Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cowpatty-4.8/utils.h
Examining data/cowpatty-4.8/md5.h
Examining data/cowpatty-4.8/sha1.c
Examining data/cowpatty-4.8/genpmk.c
Examining data/cowpatty-4.8/utils.c
Examining data/cowpatty-4.8/common.h
Examining data/cowpatty-4.8/radiotap.h
Examining data/cowpatty-4.8/sha1.h
Examining data/cowpatty-4.8/md5.c
Examining data/cowpatty-4.8/cowpatty.c
Examining data/cowpatty-4.8/cowpatty.h
FINAL RESULTS:
data/cowpatty-4.8/cowpatty.c:144:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "f:r:s:d:cnhvV")) != EOF) {
data/cowpatty-4.8/genpmk.c:105:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "f:d:s:hvV")) != EOF) {
data/cowpatty-4.8/cowpatty.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/cowpatty-4.8/cowpatty.c:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_buf[65];
data/cowpatty-4.8/cowpatty.c:112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, addr1, ETH_ALEN);
data/cowpatty-4.8/cowpatty.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
data/cowpatty-4.8/cowpatty.c:115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, addr2, ETH_ALEN);
data/cowpatty-4.8/cowpatty.c:116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
data/cowpatty-4.8/cowpatty.c:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 2 * ETH_ALEN, nonce1, 32);
data/cowpatty-4.8/cowpatty.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 2 * ETH_ALEN + 32, nonce2, 32);
data/cowpatty-4.8/cowpatty.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 2 * ETH_ALEN, nonce2, 32);
data/cowpatty-4.8/cowpatty.c:124:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 2 * ETH_ALEN + 32, nonce1, 32);
data/cowpatty-4.8/cowpatty.c:494:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdata->replay_counter1,
data/cowpatty-4.8/cowpatty.c:514:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdata->replay_counter2,
data/cowpatty-4.8/cowpatty.c:548:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdata->replay_counter1,
data/cowpatty-4.8/cowpatty.c:576:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset],
data/cowpatty-4.8/cowpatty.c:580:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdata->replay_counter2,
data/cowpatty-4.8/cowpatty.c:583:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdata->replay_counter3,
data/cowpatty-4.8/cowpatty.c:597:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdata->replay_counter4,
data/cowpatty-4.8/cowpatty.c:718:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mic, hash, MD5_DIGEST_LENGTH); /* only 16 bytes, not 20 */
data/cowpatty-4.8/cowpatty.c:734:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headerssid[33];
data/cowpatty-4.8/cowpatty.c:741:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(opt->hashfile, "rb");
data/cowpatty-4.8/cowpatty.c:757:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&headerssid, hf_head.ssid, hf_head.ssidlen);
data/cowpatty-4.8/cowpatty.c:785:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(passphrase, rec.word, wordlen);
data/cowpatty-4.8/cowpatty.c:871:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(opt->dictfile, "r");
data/cowpatty-4.8/cowpatty.c:978:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase[MAXPASSLEN + 1];
data/cowpatty-4.8/cowpatty.h:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[256];
data/cowpatty-4.8/cowpatty.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dictfile[256];
data/cowpatty-4.8/cowpatty.h:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcapfile[256];
data/cowpatty-4.8/cowpatty.h:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashfile[256];
data/cowpatty-4.8/cowpatty.h:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcapfilename[256];
data/cowpatty-4.8/genpmk.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase[MAXPASSLEN + 1];
data/cowpatty-4.8/genpmk.c:148:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpin = fopen(opt.dictfile, "r");
data/cowpatty-4.8/genpmk.c:166:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf_header.ssid, opt.ssid, strlen(opt.ssid));
data/cowpatty-4.8/genpmk.c:170:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpout = fopen(opt.hashfile, "wb");
data/cowpatty-4.8/genpmk.c:184:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpout = fopen(opt.hashfile, "r+b");
data/cowpatty-4.8/genpmk.c:209:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fopen(opt.hashfile, "ab") == NULL) {
data/cowpatty-4.8/genpmk.c:266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec.pmk, pmk, sizeof(pmk));
data/cowpatty-4.8/md5.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_ipad, key, key_len);
data/cowpatty-4.8/md5.c:69:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_opad, key, key_len);
data/cowpatty-4.8/sha1.c:52:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
data/cowpatty-4.8/sha1.c:53:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k_opad[65]; /* outer padding - key XORd with opad */
