Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/concordance-1.4/libconcord/xml_headers.h
Examining data/concordance-1.4/libconcord/libconcord.cpp
Examining data/concordance-1.4/libconcord/libhidapi.cpp
Examining data/concordance-1.4/libconcord/web.cpp
Examining data/concordance-1.4/libconcord/remote.h
Examining data/concordance-1.4/libconcord/remote.cpp
Examining data/concordance-1.4/libconcord/remote_z.cpp
Examining data/concordance-1.4/libconcord/protocol.h
Examining data/concordance-1.4/libconcord/operationfile.cpp
Examining data/concordance-1.4/libconcord/hid.h
Examining data/concordance-1.4/libconcord/usblan.cpp
Examining data/concordance-1.4/libconcord/usblan.h
Examining data/concordance-1.4/libconcord/binaryfile.cpp
Examining data/concordance-1.4/libconcord/libusbhid.cpp
Examining data/concordance-1.4/libconcord/operationfile.h
Examining data/concordance-1.4/libconcord/lc_internal.h
Examining data/concordance-1.4/libconcord/protocol_z.h
Examining data/concordance-1.4/libconcord/libconcord.h
Examining data/concordance-1.4/libconcord/remote_info.h
Examining data/concordance-1.4/libconcord/binaryfile.h
Examining data/concordance-1.4/libconcord/web.h
Examining data/concordance-1.4/libconcord/remote_mh.cpp
Examining data/concordance-1.4/consnoop/consnoop.cpp
Examining data/concordance-1.4/concordance/concordance.c
FINAL RESULTS:
data/concordance-1.4/concordance/concordance.c:130:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output, stage);
data/concordance-1.4/libconcord/libconcord.cpp:1088:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int xml_len = snprintf(xml_buffer, xml_buffer_len, mh_config_header,
data/concordance-1.4/libconcord/libconcord.cpp:1166:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
const int chlen = sprintf(
data/concordance-1.4/libconcord/operationfile.cpp:180:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "0x%s ", hex.substr(i, 2).c_str());
data/concordance-1.4/libconcord/remote.cpp:59:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(x, GUID_STR, in[0], in[1], in[2], in[3], in[4], in[5], in[6],
data/concordance-1.4/libconcord/remote.cpp:64:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(x, GUID_STR, in[3], in[2], in[1], in[0], in[5], in[4], in[7],
data/concordance-1.4/libconcord/web.cpp:77:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int size = vsnprintf(NULL, 0, format, args);
data/concordance-1.4/libconcord/web.cpp:82:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, size, format, args);
data/concordance-1.4/libconcord/web.cpp:324:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(post_data+strlen(post_data), post_xml_usbnet1, ri.home_id,
data/concordance-1.4/libconcord/web.cpp:327:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(post_data+strlen(post_data), post_xml_usbnet_region,
data/concordance-1.4/libconcord/web.cpp:330:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(post_data+strlen(post_data), "%s", post_xml_usbnet2);
data/concordance-1.4/libconcord/web.cpp:331:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(post_data+strlen(post_data), "%s", ri.xml_user_rf_setting);
data/concordance-1.4/libconcord/web.cpp:332:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(post_data+strlen(post_data), "%s", post_xml_usbnet3);
data/concordance-1.4/concordance/concordance.c:386:22: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((tmpint = getopt_long(argc, argv, "bc::C:df::F:hil:rs::t:kKvVw",
data/concordance-1.4/consnoop/consnoop.cpp:508:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((tmpint = getopt(argc, argv, "dhf:vz")) != EOF) {
data/concordance-1.4/concordance/concordance.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[24]; /* 21 + 1 + 1 + \0 */
data/concordance-1.4/concordance/concordance.c:733:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const dow[8] =
data/concordance-1.4/consnoop/consnoop.cpp:536:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open(file_name);
data/concordance-1.4/libconcord/binaryfile.cpp:59:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int binaryoutfile::open(const char *path)
data/concordance-1.4/libconcord/binaryfile.cpp:61:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_f = fopen(path, "wb");
data/concordance-1.4/libconcord/binaryfile.cpp:81:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int binaryinfile::open(const char *path)
data/concordance-1.4/libconcord/binaryfile.cpp:83:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_f = fopen(path, "rb");
data/concordance-1.4/libconcord/binaryfile.h:39:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(const char*path);
data/concordance-1.4/libconcord/binaryfile.h:48:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(const char *path);
data/concordance-1.4/libconcord/libconcord.cpp:1074:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_str[100];
data/concordance-1.4/libconcord/libconcord.cpp:1086:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xml_buffer[xml_buffer_len];
data/concordance-1.4/libconcord/libconcord.cpp:1148:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (of.open(file_name) != 0) {
data/concordance-1.4/libconcord/libconcord.cpp:1372:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (of.open(file_name) != 0) {
data/concordance-1.4/libconcord/libconcord.cpp:1492:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (of.open(file_name) != 0) {
data/concordance-1.4/libconcord/libconcord.cpp:1522:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[16];
data/concordance-1.4/libconcord/libconcord.cpp:1529:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hex, "%02X", *pf++);
data/concordance-1.4/libconcord/libconcord.cpp:1837:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[buflen];
data/concordance-1.4/libconcord/libconcord.cpp:1879:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[buflen];
data/concordance-1.4/libconcord/libconcord.cpp:1909:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[buflen];
