Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dbf2mysql-1.14a/dbf.h
Examining data/dbf2mysql-1.14a/endian.c
Examining data/dbf2mysql-1.14a/dbf.c
Examining data/dbf2mysql-1.14a/dbf2mysql.c
Examining data/dbf2mysql-1.14a/mysql2dbf.c
FINAL RESULTS:
data/dbf2mysql-1.14a/dbf.c:828:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(foo, format, fl);
data/dbf2mysql-1.14a/dbf.c:830:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(foo, rec[t].db_contents);
data/dbf2mysql-1.14a/dbf2mysql.c:113:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (flist2, flist);
data/dbf2mysql-1.14a/dbf2mysql.c:167:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbh->db_fields[i].db_name,newname);
data/dbf2mysql-1.14a/dbf2mysql.c:203:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "CREATE TABLE %s (", table);
data/dbf2mysql-1.14a/dbf2mysql.c:222:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(query, dbh->db_fields[i].db_name);
data/dbf2mysql-1.14a/dbf2mysql.c:230:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(query, t);
data/dbf2mysql-1.14a/dbf2mysql.c:260:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(query, t);
data/dbf2mysql-1.14a/dbf2mysql.c:296:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (query, s);
data/dbf2mysql-1.14a/dbf2mysql.c:394:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "INSERT INTO %s VALUES (",table);
data/dbf2mysql-1.14a/dbf2mysql.c:573:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (query, "LOAD DATA LOCAL INFILE '%s' REPLACE INTO table %s fields terminated by ',' enclosed by ''''",
data/dbf2mysql-1.14a/dbf2mysql.c:772:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "DROP TABLE %s", table);
data/dbf2mysql-1.14a/mysql2dbf.c:131:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "SELECT * FROM %s", table);
data/dbf2mysql-1.14a/mysql2dbf.c:279:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rec[t].db_contents, qrow[t]);
data/dbf2mysql-1.14a/dbf2mysql.c:401:17: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
datafile = tempnam ("/tmp", "d2my");
data/dbf2mysql-1.14a/dbf2mysql.c:605:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "xqLfFrne:lucvi:h:p:d:t:s:o:U:P:")) != EOF) {
data/dbf2mysql-1.14a/mysql2dbf.c:60:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "lucvq:h:d:t:p:U:P:")) != EOF) {
data/dbf2mysql-1.14a/dbf.c:80:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file_no = open(file, flags)) == -1) {
data/dbf2mysql-1.14a/dbf.c:196:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"FPT");
data/dbf2mysql-1.14a/dbf.c:198:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"fpt");
data/dbf2mysql-1.14a/dbf.c:199:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbh->db_memofd = open(sp, flags)) == -1)
data/dbf2mysql-1.14a/dbf.c:202:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"fpt");
data/dbf2mysql-1.14a/dbf.c:204:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"FPT");
data/dbf2mysql-1.14a/dbf.c:205:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbh->db_memofd = open(sp, flags)) == -1)
data/dbf2mysql-1.14a/dbf.c:207:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/dbf2mysql-1.14a/dbf.c:211:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"fpt");
data/dbf2mysql-1.14a/dbf.c:213:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"FPT");
data/dbf2mysql-1.14a/dbf.c:254:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"DBT");
data/dbf2mysql-1.14a/dbf.c:256:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"dbt");
data/dbf2mysql-1.14a/dbf.c:257:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbh->db_memofd = open(sp, flags)) == -1)
data/dbf2mysql-1.14a/dbf.c:260:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"dbt");
data/dbf2mysql-1.14a/dbf.c:262:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"DBT");
data/dbf2mysql-1.14a/dbf.c:263:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbh->db_memofd = open(sp, flags)) == -1)
data/dbf2mysql-1.14a/dbf.c:265:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/dbf2mysql-1.14a/dbf.c:269:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"dbt");
data/dbf2mysql-1.14a/dbf.c:271:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&sp[i-2],"DBT");
data/dbf2mysql-1.14a/dbf.c:459:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbh->db_fd = open(name, flags, DBF_FILE_MODE)) == -1) {
data/dbf2mysql-1.14a/dbf.c:464:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbh->db_fd = open(name, flags)) == -1) {
data/dbf2mysql-1.14a/dbf.c:575:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncpy(fields[t].db_contents, (char *)dbffield, fields[t].db_flen);
data/dbf2mysql-1.14a/dbf.c:577:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blknum = atol(fields[t].db_contents);
data/dbf2mysql-1.14a/dbf.c:717:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!(fields[t].db_contents = (char *)malloc(fields[t].db_blen)))
data/dbf2mysql-1.14a/dbf.c:751:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[128], format[32];
data/dbf2mysql-1.14a/dbf.c:754:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newdate[10];
data/dbf2mysql-1.14a/dbf.c:827:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(format, "%%.%df", rec[t].db_dec);
