = av[2][strlen(av[2])-1]; data/athena-jot-9.0/jot.c:204:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). begin = av[1][strlen(av[1])-1]; data/athena-jot-9.0/jot.c:399:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(format, "%"); /* cannot end in single '%' */ ANALYSIS SUMMARY: Hits = 27 Lines analyzed = 443 in approximately 0.02 seconds (20393 lines/second) Physical Source Lines of Code (SLOC) = 379 Hits@level = [0] 8 [1] 3 [2] 6 [3] 11 [4] 7 [5] 0 Hits@level+ = [0+] 35 [1+] 27 [2+] 24 [3+] 18 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 92.3483 [1+] 71.2401 [2+] 63.3245 [3+] 47.4934 [4+] 18.4697 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.