Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-adapter.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-agent.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-network.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez-api.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/adapter.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/adapter.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/agent_manager.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/agent_manager.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/alert.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/alert.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/alert_agent.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/alert_agent.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/cycling_speed.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/cycling_speed.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/cycling_speed_manager.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/cycling_speed_manager.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/device.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/device.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/health_channel.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/health_channel.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/health_device.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/health_device.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/health_manager.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/health_manager.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/heart_rate.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/heart_rate.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/heart_rate_manager.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/heart_rate_manager.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/media.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/media.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/media_control.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/media_control.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/media_player.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/media_player.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/network.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/network.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/network_server.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/network_server.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_agent_manager.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_agent_manager.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_client.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_client.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_file_transfer.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_file_transfer.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_message.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_message.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_message_access.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_message_access.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_object_push.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_object_push.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_phonebook_access.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_phonebook_access.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_session.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_session.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_synchronization.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_synchronization.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_transfer.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/obex/obex_transfer.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/profile_manager.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/profile_manager.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/proximity_monitor.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/proximity_monitor.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/proximity_reporter.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/proximity_reporter.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/sim_access.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/sim_access.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/thermometer.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/thermometer.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/thermometer_manager.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/bluez/thermometer_manager.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/dbus-common.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/dbus-common.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/manager.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/manager.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/obex_agent.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/obex_agent.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/properties.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/properties.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/sdp.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/sdp.h
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/agent-helper.c
Examining data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/agent-helper.h
FINAL RESULTS:
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:334:13: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sdptool", "/bin/sdptool", "browse", "--xml", device_path, (char *) 0);
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:336:13: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sdptool", "/bin/sdptool", "browse", "--xml", "--uuid", pattern, device_path, (char *) 0);
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-adapter.c:280:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = g_variant_new_uint32((guint32) atoi(set_value_arg));
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-adapter.c:133:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (set_arg && (argc != 3 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-adapter.c:133:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (set_arg && (argc != 3 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-agent.c:54:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(filename != NULL && strlen(filename) > 0);
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-agent.c:94:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:333:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pattern == NULL || strlen(pattern) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:475:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!list_arg && (!connect_arg || strlen(connect_arg) == 0) && (!disconnect_arg || strlen(disconnect_arg) == 0) && (!remove_arg || strlen(remove_arg) == 0) && (!info_arg || strlen(info_arg) == 0) && !services_arg && !set_arg)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:475:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!list_arg && (!connect_arg || strlen(connect_arg) == 0) && (!disconnect_arg || strlen(disconnect_arg) == 0) && (!remove_arg || strlen(remove_arg) == 0) && (!info_arg || strlen(info_arg) == 0) && !services_arg && !set_arg)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:475:141: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!list_arg && (!connect_arg || strlen(connect_arg) == 0) && (!disconnect_arg || strlen(disconnect_arg) == 0) && (!remove_arg || strlen(remove_arg) == 0) && (!info_arg || strlen(info_arg) == 0) && !services_arg && !set_arg)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:475:183: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!list_arg && (!connect_arg || strlen(connect_arg) == 0) && (!disconnect_arg || strlen(disconnect_arg) == 0) && (!remove_arg || strlen(remove_arg) == 0) && (!info_arg || strlen(info_arg) == 0) && !services_arg && !set_arg)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:480:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (services_arg && (argc != 2 || strlen(argv[1]) == 0) && (argc != 3 || strlen(argv[1]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:480:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (services_arg && (argc != 2 || strlen(argv[1]) == 0) && (argc != 3 || strlen(argv[1]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:486:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (set_arg && (argc != 4 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0 || strlen(argv[3]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:486:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (set_arg && (argc != 4 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0 || strlen(argv[3]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:486:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (set_arg && (argc != 4 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0 || strlen(argv[3]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-device.c:673:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_markup_parse_context_parse(xml_parse_context, value, strlen(value), &error);
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-network.c:138:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (connect_arg && (argc != 3 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0)) {
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-network.c:138:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (connect_arg && (argc != 3 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0)) {
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-network.c:142:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (server_arg && (argc != 3 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0)) {
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-network.c:142:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (server_arg && (argc != 3 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0)) {
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:427:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!server_arg && !opp_arg && (!ftp_arg || strlen(ftp_arg) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:432:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (server_arg && argc != 1 && (argc != 2 || strlen(argv[1]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:438:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (opp_arg && (argc != 3 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:438:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (opp_arg && (argc != 3 || strlen(argv[1]) == 0 || strlen(argv[2]) == 0))
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:733:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 2 || strlen(f_argv[1]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:750:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 2 || strlen(f_argv[1]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:833:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 3 || strlen(f_argv[1]) == 0 || strlen(f_argv[2]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:833:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 3 || strlen(f_argv[1]) == 0 || strlen(f_argv[2]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:863:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 3 || strlen(f_argv[1]) == 0 || strlen(f_argv[2]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:863:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 3 || strlen(f_argv[1]) == 0 || strlen(f_argv[2]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:891:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 3 || strlen(f_argv[1]) == 0 || strlen(f_argv[2]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:891:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 3 || strlen(f_argv[1]) == 0 || strlen(f_argv[2]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:908:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 3 || strlen(f_argv[1]) == 0 || strlen(f_argv[2]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:908:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 3 || strlen(f_argv[1]) == 0 || strlen(f_argv[2]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/bt-obex.c:925:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f_argc != 2 || strlen(f_argv[1]) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/agent-helper.c:160:17: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf("%3s", yn) == EOF && errno)
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/agent-helper.c:205:17: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf("%3s", yn) == EOF && errno)
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/agent-helper.c:256:17: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf("%3s", yn) == EOF && errno)
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c:118:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uuid == NULL || strlen(uuid) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c:132:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name == NULL || strlen(name) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c:162:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name == NULL || strlen(name) == 0)
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c:219:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(name != NULL && strlen(name) > 0);
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c:293:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(dbus_service_name != NULL && strlen(dbus_service_name) > 0);
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c:294:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(dbus_object_path != NULL && strlen(dbus_object_path) > 0);
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c:295:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(intf_name != NULL && strlen(intf_name) > 0);
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c:354:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(filename != NULL && strlen(filename) > 0);
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.c:380:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(dirname != NULL && strlen(dirname) > 0);
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/helpers.h:43:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_printerr("%s: %s\n", (error->domain == G_DBUS_ERROR && g_dbus_error_get_remote_error(error) != NULL && strlen(g_dbus_error_get_remote_error(error)) ? g_dbus_error_get_remote_error(error) : "Error"), error->message); \
data/bluez-tools-2.0~20170911.0.7cb788c/src/lib/obex_agent.c:227:9: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf("%3s", yn) == EOF && errno)
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 15484 in approximately 0.38 seconds (40338 lines/second)
Physical Source Lines of Code (SLOC) = 10196
Hits@level = [0] 7 [1] 48 [2] 1 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 58 [1+] 51 [2+] 3 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 5.68851 [1+] 5.00196 [2+] 0.294233 [3+] 0.196155 [4+] 0.196155 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.