Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dieharder-3.31.1.2/include/dieharder/dab_filltree.h
Examining data/dieharder-3.31.1.2/include/dieharder/brg_types.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_squeeze.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_sums.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_count_1s_byte.h
Examining data/dieharder-3.31.1.2/include/dieharder/dab_filltree2.h
Examining data/dieharder-3.31.1.2/include/dieharder/dab_bytedistrib.h
Examining data/dieharder-3.31.1.2/include/dieharder/sts_serial.h
Examining data/dieharder-3.31.1.2/include/dieharder/rgb_timing.h
Examining data/dieharder-3.31.1.2/include/dieharder/rgb_persist.h
Examining data/dieharder-3.31.1.2/include/dieharder/rgb_kstest_test.h
Examining data/dieharder-3.31.1.2/include/dieharder/std_test.h
Examining data/dieharder-3.31.1.2/include/dieharder/skein.h
Examining data/dieharder-3.31.1.2/include/dieharder/Xtest.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_operm5.h
Examining data/dieharder-3.31.1.2/include/dieharder/dab_dct.h
Examining data/dieharder-3.31.1.2/include/dieharder/rgb_operm.h
Examining data/dieharder-3.31.1.2/include/dieharder/rgb_lagged_sums.h
Examining data/dieharder-3.31.1.2/include/dieharder/sts_runs.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_rank_32x32.h
Examining data/dieharder-3.31.1.2/include/dieharder/dab_monobit2.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_craps.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_dna.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_parking_lot.h
Examining data/dieharder-3.31.1.2/include/dieharder/rgb_minimum_distance.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_rank_6x8.h
Examining data/dieharder-3.31.1.2/include/dieharder/marsaglia_tsang_gorilla.h
Examining data/dieharder-3.31.1.2/include/dieharder/rgb_lmn.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_bitstream.h
Examining data/dieharder-3.31.1.2/include/dieharder/marsaglia_tsang_gcd.h
Examining data/dieharder-3.31.1.2/include/dieharder/dieharder_test_types.h
Examining data/dieharder-3.31.1.2/include/dieharder/skein_port.h
Examining data/dieharder-3.31.1.2/include/dieharder/dieharder_rng_types.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_oqso.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_runs.h
Examining data/dieharder-3.31.1.2/include/dieharder/sts_monobit.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_count_1s_stream.h
Examining data/dieharder-3.31.1.2/include/dieharder/tests.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_opso.h
Examining data/dieharder-3.31.1.2/include/dieharder/rijndael-alg-fst.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_2dsphere.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_3dsphere.h
Examining data/dieharder-3.31.1.2/include/dieharder/rgb_bitdist.h
Examining data/dieharder-3.31.1.2/include/dieharder/diehard_birthdays.h
Examining data/dieharder-3.31.1.2/include/dieharder/rgb_permutations.h
Examining data/dieharder-3.31.1.2/include/dieharder/verbose.h
Examining data/dieharder-3.31.1.2/include/dieharder/Dtest.h
Examining data/dieharder-3.31.1.2/include/dieharder/copyright.h
Examining data/dieharder-3.31.1.2/include/dieharder/parse.h
Examining data/dieharder-3.31.1.2/include/dieharder/brg_endian.h
Examining data/dieharder-3.31.1.2/include/dieharder/libdieharder.h
Examining data/dieharder-3.31.1.2/include/dieharder/Vtest.h
Examining data/dieharder-3.31.1.2/libdieharder/sts_runs.c
Examining data/dieharder-3.31.1.2/libdieharder/sts_serial.c
Examining data/dieharder-3.31.1.2/libdieharder/sample.c
Examining data/dieharder-3.31.1.2/libdieharder/rgb_lmn.c
Examining data/dieharder-3.31.1.2/libdieharder/dab_filltree.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_file_input_raw.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_runs_working.c
Examining data/dieharder-3.31.1.2/libdieharder/rgb_permutations.c
Examining data/dieharder-3.31.1.2/libdieharder/countx.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_oqso.c
Examining data/dieharder-3.31.1.2/libdieharder/Vtest.c
Examining data/dieharder-3.31.1.2/libdieharder/rgb_timing.c
Examining data/dieharder-3.31.1.2/libdieharder/dieharder_rng_types.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_squeeze.c
Examining data/dieharder-3.31.1.2/libdieharder/skein_block_ref.c
Examining data/dieharder-3.31.1.2/libdieharder/rngs_gnu_r.c
Examining data/dieharder-3.31.1.2/libdieharder/rgb_persist.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_file_input.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_rank_6x8.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_dna.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_aes.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_superkiss.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_jenkins.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_runs.c
