Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/concordance-1.4/libconcord/xml_headers.h Examining data/concordance-1.4/libconcord/libconcord.cpp Examining data/concordance-1.4/libconcord/libhidapi.cpp Examining data/concordance-1.4/libconcord/web.cpp Examining data/concordance-1.4/libconcord/remote.h Examining data/concordance-1.4/libconcord/remote.cpp Examining data/concordance-1.4/libconcord/remote_z.cpp Examining data/concordance-1.4/libconcord/protocol.h Examining data/concordance-1.4/libconcord/operationfile.cpp Examining data/concordance-1.4/libconcord/hid.h Examining data/concordance-1.4/libconcord/usblan.cpp Examining data/concordance-1.4/libconcord/usblan.h Examining data/concordance-1.4/libconcord/binaryfile.cpp Examining data/concordance-1.4/libconcord/libusbhid.cpp Examining data/concordance-1.4/libconcord/operationfile.h Examining data/concordance-1.4/libconcord/lc_internal.h Examining data/concordance-1.4/libconcord/protocol_z.h Examining data/concordance-1.4/libconcord/libconcord.h Examining data/concordance-1.4/libconcord/remote_info.h Examining data/concordance-1.4/libconcord/binaryfile.h Examining data/concordance-1.4/libconcord/web.h Examining data/concordance-1.4/libconcord/remote_mh.cpp Examining data/concordance-1.4/consnoop/consnoop.cpp Examining data/concordance-1.4/concordance/concordance.c FINAL RESULTS: data/concordance-1.4/concordance/concordance.c:130:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output, stage); data/concordance-1.4/libconcord/libconcord.cpp:1088:19: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int xml_len = snprintf(xml_buffer, xml_buffer_len, mh_config_header, data/concordance-1.4/libconcord/libconcord.cpp:1166:27: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. const int chlen = sprintf( data/concordance-1.4/libconcord/operationfile.cpp:180:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "0x%s ", hex.substr(i, 2).c_str()); data/concordance-1.4/libconcord/remote.cpp:59:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(x, GUID_STR, in[0], in[1], in[2], in[3], in[4], in[5], in[6], data/concordance-1.4/libconcord/remote.cpp:64:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(x, GUID_STR, in[3], in[2], in[1], in[0], in[5], in[4], in[7], data/concordance-1.4/libconcord/web.cpp:77:16: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int size = vsnprintf(NULL, 0, format, args); data/concordance-1.4/libconcord/web.cpp:82:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, size, format, args); data/concordance-1.4/libconcord/web.cpp:324:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(post_data+strlen(post_data), post_xml_usbnet1, ri.home_id, data/concordance-1.4/libconcord/web.cpp:327:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(post_data+strlen(post_data), post_xml_usbnet_region, data/concordance-1.4/libconcord/web.cpp:330:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(post_data+strlen(post_data), "%s", post_xml_usbnet2); data/concordance-1.4/libconcord/web.cpp:331:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(post_data+strlen(post_data), "%s", ri.xml_user_rf_setting); data/concordance-1.4/libconcord/web.cpp:332:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(post_data+strlen(post_data), "%s", post_xml_usbnet3); data/concordance-1.4/concordance/concordance.c:386:22: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((tmpint = getopt_long(argc, argv, "bc::C:df::F:hil:rs::t:kKvVw", data/concordance-1.4/consnoop/consnoop.cpp:508:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((tmpint = getopt(argc, argv, "dhf:vz")) != EOF) { data/concordance-1.4/concordance/concordance.c:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[24]; /* 21 + 1 + 1 + \0 */ data/concordance-1.4/concordance/concordance.c:733:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const dow[8] = data/concordance-1.4/consnoop/consnoop.cpp:536:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infile.open(file_name); data/concordance-1.4/libconcord/binaryfile.cpp:59:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int binaryoutfile::open(const char *path) data/concordance-1.4/libconcord/binaryfile.cpp:61:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_f = fopen(path, "wb"); data/concordance-1.4/libconcord/binaryfile.cpp:81:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int binaryinfile::open(const char *path) data/concordance-1.4/libconcord/binaryfile.cpp:83:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_f = fopen(path, "rb"); data/concordance-1.4/libconcord/binaryfile.h:39:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const char*path); data/concordance-1.4/libconcord/binaryfile.h:48:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const char *path); data/concordance-1.4/libconcord/libconcord.cpp:1074:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_str[100]; data/concordance-1.4/libconcord/libconcord.cpp:1086:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xml_buffer[xml_buffer_len]; data/concordance-1.4/libconcord/libconcord.cpp:1148:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (of.open(file_name) != 0) { data/concordance-1.4/libconcord/libconcord.cpp:1372:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (of.open(file_name) != 0) { data/concordance-1.4/libconcord/libconcord.cpp:1492:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (of.open(file_name) != 0) { data/concordance-1.4/libconcord/libconcord.cpp:1522:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[16]; data/concordance-1.4/libconcord/libconcord.cpp:1529:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hex, "%02X", *pf++); data/concordance-1.4/libconcord/libconcord.cpp:1837:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[buflen]; data/concordance-1.4/libconcord/libconcord.cpp:1879:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[buflen]; data/concordance-1.4/libconcord/libconcord.cpp:1909:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[buflen]; data/concordance-1.4/libconcord/libconcord.h:505:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_name[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:506:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char