Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/efitools-1.9.2/HashTool.c
Examining data/efitools-1.9.2/HelloWorld.c
Examining data/efitools-1.9.2/KeyTool.c
Examining data/efitools-1.9.2/Loader.c
Examining data/efitools-1.9.2/LockDown.c
Examining data/efitools-1.9.2/PreLoader.c
Examining data/efitools-1.9.2/ReadVars.c
Examining data/efitools-1.9.2/SetNull.c
Examining data/efitools-1.9.2/ShimReplace.c
Examining data/efitools-1.9.2/UpdateVars.c
Examining data/efitools-1.9.2/cert-to-efi-hash-list.c
Examining data/efitools-1.9.2/cert-to-efi-sig-list.c
Examining data/efitools-1.9.2/efi-keytool.c
Examining data/efitools-1.9.2/efi-readvar.c
Examining data/efitools-1.9.2/efi-updatevar.c
Examining data/efitools-1.9.2/flash-var.c
Examining data/efitools-1.9.2/hash-to-efi-sig-list.c
Examining data/efitools-1.9.2/include/PeImage.h
Examining data/efitools-1.9.2/include/buildefi.h
Examining data/efitools-1.9.2/include/configtable.h
Examining data/efitools-1.9.2/include/console.h
Examining data/efitools-1.9.2/include/efiauthenticated.h
Examining data/efitools-1.9.2/include/errors.h
Examining data/efitools-1.9.2/include/execute.h
Examining data/efitools-1.9.2/include/guid.h
Examining data/efitools-1.9.2/include/kernel_efivars.h
Examining data/efitools-1.9.2/include/openssl_sign.h
Examining data/efitools-1.9.2/include/pecoff.h
Examining data/efitools-1.9.2/include/pkcs7verify.h
Examining data/efitools-1.9.2/include/security_policy.h
Examining data/efitools-1.9.2/include/sha256.h
Examining data/efitools-1.9.2/include/shell.h
Examining data/efitools-1.9.2/include/shim_protocol.h
Examining data/efitools-1.9.2/include/simple_file.h
Examining data/efitools-1.9.2/include/variableformat.h
Examining data/efitools-1.9.2/include/variables.h
Examining data/efitools-1.9.2/include/variables_iterators.h
Examining data/efitools-1.9.2/include/version.h
Examining data/efitools-1.9.2/include/wincert.h
Examining data/efitools-1.9.2/include/x509.h
Examining data/efitools-1.9.2/lib/asn1/asn1.c
Examining data/efitools-1.9.2/lib/asn1/asn1.h
Examining data/efitools-1.9.2/lib/asn1/asn1_parser.c
Examining data/efitools-1.9.2/lib/asn1/asn1_parser.h
Examining data/efitools-1.9.2/lib/asn1/chunk.c
Examining data/efitools-1.9.2/lib/asn1/chunk.h
Examining data/efitools-1.9.2/lib/asn1/enumerator.c
Examining data/efitools-1.9.2/lib/asn1/enumerator.h
Examining data/efitools-1.9.2/lib/asn1/identification.c
Examining data/efitools-1.9.2/lib/asn1/identification.h
Examining data/efitools-1.9.2/lib/asn1/oid.c
Examining data/efitools-1.9.2/lib/asn1/oid.h
Examining data/efitools-1.9.2/lib/asn1/test.c
Examining data/efitools-1.9.2/lib/asn1/typedefs.h
Examining data/efitools-1.9.2/lib/asn1/x509.c
Examining data/efitools-1.9.2/lib/configtable.c
Examining data/efitools-1.9.2/lib/console.c
Examining data/efitools-1.9.2/lib/execute.c
Examining data/efitools-1.9.2/lib/guid.c
Examining data/efitools-1.9.2/lib/kernel_efivars.c
Examining data/efitools-1.9.2/lib/openssl_sign.c
Examining data/efitools-1.9.2/lib/pecoff.c
Examining data/efitools-1.9.2/lib/pkcs7verify.c
Examining data/efitools-1.9.2/lib/security_policy.c
Examining data/efitools-1.9.2/lib/sha256.c
Examining data/efitools-1.9.2/lib/shell.c
Examining data/efitools-1.9.2/lib/shim_protocol.c
Examining data/efitools-1.9.2/lib/simple_file.c
Examining data/efitools-1.9.2/lib/variables.c
Examining data/efitools-1.9.2/sig-list-to-certs.c
Examining data/efitools-1.9.2/sign-efi-sig-list.c
FINAL RESULTS:
data/efitools-1.9.2/HashTool.c:89:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf0, L"Enroll this hash into ");
data/efitools-1.9.2/HashTool.c:91:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(buf0, L"UEFI signature database?");
data/efitools-1.9.2/HashTool.c:93:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(buf0, L"MOK database?");
data/efitools-1.9.2/HashTool.c:96:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf1, L"File: ");
data/efitools-1.9.2/HashTool.c:97:2: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(buf1, file_name);
data/efitools-1.9.2/HashTool.c:99:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf2, L"Hash: ");