Examining data/dieharder-3.31.1.2/libdieharder/histogram.c
Examining data/dieharder-3.31.1.2/libdieharder/prob.c
Examining data/dieharder-3.31.1.2/libdieharder/dieharder_test_types.c
Examining data/dieharder-3.31.1.2/libdieharder/rgb_kstest_test.c
Examining data/dieharder-3.31.1.2/libdieharder/rgb_bitdist.c
Examining data/dieharder-3.31.1.2/libdieharder/dab_bytedistrib.c
Examining data/dieharder-3.31.1.2/libdieharder/rngav.c
Examining data/dieharder-3.31.1.2/libdieharder/rgb_minimum_distance.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_birthdays.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_XOR.c
Examining data/dieharder-3.31.1.2/libdieharder/skein_block64.c
Examining data/dieharder-3.31.1.2/libdieharder/sts_monobit.c
Examining data/dieharder-3.31.1.2/libdieharder/marsaglia_tsang_gcd.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_dev_arandom.c
Examining data/dieharder-3.31.1.2/libdieharder/bits.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_count_1s_byte.c
Examining data/dieharder-3.31.1.2/libdieharder/static_get_bits.c
Examining data/dieharder-3.31.1.2/libdieharder/random_seed.c
Examining data/dieharder-3.31.1.2/libdieharder/rgb_lagged_sums.c
Examining data/dieharder-3.31.1.2/libdieharder/timing.c
Examining data/dieharder-3.31.1.2/libdieharder/rank.c
Examining data/dieharder-3.31.1.2/libdieharder/marsaglia_tsang_gorilla.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_3dsphere.c
Examining data/dieharder-3.31.1.2/libdieharder/version.c
Examining data/dieharder-3.31.1.2/libdieharder/bauer/skein_block_ref.c
Examining data/dieharder-3.31.1.2/libdieharder/bauer/skein.h
Examining data/dieharder-3.31.1.2/libdieharder/bauer/rng_aes.c
Examining data/dieharder-3.31.1.2/libdieharder/bauer/skein_block64.c
Examining data/dieharder-3.31.1.2/libdieharder/bauer/skein_port.h
Examining data/dieharder-3.31.1.2/libdieharder/bauer/rijndael-alg-fst.h
Examining data/dieharder-3.31.1.2/libdieharder/bauer/rng_threefish.c
Examining data/dieharder-3.31.1.2/libdieharder/bauer/rijndael-alg-fst.c
Examining data/dieharder-3.31.1.2/libdieharder/dab_monobit2.c
Examining data/dieharder-3.31.1.2/libdieharder/rgb_operm.c
Examining data/dieharder-3.31.1.2/libdieharder/std_test.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_uvag.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_kiss.c
Examining data/dieharder-3.31.1.2/libdieharder/parse.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_stdin_input_raw.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_bitstream.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_count_1s_stream.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_threefish.c
Examining data/dieharder-3.31.1.2/libdieharder/rijndael-alg-fst.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_ca.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_dev_urandom.c
Examining data/dieharder-3.31.1.2/libdieharder/rng_dev_random.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_craps.c
Examining data/dieharder-3.31.1.2/libdieharder/Xtest.c
Examining data/dieharder-3.31.1.2/libdieharder/dab_filltree2.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_sums.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_parking_lot.c
Examining data/dieharder-3.31.1.2/libdieharder/chisq.c
Examining data/dieharder-3.31.1.2/libdieharder/copyright.h
Examining data/dieharder-3.31.1.2/libdieharder/dab_dct.c
Examining data/dieharder-3.31.1.2/libdieharder/kstest.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_opso.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_2dsphere.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_operm5.c
Examining data/dieharder-3.31.1.2/libdieharder/diehard_rank_32x32.c
Examining data/dieharder-3.31.1.2/dieharder/run_all_tests.c
Examining data/dieharder-3.31.1.2/dieharder/dieharder.h
Examining data/dieharder-3.31.1.2/dieharder/output.c
Examining data/dieharder-3.31.1.2/dieharder/user_template.c
Examining data/dieharder-3.31.1.2/dieharder/time_rng.c
Examining data/dieharder-3.31.1.2/dieharder/list_tests.c
Examining data/dieharder-3.31.1.2/dieharder/output_rnds.c
Examining data/dieharder-3.31.1.2/dieharder/choose_rng.c
Examining data/dieharder-3.31.1.2/dieharder/globals.c
Examining data/dieharder-3.31.1.2/dieharder/set_globals.c
Examining data/dieharder-3.31.1.2/dieharder/user_template.h
Examining data/dieharder-3.31.1.2/dieharder/testbits.c
Examining data/dieharder-3.31.1.2/dieharder/list_rand.c
Examining data/dieharder-3.31.1.2/dieharder/help.c
Examining data/dieharder-3.31.1.2/dieharder/run_test.c
Examining data/dieharder-3.31.1.2/dieharder/dieharder.c
Examining data/dieharder-3.31.1.2/dieharder/list_rngs.c