data/concordance-1.4/libconcord/libconcord.h:505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_name[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char email[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:507:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service_link[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:510:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:511:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encryption[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:512:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:513:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char connect_status[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:514:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_code[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:517:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signal_strength[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:519:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channel[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libconcord.h:520:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encryption[MH_STRING_LENGTH];
data/concordance-1.4/libconcord/libhidapi.cpp:115:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wide_s[buf_len];
data/concordance-1.4/libconcord/libhidapi.cpp:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[buf_len];
data/concordance-1.4/libconcord/libhidapi.cpp:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newdata[1], data, USB_PACKET_LENGTH);
data/concordance-1.4/libconcord/libusbhid.cpp:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/concordance-1.4/libconcord/operationfile.cpp:57:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t binary_tag_size = (uint32_t)atoi(binary_tag_size_s.c_str());
data/concordance-1.4/libconcord/operationfile.cpp:71:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const uint8_t checksum = atoi(s.c_str());
data/concordance-1.4/libconcord/operationfile.cpp:129:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(file_name) != 0) {
data/concordance-1.4/libconcord/operationfile.cpp:179:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[6];
data/concordance-1.4/libconcord/remote.cpp:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[48];
data/concordance-1.4/libconcord/remote.cpp:278:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pr, rsp+2, rxlen);
data/concordance-1.4/libconcord/remote.cpp:592:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wd+1, pw, block_len);
data/concordance-1.4/libconcord/remote_mh.cpp:199:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg_read_file[msg_idx], filename, strlen(filename));
data/concordance-1.4/libconcord/remote_mh.cpp:279:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd_ptr, &rsp[2], len);
data/concordance-1.4/libconcord/remote_mh.cpp:340:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg_write_file[msg_idx], filename, strlen(filename));
data/concordance-1.4/libconcord/remote_mh.cpp:403:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_pkt[2], wr_ptr, pkt_len);
data/concordance-1.4/libconcord/remote_mh.cpp:509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[buflen];
data/concordance-1.4/libconcord/remote_mh.cpp:535:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guid_char[3];
data/concordance-1.4/libconcord/remote_mh.cpp:627:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd + len - 4, MH_EOF_BYTES, 4);
data/concordance-1.4/libconcord/remote_mh.cpp:740:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tsv[16], tz_str, tz_str_len);
data/concordance-1.4/libconcord/remote_mh.cpp:908:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_pkt[2], wr_ptr, pkt_len);
data/concordance-1.4/libconcord/remote_z.cpp:92:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt + 4, data, len);
data/concordance-1.4/libconcord/remote_z.cpp:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, pkt + 1, pkt[0]);
data/concordance-1.4/libconcord/remote_z.cpp:171:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt + 6, data, len);
data/concordance-1.4/libconcord/remote_z.cpp:222:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, pkt + 1, len + HID_TCP_HDR_SIZE + HID_UDP_HDR_SIZE - 1);
data/concordance-1.4/libconcord/remote_z.cpp:293:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt + 3, data, len);
data/concordance-1.4/libconcord/remote_z.cpp:311:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, buf, len);
data/concordance-1.4/libconcord/remote_z.cpp:440:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_pkt[4], wr_ptr, pkt_len);
data/concordance-1.4/libconcord/remote_z.cpp:646:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd_ptr, pl.p[1], pkt_len);
data/concordance-1.4/libconcord/remote_z.cpp:928:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, pkt_1, 3);
data/concordance-1.4/libconcord/remote_z.cpp:929:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp[3], pkt_2, 54);
data/concordance-1.4/libconcord/remote_z.cpp:1029:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prev_pkt_tail, &rsp[56], 3);
data/concordance-1.4/libconcord/remote_z.cpp:1032:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd_ptr, &rsp[5], rlen);
data/concordance-1.4/libconcord/usblan.cpp:90:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sa.sin_addr), addr->h_addr, addr->h_length);
data/concordance-1.4/libconcord/usblan.cpp:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/concordance-1.4/libconcord/usblan.cpp:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sa.sin_addr), addr->h_addr, addr->h_length);
data/concordance-1.4/libconcord/web.cpp:101:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[4];
data/concordance-1.4/libconcord/web.cpp:102:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hex, "%%%02X", c);
data/concordance-1.4/libconcord/web.cpp:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sa.sin_addr), addr->h_addr, addr->h_length);
data/concordance-1.4/libconcord/web.cpp:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/concordance-1.4/libconcord/web.cpp:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/concordance-1.4/libconcord/web.cpp:300:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "F%08X", carrier_clock);