data/efitools-1.9.2/HashTool.c:198:3: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(line2, L"Platform is in ");
data/efitools-1.9.2/HashTool.c:199:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(line2, SetupMode ? L"Setup Mode" : L"User Mode");
data/efitools-1.9.2/HashTool.c:200:3: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(line3, L"Secure Boot is ");
data/efitools-1.9.2/HashTool.c:201:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(line3, variable_is_secureboot() ? L"on" : L"off");
data/efitools-1.9.2/KeyTool.c:281:3: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(str2, L"Hash: ");
data/efitools-1.9.2/KeyTool.c:310:3: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(str2, L"Hash: ");
data/efitools-1.9.2/KeyTool.c:447:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf0, L"Enroll hash into ");
data/efitools-1.9.2/KeyTool.c:448:2: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(buf0, keyinfo[key].text);
data/efitools-1.9.2/KeyTool.c:451:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf1, L"File: ");
data/efitools-1.9.2/KeyTool.c:452:2: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(buf1, file_name);
data/efitools-1.9.2/KeyTool.c:454:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf2, L"Hash: ");
data/efitools-1.9.2/KeyTool.c:479:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(error, keyinfo[key].name);
data/efitools-1.9.2/KeyTool.c:484:4: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(error, L": Variable has no entries");
data/efitools-1.9.2/KeyTool.c:490:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(file_name, L"\\");
data/efitools-1.9.2/KeyTool.c:491:2: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(file_name, keyinfo[key].name);
data/efitools-1.9.2/KeyTool.c:492:2: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(file_name, L".esl");
data/efitools-1.9.2/KeyTool.c:509:2: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(error, L": Successfully written to ");
data/efitools-1.9.2/KeyTool.c:510:2: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(error, file_name);
data/efitools-1.9.2/KeyTool.c:769:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(line2, L"Platform is in ");
data/efitools-1.9.2/KeyTool.c:770:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(line2, SetupMode ? L"Setup Mode" : L"User Mode");
data/efitools-1.9.2/KeyTool.c:771:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(line3, L"Secure Boot is ");
data/efitools-1.9.2/KeyTool.c:772:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(line3, SecureBoot ? L"on" : L"off");
data/efitools-1.9.2/PreLoader.c:70:3: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf, L"Failed to start ");
data/efitools-1.9.2/PreLoader.c:71:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(buf, loader);
data/efitools-1.9.2/PreLoader.c:94:4: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf, L"Failed to start backup programme ");
data/efitools-1.9.2/PreLoader.c:95:4: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(buf, hashtool);
data/efitools-1.9.2/PreLoader.c:131:3: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf, L"Failed to start ");
data/efitools-1.9.2/PreLoader.c:132:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(buf, loader);
data/efitools-1.9.2/ReadVars.c:72:5: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(buf1, L"Hash: ");
data/efitools-1.9.2/lib/asn1/identification.c:192:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
written = snprintf(buf, len, "%.*" STRA, (int)printable.len, printable.ptr);
data/efitools-1.9.2/lib/asn1/typedefs.h:11:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf(s, l, f...) SPrint(s, l, L ## f)
data/efitools-1.9.2/lib/execute.c:82:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(*PathName, devpathstr);
data/efitools-1.9.2/lib/execute.c:85:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(*PathName, L"\\");
data/efitools-1.9.2/lib/execute.c:86:2: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(*PathName, name);
data/efitools-1.9.2/lib/kernel_efivars.c:40:2: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
mktemp(fname);