Examining data/dieharder-3.31.1.2/dieharder/output.h
Examining data/dieharder-3.31.1.2/dieharder/dieharder_exit.c
Examining data/dieharder-3.31.1.2/dieharder/parsecl.c
Examining data/dieharder-3.31.1.2/dieharder/copyright.h
Examining data/dieharder-3.31.1.2/dieharder/add_ui_rngs.c
Examining data/dieharder-3.31.1.2/dieharder/rng_empty_random.c
Examining data/dieharder-3.31.1.2/dieharder/add_ui_tests.c
Examining data/dieharder-3.31.1.2/dieharder/rdieharder.c
FINAL RESULTS:
data/dieharder-3.31.1.2/libdieharder/rngs_gnu_r.c:71:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/dieharder-3.31.1.2/dieharder/parsecl.c:56:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc,argv,"aBc:D:d:Ff:g:hi:k:lL:m:n:oO:p:P:S:s:t:Vv:W:X:x:Y:y:Z:z:")) != EOF){
data/dieharder-3.31.1.2/libdieharder/dab_filltree.c:136:16: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (argc > 1) srand((i ^ (atoi(argv[1])<<7)) + (i<<4));
data/dieharder-3.31.1.2/libdieharder/dab_filltree.c:137:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else srand(i);
data/dieharder-3.31.1.2/dieharder/dieharder.h:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char dtest_name[128];
data/dieharder-3.31.1.2/dieharder/dieharder.h:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char generator_name[128];
data/dieharder-3.31.1.2/dieharder/globals.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtest_name[128];
data/dieharder-3.31.1.2/dieharder/globals.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char generator_name[128];
data/dieharder-3.31.1.2/dieharder/globals.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gnames[GVECMAX][128]; /* VECTOR of names to be XOR'd into a "super" generator */
data/dieharder-3.31.1.2/dieharder/globals.c:96:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[K]; /* Input file name */
data/dieharder-3.31.1.2/dieharder/globals.c:141:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char splitbuf[PK][PBUF];
data/dieharder-3.31.1.2/dieharder/output.c:130:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdh_testptr[i], test[i], sizeof(Test));
data/dieharder-3.31.1.2/dieharder/output_rnds.c:56:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename,"w")) == NULL) {
data/dieharder-3.31.1.2/dieharder/parsecl.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table_entry[TLENGTH];
data/dieharder-3.31.1.2/include/dieharder/libdieharder.h:172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char gnames[GVECMAX][128]; /* VECTOR of names to be XOR'd into a "super" generator */
data/dieharder-3.31.1.2/include/dieharder/libdieharder.h:241:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char filename[K]; /* Input file name */
data/dieharder-3.31.1.2/include/dieharder/parse.h:21:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char splitbuf[PK][PBUF];
data/dieharder-3.31.1.2/include/dieharder/skein_port.h:57:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define Skein_Put64_LSB_First(dst08,src64,bCnt) memcpy(dst08,src64,bCnt)
data/dieharder-3.31.1.2/include/dieharder/skein_port.h:58:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define Skein_Get64_LSB_First(dst64,src08,wCnt) memcpy(dst64,src08,8*(wCnt))
data/dieharder-3.31.1.2/libdieharder/bauer/rng_aes.c:34:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[BLOCKS_SIZE];
data/dieharder-3.31.1.2/libdieharder/bauer/rng_threefish.c:35:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[BLOCKS_SIZE];
data/dieharder-3.31.1.2/libdieharder/bauer/skein_block_ref.c:145:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[64];
data/dieharder-3.31.1.2/libdieharder/bauer/skein_block_ref.c:146:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64];
data/dieharder-3.31.1.2/libdieharder/bauer/skein_block_ref.c:147:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char testKey[64];
data/dieharder-3.31.1.2/libdieharder/bauer/skein_block_ref.c:148:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char testTweak[16];
data/dieharder-3.31.1.2/libdieharder/bauer/skein_block_ref.c:173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx.T, testTweak, 16);
data/dieharder-3.31.1.2/libdieharder/bauer/skein_block_ref.c:174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx.Key, testKey, 64);
data/dieharder-3.31.1.2/libdieharder/bauer/skein_port.h:57:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define Skein_Put64_LSB_First(dst08,src64,bCnt) memcpy(dst08,src64,bCnt)
data/dieharder-3.31.1.2/libdieharder/bauer/skein_port.h:58:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define Skein_Get64_LSB_First(dst64,src08,wCnt) memcpy(dst64,src08,8*(wCnt))
data/dieharder-3.31.1.2/libdieharder/dab_filltree.c:136:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) srand((i ^ (atoi(argv[1])<<7)) + (i<<4));