email[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:507:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service_link[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:510:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ssid[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:511:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encryption[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:512:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:513:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connect_status[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:514:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_code[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:517:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ssid[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:518:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signal_strength[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:519:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channel[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libconcord.h:520:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encryption[MH_STRING_LENGTH]; data/concordance-1.4/libconcord/libhidapi.cpp:115:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wide_s[buf_len]; data/concordance-1.4/libconcord/libhidapi.cpp:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[buf_len]; data/concordance-1.4/libconcord/libhidapi.cpp:131:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newdata[1], data, USB_PACKET_LENGTH); data/concordance-1.4/libconcord/libusbhid.cpp:184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[128]; data/concordance-1.4/libconcord/operationfile.cpp:57:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t binary_tag_size = (uint32_t)atoi(binary_tag_size_s.c_str()); data/concordance-1.4/libconcord/operationfile.cpp:71:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const uint8_t checksum = atoi(s.c_str()); data/concordance-1.4/libconcord/operationfile.cpp:129:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(file_name) != 0) { data/concordance-1.4/libconcord/operationfile.cpp:179:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[6]; data/concordance-1.4/libconcord/remote.cpp:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x[48]; data/concordance-1.4/libconcord/remote.cpp:278:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pr, rsp+2, rxlen); data/concordance-1.4/libconcord/remote.cpp:592:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wd+1, pw, block_len); data/concordance-1.4/libconcord/remote_mh.cpp:199:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&msg_read_file[msg_idx], filename, strlen(filename)); data/concordance-1.4/libconcord/remote_mh.cpp:279:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rd_ptr, &rsp[2], len); data/concordance-1.4/libconcord/remote_mh.cpp:340:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&msg_write_file[msg_idx], filename, strlen(filename)); data/concordance-1.4/libconcord/remote_mh.cpp:403:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_pkt[2], wr_ptr, pkt_len); data/concordance-1.4/libconcord/remote_mh.cpp:509:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[buflen]; data/concordance-1.4/libconcord/remote_mh.cpp:535:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guid_char[3]; data/concordance-1.4/libconcord/remote_mh.cpp:627:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rd + len - 4, MH_EOF_BYTES, 4); data/concordance-1.4/libconcord/remote_mh.cpp:740:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tsv[16], tz_str, tz_str_len); data/concordance-1.4/libconcord/remote_mh.cpp:908:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_pkt[2], wr_ptr, pkt_len); data/concordance-1.4/libconcord/remote_z.cpp:92:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt + 4, data, len); data/concordance-1.4/libconcord/remote_z.cpp:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, pkt + 1, pkt[0]); data/concordance-1.4/libconcord/remote_z.cpp:171:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt + 6, data, len); data/concordance-1.4/libconcord/remote_z.cpp:222:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, pkt + 1, len + HID_TCP_HDR_SIZE + HID_UDP_HDR_SIZE - 1); data/concordance-1.4/libconcord/remote_z.cpp:293:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt + 3, data, len); data/concordance-1.4/libconcord/remote_z.cpp:311:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, buf, len); data/concordance-1.4/libconcord/remote_z.cpp:440:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_pkt[4], wr_ptr, pkt_len); data/concordance-1.4/libconcord/remote_z.cpp:646:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rd_ptr, pl.p[1], pkt_len); data/concordance-1.4/libconcord/remote_z.cpp:928:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp, pkt_1, 3); data/concordance-1.4/libconcord/remote_z.cpp:929:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp[3], pkt_2, 54); data/concordance-1.4/libconcord/remote_z.cpp:1029:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prev_pkt_tail, &rsp[56], 3); data/concordance-1.4/libconcord/remote_z.cpp:1032:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rd_ptr, &rsp[5], rlen); data/concordance-1.4/libconcord/usblan.cpp:90:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(sa.sin_addr), addr->h_addr, addr->h_length); data/concordance-1.4/libconcord/usblan.cpp:198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/concordance-1.4/libconcord/usblan.cpp:208:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(sa.sin_addr), addr->h_addr, addr->h_length); data/concordance-1.4/libconcord/web.cpp:101:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[4]; data/concordance-1.4/libconcord/web.cpp:102:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hex, "%%%02X", c); data/concordance-1.4/libconcord/web.cpp:122:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(sa.sin_addr), addr->h_addr, addr->h_length); data/concordance-1.4/libconcord/web.cpp:154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/concordance-1.4/libconcord/web.cpp:294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[32]; data/concordance-1.4/libconcord/web.cpp:300:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "F%08X", carrier_clock); data/concordance-1.4/libconcord/web.cpp:302:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "F%04X", carrier_clock); data/concordance-1.4/libconcord/web.cpp:307:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "P%08X", ir_signal[n++]); data/concordance-1.4/libconcord/web.cpp:309:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "P%04X", ir_signal[n++]); data/concordance-1.4/libconcord/web.cpp:313:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "S%08X", ir_signal[n++]); data/concordance-1.4/libconcord/web.cpp:315:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "S%04X", ir_signal[n++]); data/concordance-1.4/concordance/concordance.c:74:18: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define