Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/detachtty-11.0.0/config.h
Examining data/detachtty-11.0.0/copy-stream.c
Examining data/detachtty-11.0.0/errors.c
Examining data/detachtty-11.0.0/forkpty.c
Examining data/detachtty-11.0.0/forkpty.h
Examining data/detachtty-11.0.0/attachtty.c
Examining data/detachtty-11.0.0/detachtty.c
FINAL RESULTS:
data/detachtty-11.0.0/attachtty.c:344:5: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("ssh", "ssh", "-t", host, "attachtty", path, text, timeout_str, (char *)NULL);
data/detachtty-11.0.0/errors.c:39:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
n=vfprintf(log_fp, format, ap);
data/detachtty-11.0.0/errors.c:50:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(log_fp, format, ap);
data/detachtty-11.0.0/forkpty.c:41:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (name) strcpy(name, slavename);
data/detachtty-11.0.0/attachtty.c:198:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int read_timeout = atoi(timeout_str);
data/detachtty-11.0.0/copy-stream.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[buf_capacity + 1];
data/detachtty-11.0.0/copy-stream.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[sizeof(struct cmsghdr)+sizeof(int)];
data/detachtty-11.0.0/copy-stream.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[sizeof(struct cmsghdr)+sizeof(int)+100];
data/detachtty-11.0.0/detachtty.c:75:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_fp = fopen(log_file_path,"a");
data/detachtty-11.0.0/detachtty.c:88:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dribble_fd = open(dribble_path, O_WRONLY|O_CREAT|O_APPEND,0600);
data/detachtty-11.0.0/detachtty.c:153:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_null = open("/dev/null",O_RDWR);
data/detachtty-11.0.0/detachtty.c:159:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pid_file_path, "w");
data/detachtty-11.0.0/detachtty.c:292:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidbuf[80];
data/detachtty-11.0.0/detachtty.c:311:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(pid_file_path,"r");
data/detachtty-11.0.0/detachtty.c:314:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oldpid = atoi(pidbuf);
data/detachtty-11.0.0/forkpty.c:37:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdm = open("/dev/ptmx", O_RDWR); /* open master */
data/detachtty-11.0.0/forkpty.c:57:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fds = open(slavename, O_RDWR); /* open slave */
data/detachtty-11.0.0/forkpty.c:95:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!noclose && (fd = open("/dev/null", O_RDWR, 0)) != -1) {
data/detachtty-11.0.0/attachtty.c:239:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int text_len = text ? strlen(text) : 0;
data/detachtty-11.0.0/attachtty.c:244:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s_a.sun_path,path,UNIX_PATH_MAX);
data/detachtty-11.0.0/copy-stream.c:154:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(in_fd, buf, buf_capacity);
data/detachtty-11.0.0/detachtty.c:138:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask(077);
data/detachtty-11.0.0/detachtty.c:140:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/detachtty-11.0.0/detachtty.c:302:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, socket_path, UNIX_PATH_MAX);
ANALYSIS SUMMARY:
Hits = 24
Lines analyzed = 1302 in approximately 0.06 seconds (22714 lines/second)
Physical Source Lines of Code (SLOC) = 882
Hits@level = [0] 10 [1] 6 [2] 14 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 34 [1+] 24 [2+] 18 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 38.5488 [1+] 27.2109 [2+] 20.4082 [3+] 4.53515 [4+] 4.53515 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.