data/dieharder-3.31.1.2/libdieharder/diehard_opso.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[1024][1024];
data/dieharder-3.31.1.2/libdieharder/diehard_oqso.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[32][32][32][32];
data/dieharder-3.31.1.2/libdieharder/dieharder_rng_types.c:139:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((test_fp = fopen("/dev/random","r"))) {
data/dieharder-3.31.1.2/libdieharder/dieharder_rng_types.c:144:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((test_fp = fopen("/dev/urandom","r"))) {
data/dieharder-3.31.1.2/libdieharder/dieharder_rng_types.c:149:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((test_fp = fopen("/dev/arandom","r"))) {
data/dieharder-3.31.1.2/libdieharder/parse.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim[7],*nextval;
data/dieharder-3.31.1.2/libdieharder/parse.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim[7],*nextval;
data/dieharder-3.31.1.2/libdieharder/random_seed.c:40:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devurandom = fopen("/dev/urandom","r")) == NULL) {
data/dieharder-3.31.1.2/libdieharder/rng_aes.c:34:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[BLOCKS_SIZE];
data/dieharder-3.31.1.2/libdieharder/rng_ca.c:52:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char init_config[CA_WIDTH]; // initial configuration of CA
data/dieharder-3.31.1.2/libdieharder/rng_dev_arandom.c:47:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((state->fp = fopen("/dev/arandom","r")) == NULL) {
data/dieharder-3.31.1.2/libdieharder/rng_dev_random.c:47:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((state->fp = fopen("/dev/random","r")) == NULL) {
data/dieharder-3.31.1.2/libdieharder/rng_dev_urandom.c:47:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((state->fp = fopen("/dev/urandom","r")) == NULL) {
data/dieharder-3.31.1.2/libdieharder/rng_file_input.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[K]; /* input buffer */
data/dieharder-3.31.1.2/libdieharder/rng_file_input.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[K]; /* input buffer */
data/dieharder-3.31.1.2/libdieharder/rng_file_input.c:236:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((state->fp = fopen(filename,"r")) == NULL) {
data/dieharder-3.31.1.2/libdieharder/rng_file_input.c:320:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
state->flen = atoi(splitbuf[1]);
data/dieharder-3.31.1.2/libdieharder/rng_file_input.c:329:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
filenumbits = atoi(splitbuf[1]);
data/dieharder-3.31.1.2/libdieharder/rng_file_input_raw.c:196:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((state->fp = fopen(filename,"r")) == NULL) {
data/dieharder-3.31.1.2/libdieharder/rng_threefish.c:35:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[BLOCKS_SIZE];
data/dieharder-3.31.1.2/libdieharder/rng_uvag.c:100:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sindex, svec[255 + WORD]; /* 256 overlapping TYPE seeds */
data/dieharder-3.31.1.2/libdieharder/rng_uvag.c:127:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[256], *kp, temp;
data/dieharder-3.31.1.2/dieharder/parsecl.c:129:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dtest_name,optarg,128);
data/dieharder-3.31.1.2/dieharder/parsecl.c:138:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename,optarg,128);
data/dieharder-3.31.1.2/dieharder/parsecl.c:155:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gnames[gvcount],optarg,128);
data/dieharder-3.31.1.2/dieharder/rdieharder.c:64:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, inputfile, 128);
data/dieharder-3.31.1.2/libdieharder/parse.c:51:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(splitbuf[i],nextval,PBUF);
data/dieharder-3.31.1.2/libdieharder/parse.c:60:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(splitbuf[i], nextval,PBUF);
data/dieharder-3.31.1.2/libdieharder/parse.c:110:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outfields[i++],nextval,maxfieldlength);
data/dieharder-3.31.1.2/libdieharder/parse.c:118:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outfields[i++], nextval,maxfieldlength);
data/dieharder-3.31.1.2/libdieharder/version.c:31:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
version_length = strlen(QUOTEME(VERSION));
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 28363 in approximately 1.18 seconds (23941 lines/second)
Physical Source Lines of Code (SLOC) = 16858
Hits@level = [0] 959 [1] 9 [2] 48 [3] 3 [4] 1 [5] 0
Hits@level+ = [0+] 1020 [1+] 61 [2+] 52 [3+] 4 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 60.5054 [1+] 3.61846 [2+] 3.08459 [3+] 0.237276 [4+] 0.059319 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.