data/efitools-1.9.2/lib/kernel_efivars.c:42:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmdline);
data/efitools-1.9.2/lib/kernel_efivars.c:69:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ptr, "%*s on %s type %s %*[^\n]\n%n", path, type, &count);
data/efitools-1.9.2/lib/kernel_efivars.c:79:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(kernel_efi_path, path);
data/efitools-1.9.2/lib/sha256.c:379:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(str, buf);
data/efitools-1.9.2/lib/simple_file.c:243:3: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(entries[i], name);
data/efitools-1.9.2/lib/simple_file.c:252:4: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(*selected , entries[val]);
data/efitools-1.9.2/lib/simple_file.c:286:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(newfilter, filter);
data/efitools-1.9.2/lib/simple_file.c:421:2: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(newname, name);
data/efitools-1.9.2/lib/simple_file.c:469:3: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(newname, name);
data/efitools-1.9.2/lib/simple_file.c:472:4: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(newname, L"\\");
data/efitools-1.9.2/lib/simple_file.c:473:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(newname, selected);
data/efitools-1.9.2/lib/simple_file.c:485:3: [4] (buffer) StrCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrCpy(*result, name);
data/efitools-1.9.2/lib/simple_file.c:487:4: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(*result, L"\\");
data/efitools-1.9.2/lib/simple_file.c:488:3: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(*result, selected);
data/efitools-1.9.2/sig-list-to-certs.c:114:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(esl_name, "%s-%d.esl",certfile,count);
data/efitools-1.9.2/sig-list-to-certs.c:115:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-%d.%s",certfile,count++,ext);
data/efitools-1.9.2/cert-to-efi-hash-list.c:83:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sha = atoi(argv[2]);
data/efitools-1.9.2/cert-to-efi-hash-list.c:201:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(efifile, "w");
data/efitools-1.9.2/cert-to-efi-sig-list.c:111:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(efifile, "w");
data/efitools-1.9.2/efi-readvar.c:159:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_CREAT|O_TRUNC|O_WRONLY, 0600);
data/efitools-1.9.2/efi-updatevar.c:197:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CertList, (void *) CertList + CertList->SignatureListSize, DataSize - ((char *) CertList - buf));
data/efitools-1.9.2/efi-updatevar.c:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Cert, (void *)Cert + CertList->SignatureSize, remain);
data/efitools-1.9.2/efi-updatevar.c:209:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDONLY);
data/efitools-1.9.2/efi-updatevar.c:357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, owners[i], sizeof(*owners[i]));
data/efitools-1.9.2/efi-updatevar.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &attributes, sizeof(attributes));
data/efitools-1.9.2/efi-updatevar.c:361:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, ×tamp, sizeof(timestamp));
data/efitools-1.9.2/efi-updatevar.c:363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, buf, st.st_size);
data/efitools-1.9.2/efi-updatevar.c:373:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(var_auth->AuthInfo.CertData, tmp, sigsize);
data/efitools-1.9.2/efi-updatevar.c:382:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf, var_auth, siglen);
data/efitools-1.9.2/efi-updatevar.c:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf + siglen, buf, st.st_size);
data/efitools-1.9.2/flash-var.c:49:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t var[128];
data/efitools-1.9.2/flash-var.c:129:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flashfile = open(argv[1], O_RDWR);
data/efitools-1.9.2/flash-var.c:135:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
varfile = open(argv[3], O_RDONLY);
data/efitools-1.9.2/flash-var.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, var, varlen);
