Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/efax-0.9a/efax.c
Examining data/efax-0.9a/efix.c
Examining data/efax-0.9a/efaxlib.h
Examining data/efax-0.9a/efaxlib.c
Examining data/efax-0.9a/efaxmsg.h
Examining data/efax-0.9a/efaxmsg.c
Examining data/efax-0.9a/efaxio.h
Examining data/efax-0.9a/efaxio.c
Examining data/efax-0.9a/efaxos.h
Examining data/efax-0.9a/efaxos.c
FINAL RESULTS:
data/efax-0.9a/efaxos.c:431:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod ( fname , 0444 ) ;
data/efax-0.9a/efax.c:611:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( headerbuf, header, page, pages, page, pages, page, pages ) ;
data/efax-0.9a/efax.c:1701:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( buf, c20 ? "+FIS=%d,%d,%d,%d" : "+FDIS=%d,%d,%d,%d",
data/efax-0.9a/efax.c:1860:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( dsbuf, nowait ? "D%.126s;" : "D%.127s" , s ) ;
data/efax-0.9a/efax.c:1988:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( buf, getty, crate, crate, crate, crate, crate, crate ) ;
data/efax-0.9a/efax.c:1990:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ( "/bin/sh" , "sh" , "-c" , buf , (void*) 0 ) ;
data/efax-0.9a/efax.c:2007:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( buf, vcmd, f->fd, f->fd, f->fd, f->fd, f->fd, f->fd ) ;
data/efax-0.9a/efax.c:2009:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ( "/bin/sh" , "sh" , "-c" , buf , (void*) 0 ) ;
data/efax-0.9a/efax.c:2137:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( buf, c20 ? "+FCC=%d,%d,%d,%d,%d,%d,%d,%d" :
data/efax-0.9a/efax.c:2143:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( buf, c20 ? "+FLI=\"%.*s\"" : "+FLID=\"%.*s\"" ,
data/efax-0.9a/efax.c:2151:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( buf, c20 ? "+FPI=\"%.*s\"" : "+FCIG=\"%.*s\"" ,
data/efax-0.9a/efax.c:2341:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default : fprintf ( stderr, Usage, argv0 ) ; err = 2 ; break ;
data/efax-0.9a/efax.c:2356:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( header = headerbuf, tmp, localid ) ;
data/efax-0.9a/efaxio.c:249:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf, "AT%s\r", s ) ;
data/efax-0.9a/efaxio.c:261:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( lresponse, buf ) ;
data/efax-0.9a/efaxlib.c:1453:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( f->f, PSBEGIN,
data/efax-0.9a/efaxlib.c:1457:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( f->f, PSPAGE,
data/efax-0.9a/efaxlib.c:1787:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( f->f, PCLEND ) ;
data/efax-0.9a/efaxlib.c:1790:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( f->f, PSPAGEEND ) ;
data/efax-0.9a/efaxlib.c:1791:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( f->fname || page<0 ) fprintf ( f->f, PSEND, f->lastpageno ) ;
data/efax-0.9a/efaxlib.c:1826:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( f->cfname, f->fname, page+1, page+1, page+1 ) ;
data/efax-0.9a/efaxlib.c:1863:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( f->f, PCLBEGIN, (int) f->xres ) ;
data/efax-0.9a/efaxmsg.c:70:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ( p, i<127 ? "%c" : CNAMEFMT, i ) ;
data/efax-0.9a/efaxmsg.c:144:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( logfile[i], p, ap ) ;
data/efax-0.9a/efaxos.h:68:12: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern int execl ( const char *path, const char *arg , ... ) ;
data/efax-0.9a/efix.c:293:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
default : fprintf ( stderr, Usage, argv0 ) ; err = 2 ; break ;
data/efax-0.9a/efax.c:194:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *capvaluestr [ NCAP ] [8] = {
data/efax-0.9a/efax.c:222:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c1cmd [ 2 ] [ 2 ] [ 8 ] = {
data/efax-0.9a/efax.c:591:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headerbuf [ MAXLINELEN ] ;
data/efax-0.9a/efax.c:658:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( lastruns, runs, nr * sizeof(short) ) ;
data/efax-0.9a/efax.c:1127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remoteid [ IDLEN + 1 ] ;
data/efax-0.9a/efax.c:1668:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [ CMDBUFSIZE ] ;
data/efax-0.9a/efax.c:1858:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, dsbuf [ 128 ], *p ;
data/efax-0.9a/efax.c:1984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [ MAXGETTY ] ;
data/efax-0.9a/efax.c:2004:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [ MAXGETTY ] ;
data/efax-0.9a/efax.c:2049:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [ CMDBUFSIZE ], model [ CMDBUFSIZE ] = "" ;
