Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/donkey-1.2.0/src/btoe.c
Examining data/donkey-1.2.0/src/config.h
Examining data/donkey-1.2.0/src/donkey.c
Examining data/donkey-1.2.0/src/donkey.h
Examining data/donkey-1.2.0/src/md.c
Examining data/donkey-1.2.0/src/md.h
Examining data/donkey-1.2.0/src/passphrase.c
Examining data/donkey-1.2.0/src/skey.c
FINAL RESULTS:
data/donkey-1.2.0/src/donkey.c:139:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(user, defaultuser);
data/donkey-1.2.0/src/donkey.c:199:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seed, defaultseed);
data/donkey-1.2.0/src/donkey.c:247:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(tstr, "%s %s %s %s %s\n", w, m, d, t, y);
data/donkey-1.2.0/src/donkey.c:248:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tstr, " %s %s,%s %s", m, d, y, t);
data/donkey-1.2.0/src/skey.c:30:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, seed);
data/donkey-1.2.0/src/skey.c:31:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, passwd);
data/donkey-1.2.0/src/donkey.c:281:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((optc = getopt_long(argc, argv, "n:ihvf:", longopts, (int *)0))
data/donkey-1.2.0/src/btoe.c:12:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char Wp[2048][4] = { "A", "ABE", "ACE", "ACT", "AD", "ADA", "ADD",
data/donkey-1.2.0/src/btoe.c:271:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cp[9]; /* 64 + 2 = 66 bits */
data/donkey-1.2.0/src/btoe.c:273:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZ];
data/donkey-1.2.0/src/btoe.c:276:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, md, 8);
data/donkey-1.2.0/src/config.h:40:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy ((s), (d), (n))
data/donkey-1.2.0/src/config.h:40:29: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy ((s), (d), (n))
data/donkey-1.2.0/src/config.h:41:30: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memmove(d, s, n) bcopy ((s), (d), (n))
data/donkey-1.2.0/src/donkey.c:100:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out, "%02x", *in++ & 0xff);
data/donkey-1.2.0/src/donkey.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[BUFSIZ];
data/donkey-1.2.0/src/donkey.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqbuf[BUFSIZ];
data/donkey-1.2.0/src/donkey.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defaultseed[SEED_LEN];
data/donkey-1.2.0/src/donkey.c:183:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(defaultseed + SEED_HOST_LEN,
data/donkey-1.2.0/src/donkey.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seed[SEED_LEN];
data/donkey-1.2.0/src/donkey.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase1[PASS_PHRASE_MAX_LEN];
data/donkey-1.2.0/src/donkey.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase2[PASS_PHRASE_MAX_LEN];
data/donkey-1.2.0/src/donkey.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[8];
data/donkey-1.2.0/src/donkey.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[27];
data/donkey-1.2.0/src/donkey.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[16], d[16], y[16], t[16], w[16];
data/donkey-1.2.0/src/donkey.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key2[BUFSIZ];
data/donkey-1.2.0/src/donkey.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase1[PASS_PHRASE_MAX_LEN];
data/donkey-1.2.0/src/donkey.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[8];
data/donkey-1.2.0/src/passphrase.c:102:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfp = fp = fopen("/dev/tty", "r+")) == NULL) {
data/donkey-1.2.0/src/skey.c:43:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result,(char *)results,8);
data/donkey-1.2.0/src/skey.c:61:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, (char *)results, 8);
data/donkey-1.2.0/src/btoe.c:284:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(engout, &Wp[extract(cp, 0, 11)][0], 4);
data/donkey-1.2.0/src/btoe.c:285:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (engout," ");
data/donkey-1.2.0/src/btoe.c:286:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(engout, &Wp[extract(cp, 11, 11)][0], 4);
data/donkey-1.2.0/src/btoe.c:287:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (engout," ");
data/donkey-1.2.0/src/btoe.c:288:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(engout, &Wp[extract(cp, 22, 11)][0], 4);
data/donkey-1.2.0/src/btoe.c:289:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (engout," ");
data/donkey-1.2.0/src/btoe.c:290:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(engout, &Wp[extract(cp, 33, 11)][0], 4);
data/donkey-1.2.0/src/btoe.c:291:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (engout," ");
data/donkey-1.2.0/src/btoe.c:292:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(engout, &Wp[extract(cp, 44, 11)][0], 4);
data/donkey-1.2.0/src/btoe.c:293:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (engout," ");
data/donkey-1.2.0/src/btoe.c:294:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(engout, &Wp[extract(cp, 55, 11)][0], 4);
data/donkey-1.2.0/src/donkey.c:128:17: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int c = getchar();
data/donkey-1.2.0/src/donkey.c:149:17: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int c = getchar();
data/donkey-1.2.0/src/donkey.c:177:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(defaultseed, sys.nodename, SEED_HOST_LEN);
data/donkey-1.2.0/src/donkey.c:189:17: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int c = getchar();
data/donkey-1.2.0/src/passphrase.c:125:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
phrase[strlen(phrase) - 1] = '\0';
data/donkey-1.2.0/src/passphrase.c:129:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(phrase) < PASS_PHRASE_MIN_LEN) {
data/donkey-1.2.0/src/passphrase.c:139:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
phrase[strlen(phrase) - 1] = '\0';
data/donkey-1.2.0/src/skey.c:26:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t buflen = strlen(seed) + strlen(passwd);
data/donkey-1.2.0/src/skey.c:26:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t buflen = strlen(seed) + strlen(passwd);
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 1182 in approximately 0.07 seconds (16204 lines/second)
Physical Source Lines of Code (SLOC) = 877
Hits@level = [0] 20 [1] 20 [2] 24 [3] 1 [4] 6 [5] 0
Hits@level+ = [0+] 71 [1+] 51 [2+] 31 [3+] 7 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 80.9578 [1+] 58.1528 [2+] 35.3478 [3+] 7.98176 [4+] 6.84151 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.