data/cowpatty-4.8/sha1.c:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_ipad, key, key_len);
data/cowpatty-4.8/sha1.c:73:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_opad, key, key_len);
data/cowpatty-4.8/sha1.c:86:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cached.k_ipad, &context, sizeof(context));
data/cowpatty-4.8/sha1.c:102:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cached.k_opad, &context, sizeof(context));
data/cowpatty-4.8/sha1.c:136:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[SHA1_MAC_LEN], tmp2[SHA1_MAC_LEN];
data/cowpatty-4.8/sha1.c:138:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char count_buf[4];
data/cowpatty-4.8/sha1.c:156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, tmp, SHA1_MAC_LEN);
data/cowpatty-4.8/sha1.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, tmp2, SHA1_MAC_LEN);
data/cowpatty-4.8/sha1.c:176:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA1_MAC_LEN];
data/cowpatty-4.8/sha1.c:183:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, digest, plen);
data/cowpatty-4.8/sha1.c:220:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[pos], hash, plen);
data/cowpatty-4.8/utils.c:122:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char macstring[18];
data/cowpatty-4.8/cowpatty.c:78:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(message) > 0) {
data/cowpatty-4.8/cowpatty.c:147:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opt->dictfile, optarg, sizeof(opt->dictfile));
data/cowpatty-4.8/cowpatty.c:150:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opt->pcapfile, optarg, sizeof(opt->pcapfile));
data/cowpatty-4.8/cowpatty.c:153:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opt->ssid, optarg, sizeof(opt->ssid));
data/cowpatty-4.8/cowpatty.c:156:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opt->hashfile, optarg, sizeof(opt->hashfile));
data/cowpatty-4.8/cowpatty.c:701:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word[strlen(word) - 1] = '\0';
data/cowpatty-4.8/cowpatty.c:707:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(word));
data/cowpatty-4.8/cowpatty.c:899:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passphrase, strlen(passphrase));
data/cowpatty-4.8/cowpatty.c:918:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pbkdf2_sha1(passphrase, opt->ssid, strlen(opt->ssid), 4096,
data/cowpatty-4.8/cowpatty.c:994:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(capdata.pcapfilename, opt.pcapfile,
data/cowpatty-4.8/cowpatty.c:1038:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(capdata.pcapfilename, opt.pcapfile,
data/cowpatty-4.8/genpmk.c:40:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(message) > 0) {
data/cowpatty-4.8/genpmk.c:71:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word[strlen(word) - 1] = '\0';
data/cowpatty-4.8/genpmk.c:77:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(word));
data/cowpatty-4.8/genpmk.c:108:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opt.dictfile, optarg, sizeof(opt.dictfile));
data/cowpatty-4.8/genpmk.c:111:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opt.hashfile, optarg, sizeof(opt.hashfile));
data/cowpatty-4.8/genpmk.c:114:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opt.ssid, optarg, sizeof(opt.ssid));
data/cowpatty-4.8/genpmk.c:166:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(hf_header.ssid, opt.ssid, strlen(opt.ssid));
data/cowpatty-4.8/genpmk.c:167:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hf_header.ssidlen = strlen(opt.ssid);
data/cowpatty-4.8/genpmk.c:241:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passphrase, strlen(passphrase));
data/cowpatty-4.8/genpmk.c:258:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pbkdf2_sha1(passphrase, opt.ssid, strlen(opt.ssid), 4096,
data/cowpatty-4.8/genpmk.c:267:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rec.rec_size = (strlen(passphrase) + sizeof(rec.rec_size) +
data/cowpatty-4.8/genpmk.c:275:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(passphrase, strlen(passphrase), 1, fpout) != 1) {
data/cowpatty-4.8/sha1.c:141:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t passphrase_len = strlen(passphrase);
data/cowpatty-4.8/sha1.c:203:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t label_len = strlen(label);
data/cowpatty-4.8/utils.c:106:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
ANALYSIS SUMMARY:
Hits = 80
Lines analyzed = 2549 in approximately 0.10 seconds (25999 lines/second)
Physical Source Lines of Code (SLOC) = 1677
Hits@level = [0] 84 [1] 26 [2] 52 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 164 [1+] 80 [2+] 54 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 97.7937 [1+] 47.7042 [2+] 32.2004 [3+] 1.19261 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.