read_key getchar data/concordance-1.4/concordance/concordance.c:131:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(output, ":"); data/concordance-1.4/concordance/concordance.c:189:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/concordance-1.4/concordance/concordance.c:263:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (index = 0; index < strlen(allowed); index++) { data/concordance-1.4/concordance/concordance.c:816:13: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/concordance-1.4/concordance/concordance.c:907:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mh_get_serial()) != 0) data/concordance-1.4/concordance/concordance.c:1165:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/concordance-1.4/libconcord/binaryfile.cpp:72:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fwrite(c,strlen(c), 1, m_f); data/concordance-1.4/libconcord/binaryfile.cpp:94:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t binaryinfile::read(uint8_t *b, uint32_t len) data/concordance-1.4/libconcord/binaryfile.h:50:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read(uint8_t *b, uint32_t len); data/concordance-1.4/libconcord/libconcord.cpp:1085:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int xml_buffer_len = strlen(mh_config_header) + 100; data/concordance-1.4/libconcord/libconcord.cpp:1165:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ch = new char[strlen(config_header) + 200]; data/concordance-1.4/libconcord/libconcord.cpp:1827:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest, start, len); data/concordance-1.4/libconcord/libconcord.cpp:1868:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(str_buffer.c_str())); data/concordance-1.4/libconcord/libconcord.cpp:1943:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(str_buffer.c_str())); data/concordance-1.4/libconcord/operationfile.cpp:137:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file.read(out, size); data/concordance-1.4/libconcord/remote_mh.cpp:116:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(type_cstr) == 3) { data/concordance-1.4/libconcord/remote_mh.cpp:191:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) > (MH_MAX_PACKET_SIZE - 9)) { data/concordance-1.4/libconcord/remote_mh.cpp:199:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(&msg_read_file[msg_idx], filename, strlen(filename)); data/concordance-1.4/libconcord/remote_mh.cpp:200:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg_idx += strlen(filename); data/concordance-1.4/libconcord/remote_mh.cpp:331:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) > (MH_MAX_PACKET_SIZE - 14)) { data/concordance-1.4/libconcord/remote_mh.cpp:340:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(&msg_write_file[msg_idx], filename, strlen(filename)); data/concordance-1.4/libconcord/remote_mh.cpp:341:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg_idx += strlen(filename); data/concordance-1.4/libconcord/remote_mh.cpp:727:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tz_str_len = strlen(tz_str); data/concordance-1.4/libconcord/usblan.cpp:220:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). err = send(web_sock, http_get_cmd, strlen(http_get_cmd), 0); data/concordance-1.4/libconcord/usblan.cpp:248:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data = new char[strlen(buf_ptr)+1]; data/concordance-1.4/libconcord/usblan.cpp:249:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*data, buf_ptr, strlen(buf_ptr)+1); data/concordance-1.4/libconcord/usblan.cpp:249:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(*data, buf_ptr, strlen(buf_ptr)+1); data/concordance-1.4/libconcord/web.cpp:91:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t len = strlen(in); data/concordance-1.4/libconcord/web.cpp:138:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). err = send(sock, s1, strlen(s1), 0); data/concordance-1.4/libconcord/web.cpp:146:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). err = send(sock, s2, strlen(s2), 0); data/concordance-1.4/libconcord/web.cpp:199:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t find_len = strlen(find); data/concordance-1.4/libconcord/web.cpp:324:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(post_data+strlen(post_data), post_xml_usbnet1, ri.home_id, data/concordance-1.4/libconcord/web.cpp:327:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(post_data+strlen(post_data), post_xml_usbnet_region, data/concordance-1.4/libconcord/web.cpp:330:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(post_data+strlen(post_data), "%s", post_xml_usbnet2); data/concordance-1.4/libconcord/web.cpp:331:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(post_data+strlen(post_data), "%s", ri.xml_user_rf_setting); data/concordance-1.4/libconcord/web.cpp:332:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(post_data+strlen(post_data), "%s", post_xml_usbnet3); ANALYSIS SUMMARY: Hits = 129 Lines analyzed = 11177 in approximately 0.36 seconds (31339 lines/second) Physical Source Lines of Code (SLOC) = 7937 Hits@level = [0] 305 [1] 37 [2] 77 [3] 2 [4] 13 [5] 0 Hits@level+ = [0+] 434 [1+] 129 [2+] 92 [3+] 15 [4+] 13 [5+] 0 Hits/KSLOC@level+ = [0+] 54.6806 [1+] 16.253 [2+] 11.5913 [3+] 1.88988 [4+] 1.6379 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.