data/concordance-1.4/libconcord/web.cpp:302:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "F%04X", carrier_clock);
data/concordance-1.4/libconcord/web.cpp:307:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "P%08X", ir_signal[n++]);
data/concordance-1.4/libconcord/web.cpp:309:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "P%04X", ir_signal[n++]);
data/concordance-1.4/libconcord/web.cpp:313:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "S%08X", ir_signal[n++]);
data/concordance-1.4/libconcord/web.cpp:315:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "S%04X", ir_signal[n++]);
data/concordance-1.4/concordance/concordance.c:74:18: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read_key getchar
data/concordance-1.4/concordance/concordance.c:131:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(output, ":");
data/concordance-1.4/concordance/concordance.c:189:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/concordance-1.4/concordance/concordance.c:263:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (index = 0; index < strlen(allowed); index++) {
data/concordance-1.4/concordance/concordance.c:816:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/concordance-1.4/concordance/concordance.c:907:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mh_get_serial()) != 0)
data/concordance-1.4/concordance/concordance.c:1165:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/concordance-1.4/libconcord/binaryfile.cpp:72:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fwrite(c,strlen(c), 1, m_f);
data/concordance-1.4/libconcord/binaryfile.cpp:94:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t binaryinfile::read(uint8_t *b, uint32_t len)
data/concordance-1.4/libconcord/binaryfile.h:50:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read(uint8_t *b, uint32_t len);
data/concordance-1.4/libconcord/libconcord.cpp:1085:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int xml_buffer_len = strlen(mh_config_header) + 100;
data/concordance-1.4/libconcord/libconcord.cpp:1165:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ch = new char[strlen(config_header) + 200];
data/concordance-1.4/libconcord/libconcord.cpp:1827:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, start, len);
data/concordance-1.4/libconcord/libconcord.cpp:1868:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(str_buffer.c_str()));
data/concordance-1.4/libconcord/libconcord.cpp:1943:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(str_buffer.c_str()));
data/concordance-1.4/libconcord/operationfile.cpp:137:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(out, size);
data/concordance-1.4/libconcord/remote_mh.cpp:116:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(type_cstr) == 3) {
data/concordance-1.4/libconcord/remote_mh.cpp:191:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > (MH_MAX_PACKET_SIZE - 9)) {
data/concordance-1.4/libconcord/remote_mh.cpp:199:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&msg_read_file[msg_idx], filename, strlen(filename));
data/concordance-1.4/libconcord/remote_mh.cpp:200:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_idx += strlen(filename);
data/concordance-1.4/libconcord/remote_mh.cpp:331:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > (MH_MAX_PACKET_SIZE - 14)) {
data/concordance-1.4/libconcord/remote_mh.cpp:340:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&msg_write_file[msg_idx], filename, strlen(filename));
data/concordance-1.4/libconcord/remote_mh.cpp:341:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_idx += strlen(filename);
data/concordance-1.4/libconcord/remote_mh.cpp:727:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tz_str_len = strlen(tz_str);
data/concordance-1.4/libconcord/usblan.cpp:220:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = send(web_sock, http_get_cmd, strlen(http_get_cmd), 0);
data/concordance-1.4/libconcord/usblan.cpp:248:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data = new char[strlen(buf_ptr)+1];
data/concordance-1.4/libconcord/usblan.cpp:249:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*data, buf_ptr, strlen(buf_ptr)+1);
data/concordance-1.4/libconcord/usblan.cpp:249:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(*data, buf_ptr, strlen(buf_ptr)+1);
data/concordance-1.4/libconcord/web.cpp:91:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(in);
data/concordance-1.4/libconcord/web.cpp:138:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = send(sock, s1, strlen(s1), 0);
data/concordance-1.4/libconcord/web.cpp:146:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = send(sock, s2, strlen(s2), 0);
data/concordance-1.4/libconcord/web.cpp:199:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t find_len = strlen(find);
data/concordance-1.4/libconcord/web.cpp:324:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(post_data+strlen(post_data), post_xml_usbnet1, ri.home_id,
data/concordance-1.4/libconcord/web.cpp:327:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(post_data+strlen(post_data), post_xml_usbnet_region,
data/concordance-1.4/libconcord/web.cpp:330:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(post_data+strlen(post_data), "%s", post_xml_usbnet2);
data/concordance-1.4/libconcord/web.cpp:331:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(post_data+strlen(post_data), "%s", ri.xml_user_rf_setting);
data/concordance-1.4/libconcord/web.cpp:332:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(post_data+strlen(post_data), "%s", post_xml_usbnet3);
ANALYSIS SUMMARY:
Hits = 129
Lines analyzed = 11177 in approximately 0.36 seconds (31339 lines/second)
Physical Source Lines of Code (SLOC) = 7937
Hits@level = [0] 305 [1] 37 [2] 77 [3] 2 [4] 13 [5] 0
Hits@level+ = [0+] 434 [1+] 129 [2+] 92 [3+] 15 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 54.6806 [1+] 16.253 [2+] 11.5913 [3+] 1.88988 [4+] 1.6379 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.