data/dbf2mysql-1.14a/dbf.c:875:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/dbf2mysql-1.14a/dbf.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbf_name[DBF_NAMELEN]; /* field-name terminated with \0 */
data/dbf2mysql-1.14a/dbf.h:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[DBF_NAMELEN]; /* field-name terminated with \0 */
data/dbf2mysql-1.14a/dbf.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[DBF_NAMELEN]; /* field-name terminated with \0 */
data/dbf2mysql-1.14a/dbf2mysql.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char primary[11];
data/dbf2mysql-1.14a/dbf2mysql.c:72:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( strcmp((char *) row[0], table) == 0) {
data/dbf2mysql-1.14a/dbf2mysql.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[20];
data/dbf2mysql-1.14a/dbf2mysql.c:205:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (query,
data/dbf2mysql-1.14a/dbf2mysql.c:207:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (query,"_timestamp timestamp(14),\n");
data/dbf2mysql-1.14a/dbf2mysql.c:216:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, ",\n\t");
data/dbf2mysql-1.14a/dbf2mysql.c:226:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " varchar");
data/dbf2mysql-1.14a/dbf2mysql.c:228:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " char");
data/dbf2mysql-1.14a/dbf2mysql.c:229:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"(%d)",dbh->db_fields[i].db_flen);
data/dbf2mysql-1.14a/dbf2mysql.c:235:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " real"); /* decimal the better choice? */
data/dbf2mysql-1.14a/dbf2mysql.c:237:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " int");
data/dbf2mysql-1.14a/dbf2mysql.c:243:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " enum('F','T')");
data/dbf2mysql-1.14a/dbf2mysql.c:247:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " date");
data/dbf2mysql-1.14a/dbf2mysql.c:251:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " text");
data/dbf2mysql-1.14a/dbf2mysql.c:255:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " double");
data/dbf2mysql-1.14a/dbf2mysql.c:259:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t," decimal(15,%d)",dbh->db_fields[i].db_dec);
data/dbf2mysql-1.14a/dbf2mysql.c:264:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " blob");
data/dbf2mysql-1.14a/dbf2mysql.c:268:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " blob");
data/dbf2mysql-1.14a/dbf2mysql.c:272:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " decimal(21,4)");
data/dbf2mysql-1.14a/dbf2mysql.c:276:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " datetime");
data/dbf2mysql-1.14a/dbf2mysql.c:280:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " int");
data/dbf2mysql-1.14a/dbf2mysql.c:285:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, " not null primary key");
data/dbf2mysql-1.14a/dbf2mysql.c:288:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query," not null");
data/dbf2mysql-1.14a/dbf2mysql.c:295:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (query, ",INDEX(");
data/dbf2mysql-1.14a/dbf2mysql.c:301:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, ")\n");
data/dbf2mysql-1.14a/dbf2mysql.c:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[257], *cvt = NULL, *s;
data/dbf2mysql-1.14a/dbf2mysql.c:341:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fconv = fopen (convert, "rt")) == NULL )
data/dbf2mysql-1.14a/dbf2mysql.c:345:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nc = atoi (fgets (str, 256, fconv));
data/dbf2mysql-1.14a/dbf2mysql.c:357:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cvt[i++] = atoi (strtok (str, " \t"));
data/dbf2mysql-1.14a/dbf2mysql.c:358:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cvt[i] = atoi (strtok (NULL, " \t"));
data/dbf2mysql-1.14a/dbf2mysql.c:398:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(query, "NULL,NULL,");
data/dbf2mysql-1.14a/dbf2mysql.c:402:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempfile = fopen (datafile, "wt");
data/dbf2mysql-1.14a/dbf2mysql.c:506:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vpos, "NULL");
data/dbf2mysql-1.14a/dbf.c:89:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(file_no, head, sizeof(dbf_header)) == -1) {
data/dbf2mysql-1.14a/dbf.c:154:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(file_no, fieldc, sizeof(dbf_field));
data/dbf2mysql-1.14a/dbf.c:160:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fields[t].db_name, fieldc->dbf_name, DBF_NAMELEN);
data/dbf2mysql-1.14a/dbf.c:191:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(sp)-1;
data/dbf2mysql-1.14a/dbf.c:226:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(dbh->db_memofd, dbh->mb_buffer, sizeof(dbf_memo_header)) != sizeof(dbf_memo_header))
data/dbf2mysql-1.14a/dbf.c:284:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(dbh->db_memofd, dbh->mb_buffer, sizeof(dbf_memo_header)) != sizeof(dbf_memo_header))
data/dbf2mysql-1.14a/dbf.c:403:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(field.dbf_name, dbh->db_fields[t].db_name, DBF_NAMELEN - 1);
data/dbf2mysql-1.14a/dbf.c:433:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dbh->db_fields[field_no].db_name, name, DBF_NAMELEN);
data/dbf2mysql-1.14a/dbf.c:541:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(dbh->db_fd, dbh->db_buff, dbh->db_rlen);