data/efitools-1.9.2/flash-var.c:198:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, vardata, varfilesize);
data/efitools-1.9.2/hash-to-efi-sig-list.c:83:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fdefifile = open(argv[i + 1], O_RDONLY);
data/efitools-1.9.2/hash-to-efi-sig-list.c:118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d->SignatureData, hash[i], sizeof(hash[i]));
data/efitools-1.9.2/hash-to-efi-sig-list.c:121:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fdoutfile = open(argv[hashes + 1], O_CREAT|O_WRONLY|O_TRUNC, S_IWUSR|S_IRUSR);
data/efitools-1.9.2/include/buildefi.h:10:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define CopyMem(d, s, l) memcpy(d, s, l)
data/efitools-1.9.2/include/kernel_efivars.h:22:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
set_variable_hash(const char *var, EFI_GUID *owner, uint32_t attributes,
data/efitools-1.9.2/lib/asn1/chunk.c:37:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone.ptr, chunk.ptr, chunk.len);
data/efitools-1.9.2/lib/asn1/test.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[512];
data/efitools-1.9.2/lib/asn1/test.c:14:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_RDONLY);
data/efitools-1.9.2/lib/asn1/typedefs.h:28:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy MEMCPY
data/efitools-1.9.2/lib/guid.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[256];
data/efitools-1.9.2/lib/guid.c:19:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%08x-%04hx-%04hx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx",
data/efitools-1.9.2/lib/kernel_efivars.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[256];
data/efitools-1.9.2/lib/kernel_efivars.c:46:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, O_RDONLY);
data/efitools-1.9.2/lib/kernel_efivars.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[512], type[512];
data/efitools-1.9.2/lib/kernel_efivars.c:97:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(varfs, O_RDONLY);
data/efitools-1.9.2/lib/kernel_efivars.c:170:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(varfs, O_RDWR|O_CREAT|O_TRUNC, 0644);
data/efitools-1.9.2/lib/kernel_efivars.c:174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf, &attributes, sizeof(attributes));
data/efitools-1.9.2/lib/kernel_efivars.c:175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf + sizeof(attributes), buf, size);
data/efitools-1.9.2/lib/kernel_efivars.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newdata + newsize - size, buf, size);
data/efitools-1.9.2/lib/kernel_efivars.c:240:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d->SignatureData, hash, SHA256_DIGEST_SIZE);
data/efitools-1.9.2/lib/kernel_efivars.c:247:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
set_variable_hash(const char *var, EFI_GUID *owner, uint32_t attributes,
data/efitools-1.9.2/lib/openssl_sign.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[128];
data/efitools-1.9.2/lib/simple_file.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/efitools-1.9.2/lib/simple_file.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/efitools-1.9.2/lib/simple_file.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/efitools-1.9.2/sig-list-to-certs.c:54:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(efifile, O_RDONLY);
data/efitools-1.9.2/sig-list-to-certs.c:119:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g = fopen(esl_name, "w");
data/efitools-1.9.2/sig-list-to-certs.c:124:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g = fopen(name, "w");
data/efitools-1.9.2/sign-efi-sig-list.c:76:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t var[256];
data/efitools-1.9.2/sign-efi-sig-list.c:203:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fdefifile = open(efifile, O_RDONLY);
data/efitools-1.9.2/sign-efi-sig-list.c:216:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, var, varlen);
data/efitools-1.9.2/sign-efi-sig-list.c:218:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &vendor_guid, sizeof(vendor_guid));
data/efitools-1.9.2/sign-efi-sig-list.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &attributes, sizeof(attributes));
