Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/checkpw-1.02/auto_patrn.h
Examining data/checkpw-1.02/x86cpuid.c
Examining data/checkpw-1.02/env.c
Examining data/checkpw-1.02/env.h
Examining data/checkpw-1.02/fmt.h
Examining data/checkpw-1.02/md5.h
Examining data/checkpw-1.02/auto_password.h
Examining data/checkpw-1.02/str.h
Examining data/checkpw-1.02/open_read.c
Examining data/checkpw-1.02/auto_home.h
Examining data/checkpw-1.02/gen_allocdefs.h
Examining data/checkpw-1.02/stralloc.h
Examining data/checkpw-1.02/alloc_re.c
Examining data/checkpw-1.02/trycpp.c
Examining data/checkpw-1.02/openreadclose.c
Examining data/checkpw-1.02/openreadclose.h
Examining data/checkpw-1.02/str_start.c
Examining data/checkpw-1.02/instcheck.c
Examining data/checkpw-1.02/auto_maildir.h
Examining data/checkpw-1.02/open_trunc.c
Examining data/checkpw-1.02/error.c
Examining data/checkpw-1.02/error.h
Examining data/checkpw-1.02/strerr_die.c
Examining data/checkpw-1.02/buffer_get.c
Examining data/checkpw-1.02/fmt_ulong.c
Examining data/checkpw-1.02/buffer_put.c
Examining data/checkpw-1.02/strerr_sys.c
Examining data/checkpw-1.02/stralloc_catb.c
Examining data/checkpw-1.02/stralloc_cats.c
Examining data/checkpw-1.02/global.h
Examining data/checkpw-1.02/buffer_copy.c
Examining data/checkpw-1.02/stralloc_eady.c
Examining data/checkpw-1.02/byte.h
Examining data/checkpw-1.02/exit.h
Examining data/checkpw-1.02/pathexec_env.c
Examining data/checkpw-1.02/hier.c
Examining data/checkpw-1.02/pathexec_run.c
Examining data/checkpw-1.02/substdo.c
Examining data/checkpw-1.02/md5c.c
Examining data/checkpw-1.02/byte_cr.c
Examining data/checkpw-1.02/stralloc_pend.c
Examining data/checkpw-1.02/stralloc_opyb.c
Examining data/checkpw-1.02/stralloc_opys.c
Examining data/checkpw-1.02/open.h
Examining data/checkpw-1.02/prot.c
Examining data/checkpw-1.02/prot.h
Examining data/checkpw-1.02/auto-str.c
Examining data/checkpw-1.02/buffer.c
Examining data/checkpw-1.02/buffer.h
Examining data/checkpw-1.02/scan.h
Examining data/checkpw-1.02/readwrite.h
Examining data/checkpw-1.02/hasshsgr.h
Examining data/checkpw-1.02/readclose.c
Examining data/checkpw-1.02/readclose.h
Examining data/checkpw-1.02/alloc.c
Examining data/checkpw-1.02/alloc.h
Examining data/checkpw-1.02/pathexec.h
Examining data/checkpw-1.02/gen_alloc.h
Examining data/checkpw-1.02/stralloc_cat.c
Examining data/checkpw-1.02/buffer_2.c
Examining data/checkpw-1.02/substdio.h
Examining data/checkpw-1.02/byte_copy.c
Examining data/checkpw-1.02/byte_diff.c
Examining data/checkpw-1.02/auto-int8.c
Examining data/checkpw-1.02/error_str.c
Examining data/checkpw-1.02/strerr.h
Examining data/checkpw-1.02/install.c
Examining data/checkpw-1.02/str_chr.c
Examining data/checkpw-1.02/scan_8long.c
Examining data/checkpw-1.02/str_len.c
Examining data/checkpw-1.02/checkapoppw.c
Examining data/checkpw-1.02/checkpw.c
FINAL RESULTS:
data/checkpw-1.02/install.c:23:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(home,uid,gid) == -1)
data/checkpw-1.02/install.c:25:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(home,mode) == -1)
data/checkpw-1.02/install.c:41:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(subdir,uid,gid) == -1)
data/checkpw-1.02/install.c:43:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(subdir,mode) == -1)
data/checkpw-1.02/install.c:96:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(file,uid,gid) == -1)
data/checkpw-1.02/install.c:98:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(file,mode) == -1)
data/checkpw-1.02/install.c:134:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(file,uid,gid) == -1)
data/checkpw-1.02/install.c:136:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(file,mode) == -1)
data/checkpw-1.02/alloc.c:9:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { char irrelevant[ALIGNMENT]; double d; } aligned;
data/checkpw-1.02/auto-int8.c:7:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[256];
data/checkpw-1.02/auto-int8.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strnum[FMT_ULONG];
data/checkpw-1.02/auto-str.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bspace[256];
data/checkpw-1.02/auto-str.c:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char octal[4];
data/checkpw-1.02/buffer_2.c:4:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_2_space[256];
data/checkpw-1.02/checkapoppw.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char up[513];
data/checkpw-1.02/checkapoppw.c:52:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/checkpw-1.02/checkapoppw.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encrypted[16*2+1];
data/checkpw-1.02/checkpw.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char up[513];
data/checkpw-1.02/install.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[BUFFER_INSIZE];
data/checkpw-1.02/install.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[BUFFER_OUTSIZE];
data/checkpw-1.02/md5.h:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/checkpw-1.02/md5c.c:56:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/checkpw-1.02/md5c.c:158:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16]; /* message digest */
data/checkpw-1.02/md5c.c:161:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/checkpw-1.02/md5c.c:187:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/checkpw-1.02/md5c.c:332:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)output)[i] = (char)value;
data/checkpw-1.02/open_read.c:6:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_RDONLY | O_NDELAY); }
data/checkpw-1.02/open_trunc.c:6:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY | O_TRUNC | O_CREAT,0644); }
data/checkpw-1.02/checkapoppw.c:62:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(3,up + uplen,sizeof(up) - uplen);
data/checkpw-1.02/checkpw.c:51:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(3,up + uplen,sizeof(up) - uplen);
data/checkpw-1.02/install.c:69:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer_init(&ssin,read,fdin,inbuf,sizeof inbuf);
data/checkpw-1.02/install.c:146:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077);
data/checkpw-1.02/readclose.c:10:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd,sa->s + sa->len,bufsize);
data/checkpw-1.02/readwrite.h:4:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern int read();
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 2636 in approximately 0.10 seconds (26688 lines/second)
Physical Source Lines of Code (SLOC) = 2169
Hits@level = [0] 3 [1] 6 [2] 20 [3] 0 [4] 0 [5] 8
Hits@level+ = [0+] 37 [1+] 34 [2+] 28 [3+] 8 [4+] 8 [5+] 8
Hits/KSLOC@level+ = [0+] 17.0586 [1+] 15.6754 [2+] 12.9092 [3+] 3.68834 [4+] 3.68834 [5+] 3.68834
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.