data/dbf2mysql-1.14a/dbf.c:558:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fields[t].db_contents, (char *)dbffield, i);
data/dbf2mysql-1.14a/dbf.c:575:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fields[t].db_contents, (char *)dbffield, fields[t].db_flen);
data/dbf2mysql-1.14a/dbf.c:594:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = fields[t].db_contents + strlen(fields[t].db_contents) + 1;
data/dbf2mysql-1.14a/dbf.c:666:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fields[t].db_contents, end, i);
data/dbf2mysql-1.14a/dbf.c:726:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fields[t].db_name, dbh->db_fields[t].db_name, DBF_NAMELEN);
data/dbf2mysql-1.14a/dbf.c:803:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec[t].db_contents) > rec[t].db_flen) {
data/dbf2mysql-1.14a/dbf.c:806:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(rec[t].db_contents);
data/dbf2mysql-1.14a/dbf.c:808:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)&data[idx], rec[t].db_contents, length);
data/dbf2mysql-1.14a/dbf.c:819:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)&data[idx], newdate, 8);
data/dbf2mysql-1.14a/dbf.c:832:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(foo) > rec[t].db_flen) {
data/dbf2mysql-1.14a/dbf.c:835:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(foo);
data/dbf2mysql-1.14a/dbf.c:838:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)&data[idx+h], foo, length);
data/dbf2mysql-1.14a/dbf.c:894:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read(dbh->db_memofd, dbh->mb_buffer, sizeof(dbf_memo_block_header))) < 0)
data/dbf2mysql-1.14a/dbf.c:918:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read(dbh->db_memofd, dbh->mb_buffer, len)) < 0)
data/dbf2mysql-1.14a/dbf.c:942:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fldp->db_contents, (char *)dbh->mb_buffer, len);
data/dbf2mysql-1.14a/dbf.c:976:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(dbh->db_memofd, sp, DBF_DBT_BLOCK_SIZE) < DBF_DBT_BLOCK_SIZE)
data/dbf2mysql-1.14a/dbf.c:1007:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fldp->db_contents, (char *)dbh->mb_buffer, len);
data/dbf2mysql-1.14a/dbf.c:1012:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read(dbh->db_memofd, dbh->mb_buffer, sizeof(dbf_memo_block_header))) < 0)
data/dbf2mysql-1.14a/dbf.c:1038:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read(dbh->db_memofd, dbh->mb_buffer, len)) < 0)
data/dbf2mysql-1.14a/dbf.c:1053:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fldp->db_contents, (char *)dbh->mb_buffer, len);
data/dbf2mysql-1.14a/dbf2mysql.c:102:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (flist2 = malloc (strlen(flist)*sizeof(char) + 1)) == NULL)
data/dbf2mysql-1.14a/dbf2mysql.c:148:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (oldname && strlen(oldname) && (p=strstr(oldname,"=")) ) {
data/dbf2mysql-1.14a/dbf2mysql.c:151:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname)) { /* if not an empty string */
data/dbf2mysql-1.14a/dbf2mysql.c:158:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname)>=DBF_NAMELEN) {
data/dbf2mysql-1.14a/dbf2mysql.c:196:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(dbh->db_nfields * 60) + 29 + strlen(table)))) {
data/dbf2mysql-1.14a/dbf2mysql.c:211:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(dbh->db_fields[i].db_name)) {
data/dbf2mysql-1.14a/dbf2mysql.c:297:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (query, ")");
data/dbf2mysql-1.14a/dbf2mysql.c:307:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbh->db_nfields, (dbh->db_nfields * 60) + 29 + strlen(table), strlen(query));
data/dbf2mysql-1.14a/dbf2mysql.c:307:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbh->db_nfields, (dbh->db_nfields * 60) + 29 + strlen(table), strlen(query));
data/dbf2mysql-1.14a/dbf2mysql.c:385:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(query = (char *)malloc( (express*10) + 26 + strlen(table) + val_len + VAL_EXTRA))) {
data/dbf2mysql-1.14a/dbf2mysql.c:410:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_pos = strlen(query);
data/dbf2mysql-1.14a/dbf2mysql.c:428:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(fields[h].db_name))
data/dbf2mysql-1.14a/dbf2mysql.c:453:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (fields[h].db_contents, pos, strlen (pos) + 1);
data/dbf2mysql-1.14a/dbf2mysql.c:481:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newsiz = base_pos + val_used + strlen(pos) + VAL_EXTRA;
data/dbf2mysql-1.14a/dbf2mysql.c:655:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(primary, optarg, 11);
data/dbf2mysql-1.14a/dbf2mysql.c:765:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(query = (char *)malloc(12 + strlen(table)))) {
data/dbf2mysql-1.14a/mysql2dbf.c:130:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query = (char *)malloc(14+strlen(table));
ANALYSIS SUMMARY:
Hits = 127
Lines analyzed = 2402 in approximately 0.09 seconds (26452 lines/second)
Physical Source Lines of Code (SLOC) = 1972
Hits@level = [0] 107 [1] 46 [2] 64 [3] 3 [4] 14 [5] 0
Hits@level+ = [0+] 234 [1+] 127 [2+] 81 [3+] 17 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 118.661 [1+] 64.4016 [2+] 41.0751 [3+] 8.62069 [4+] 7.09939 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.