data/efax-0.9a/efax.c:2050:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **p, *q, *modelq [2][4] = { { "+FMFR?", "+FMDL?", 0 },
data/efax-0.9a/efax.c:2106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c1spstr [6] = { "24", "48", "72", "96", "121", "145" } ;
data/efax-0.9a/efax.c:2164:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *icmd[3][ MAXICMD+1 ] = {{0},{0},{0}} ; /* initialization commands */
data/efax-0.9a/efax.c:2166:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lkfile [ MAXLKFILE+1 ] = {0} ; /* lock file names */
data/efax-0.9a/efax.c:2217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localid [ IDLEN + 1 ] = DEFID ;
data/efax-0.9a/efax.c:2229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnamepat [ EFAX_PATH_MAX ] ;
data/efax-0.9a/efax.c:2258:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ( localid, "%*.*s", IDLEN, IDLEN, nxtoptarg ) ;
data/efax-0.9a/efax.c:2353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp [ MAXLINELEN ] ;
data/efax-0.9a/efaxio.c:134:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char responses [ MAXRESPB ], *lresponse = responses ;
data/efax-0.9a/efaxio.c:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [ CMDBUFSIZE ], *p = "" ;
data/efax-0.9a/efaxlib.c:349:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char right [ 9 ] = {
data/efax-0.9a/efaxlib.c:425:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *iformatname [ NIFORMATS ] = IFORMATS ;
data/efax-0.9a/efaxlib.c:426:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *oformatname [ NOFORMATS ] = OFORMATS ;
data/efax-0.9a/efaxlib.c:427:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pformatname [ NPFORMATS ] = PFORMATS ;
data/efax-0.9a/efaxlib.c:952:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [ MAXLINELEN ] ;
data/efax-0.9a/efaxlib.c:1173:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f->f = fopen ( f->page->fname, (f->page->format == P_TEXT) ? "r" : "rb" ) ;
data/efax-0.9a/efaxlib.c:1243:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ! ( f->f = fopen ( *p, "rb" ) ) )
data/efax-0.9a/efaxlib.c:1493:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char last [ MAXBITS ] ;
data/efax-0.9a/efaxlib.c:1537:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( last, buf, n ) ;
data/efax-0.9a/efaxlib.c:1829:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f->f = fopen ( f->cfname, ( f->format == O_PS ) ? "w" : "wb+" ) ;
data/efax-0.9a/efaxlib.c:1838:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ( f->cfname, "standard output" ) ;
data/efax-0.9a/efaxlib.c:1993:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fnames [2] = { 0, 0 } ;
data/efax-0.9a/efaxlib.h:106:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *iformatname [ NIFORMATS ] ;
data/efax-0.9a/efaxlib.h:107:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *oformatname [ NOFORMATS ] ;
data/efax-0.9a/efaxlib.h:108:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *pformatname [ NPFORMATS ] ;
data/efax-0.9a/efaxlib.h:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text [ MAXLINELEN ] ; /* TEXT: current string */
data/efax-0.9a/efaxlib.h:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfname [ EFAX_PATH_MAX + 1 ] ; /* current file name */
data/efax-0.9a/efaxmsg.c:15:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *verb[NLOG] = { "ewin", "" } ;
data/efax-0.9a/efaxmsg.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf [ MAXTSTAMP ] ;
data/efax-0.9a/efaxmsg.c:58:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cnametab [ 256 ] = { /* character names */
data/efax-0.9a/efaxmsg.c:63:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char names[ (127-32)*2 + 129*(CNAMELEN) ] ;
data/efax-0.9a/efaxmsg.c:94:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msgbuf [ NLOG ] [ MAXMSGBUF ] ;
data/efax-0.9a/efaxos.c:313:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tinit ( f, open ( fname, O_RDWR | O_NDELAY | O_NOCTTY ), reverse, hwfc ) ;
data/efax-0.9a/efaxos.c:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [ EFAX_PATH_MAX ] = "" ;
data/efax-0.9a/efaxos.c:356:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( fname && ( f = fopen ( fname , "r" ) ) ) {
data/efax-0.9a/efaxos.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p , buf [ EFAX_PATH_MAX ] = "" ;
data/efax-0.9a/efaxos.c:414:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ( buf , "%.*sTMP..%05d" , dirlen , fname , (int) pid ) ;
data/efax-0.9a/efaxos.c:415:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ! ( f = fopen( buf, "w" ) ) )
data/efax-0.9a/efaxos.h:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char normalbits [ ] ;
data/efax-0.9a/efaxos.h:40:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf [ IBUFSIZE ] ;