data/efitools-1.9.2/sign-efi-sig-list.c:222:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, ×tamp, sizeof(timestamp));
data/efitools-1.9.2/sign-efi-sig-list.c:236:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int infile = open(signedinput, O_RDONLY);
data/efitools-1.9.2/sign-efi-sig-list.c:265:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(var_auth->AuthInfo.CertData, sigbuf, sigsize);
data/efitools-1.9.2/sign-efi-sig-list.c:276:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fdoutfile = open(outfile, O_CREAT|O_WRONLY|O_TRUNC, S_IWUSR|S_IRUSR);
data/efitools-1.9.2/efi-updatevar.c:220:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, st.st_size);
data/efitools-1.9.2/efi-updatevar.c:225:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *crt_file_ext = &crt_file[strlen(crt_file) - 4];
data/efitools-1.9.2/efi-updatevar.c:349:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int signbuflen = strlen(var)*2 + sizeof(EFI_GUID) + sizeof(attributes) + sizeof(timestamp) + st.st_size;
data/efitools-1.9.2/efi-updatevar.c:353:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen(var); j++) {
data/efitools-1.9.2/flash-var.c:89:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(argv[2]) + 1; i++)
data/efitools-1.9.2/flash-var.c:144:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(varfile, vardata, varfilesize) != varfilesize) {
data/efitools-1.9.2/flash-var.c:154:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(flashfile, buf, sizeof(EFI_GUID)) != sizeof(EFI_GUID))
data/efitools-1.9.2/flash-var.c:164:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(flashfile, buf, sizeof(VARIABLE_STORE_HEADER));
data/efitools-1.9.2/flash-var.c:176:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(flashfile, buf, size);
data/efitools-1.9.2/hash-to-efi-sig-list.c:92:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fdefifile, efifile, st.st_size);
data/efitools-1.9.2/lib/asn1/test.c:22:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, st.st_size);
data/efitools-1.9.2/lib/kernel_efivars.c:61:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, st.st_size);
data/efitools-1.9.2/lib/kernel_efivars.c:78:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kernel_efi_path = malloc(strlen(path) + 1);
data/efitools-1.9.2/lib/kernel_efivars.c:89:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int varfs_len = strlen(var) + 48 + strlen(kernel_efi_path);
data/efitools-1.9.2/lib/kernel_efivars.c:89:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int varfs_len = strlen(var) + 48 + strlen(kernel_efi_path);
data/efitools-1.9.2/lib/kernel_efivars.c:107:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &attr, sizeof(attr));
data/efitools-1.9.2/lib/kernel_efivars.c:113:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, st.st_size - sizeof(attr));
data/efitools-1.9.2/lib/kernel_efivars.c:163:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int varfs_len = strlen(var) + 48 + strlen(kernel_efi_path);
data/efitools-1.9.2/lib/kernel_efivars.c:163:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int varfs_len = strlen(var) + 48 + strlen(kernel_efi_path);
data/efitools-1.9.2/sig-list-to-certs.c:51:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = malloc(strlen(certfile)+10);
data/efitools-1.9.2/sig-list-to-certs.c:52:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esl_name = malloc(strlen(certfile)+10);
data/efitools-1.9.2/sig-list-to-certs.c:75:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, st.st_size) != st.st_size) {
data/efitools-1.9.2/sign-efi-sig-list.c:224:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fdefifile, ptr, st.st_size);
data/efitools-1.9.2/sign-efi-sig-list.c:245:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(infile, sigbuf, sigsize);
ANALYSIS SUMMARY:
Hits = 137
Lines analyzed = 11489 in approximately 0.36 seconds (31602 lines/second)
Physical Source Lines of Code (SLOC) = 8164
Hits@level = [0] 122 [1] 24 [2] 56 [3] 0 [4] 57 [5] 0
Hits@level+ = [0+] 259 [1+] 137 [2+] 113 [3+] 57 [4+] 57 [5+] 0
Hits/KSLOC@level+ = [0+] 31.7246 [1+] 16.781 [2+] 13.8413 [3+] 6.98187 [4+] 6.98187 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.