data/efax-0.9a/efix.c:99:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return p && *p ? atoi ( *p ) : -1 ;
data/efax-0.9a/efix.c:241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **ifnames, *ovfnames [ 2 ] = { 0, 0 } ;
data/efax-0.9a/efax.c:2060:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat ( model, " " ) ;
data/efax-0.9a/efax.c:2089:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat ( model, " " ) ;
data/efax-0.9a/efax.c:2254:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( nxtoptarg ) > IDLEN )
data/efax-0.9a/efax.c:2256:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strspn ( nxtoptarg, " +0123456789" ) != strlen ( nxtoptarg ) )
data/efax-0.9a/efax.c:2383:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat ( fnamepat, ".%03d", EFAX_PATH_MAX - strlen ( fnamepat ) ) ;
data/efax-0.9a/efax.c:2383:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat ( fnamepat, ".%03d", EFAX_PATH_MAX - strlen ( fnamepat ) ) ;
data/efax-0.9a/efaxio.c:141:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lens = strlen ( s ) ;
data/efax-0.9a/efaxio.c:142:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( p=responses ; p<lresponse ; p += strlen(p) + 1 ) {
data/efax-0.9a/efaxio.c:147:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenr = strlen ( r ) ;
data/efax-0.9a/efaxio.c:169:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( p=responses ; p<lresponse && !r ; p += strlen(p) + 1 )
data/efax-0.9a/efaxio.c:189:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( q = p+strlen(p)-1 ; q>=p && isspace(*q) ; q-- ) ;
data/efax-0.9a/efaxio.c:191:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( n + strlen(buf) < len )
data/efax-0.9a/efaxio.c:192:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat ( buf, p, n ) ;
data/efax-0.9a/efaxio.c:194:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat ( buf, p, len - strlen(buf) - 1 ) ;
data/efax-0.9a/efaxio.c:194:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat ( buf, p, len - strlen(buf) - 1 ) ;
data/efax-0.9a/efaxio.c:209:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ( *p && strncmp ( *p+1, s, strlen ( *p+1 ) ) ) p++ ;
data/efax-0.9a/efaxio.c:246:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(s) >= CMDBUFSIZE-4 ) {
data/efax-0.9a/efaxio.c:250:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tput ( f, buf, strlen(buf) ) ;
data/efax-0.9a/efaxio.c:260:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( resplen += strlen ( buf ) + 1 ) <= MAXRESPB ) {
data/efax-0.9a/efaxio.c:262:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lresponse += strlen ( buf ) + 1 ;
data/efax-0.9a/efaxlib.c:319:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( ! isdigit ( c = fgetc ( f->f ) ) && c >= 0 )
data/efax-0.9a/efaxlib.c:321:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( ( c = fgetc ( f->f ) ) != '\n' && c >= 0 ) ;
data/efax-0.9a/efaxlib.c:326:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( isdigit ( c = fgetc ( f->f ) ) && c >= 0 )
data/efax-0.9a/efaxlib.c:468:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( ( c = fgetc ( f->f ) ) == EOF ) {
data/efax-0.9a/efaxlib.c:530:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( ( c = fgetc ( f->f ) ) < 0 ) {
data/efax-0.9a/efaxlib.c:535:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc ( f->f ) ;
data/efax-0.9a/efaxlib.c:536:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( ( c = fgetc ( f->f ) ) < 0 ) {
data/efax-0.9a/efaxlib.c:1033:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc ( f->f ) + fgetc ( f->f ) * 256 ;
data/efax-0.9a/efaxlib.c:1033:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc ( f->f ) + fgetc ( f->f ) * 256 ;
data/efax-0.9a/efaxlib.c:1056:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nc = fgetc ( f->f ) ;
data/efax-0.9a/efaxmsg.c:71:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen ( p ) + 1 ;
data/efax-0.9a/efaxos.c:134:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( ( n = read( f->fd, f->ibuf, IBUFSIZE ) ) < 0 )
data/efax-0.9a/efaxos.c:413:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = ( p = strrchr( fname , '/' ) ) ? p-fname+1 : strlen ( fname ) ;
data/efax-0.9a/efix.c:170:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( ( c = fgetc ( stdin ) ) >= 0 ) {
ANALYSIS SUMMARY:
Hits = 112
Lines analyzed = 6691 in approximately 0.21 seconds (31515 lines/second)
Physical Source Lines of Code (SLOC) = 4629
Hits@level = [0] 18 [1] 34 [2] 52 [3] 0 [4] 25 [5] 1
Hits@level+ = [0+] 130 [1+] 112 [2+] 78 [3+] 26 [4+] 26 [5+] 1
Hits/KSLOC@level+ = [0+] 28.0838 [1+] 24.1953 [2+] 16.8503 [3+] 5.61676 [4+] 5.61676 [5+] 0.216029
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.