Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/efitools-1.9.2/HashTool.c Examining data/efitools-1.9.2/HelloWorld.c Examining data/efitools-1.9.2/KeyTool.c Examining data/efitools-1.9.2/Loader.c Examining data/efitools-1.9.2/LockDown.c Examining data/efitools-1.9.2/PreLoader.c Examining data/efitools-1.9.2/ReadVars.c Examining data/efitools-1.9.2/SetNull.c Examining data/efitools-1.9.2/ShimReplace.c Examining data/efitools-1.9.2/UpdateVars.c Examining data/efitools-1.9.2/cert-to-efi-hash-list.c Examining data/efitools-1.9.2/cert-to-efi-sig-list.c Examining data/efitools-1.9.2/efi-keytool.c Examining data/efitools-1.9.2/efi-readvar.c Examining data/efitools-1.9.2/efi-updatevar.c Examining data/efitools-1.9.2/flash-var.c Examining data/efitools-1.9.2/hash-to-efi-sig-list.c Examining data/efitools-1.9.2/include/PeImage.h Examining data/efitools-1.9.2/include/buildefi.h Examining data/efitools-1.9.2/include/configtable.h Examining data/efitools-1.9.2/include/console.h Examining data/efitools-1.9.2/include/efiauthenticated.h Examining data/efitools-1.9.2/include/errors.h Examining data/efitools-1.9.2/include/execute.h Examining data/efitools-1.9.2/include/guid.h Examining data/efitools-1.9.2/include/kernel_efivars.h Examining data/efitools-1.9.2/include/openssl_sign.h Examining data/efitools-1.9.2/include/pecoff.h Examining data/efitools-1.9.2/include/pkcs7verify.h Examining data/efitools-1.9.2/include/security_policy.h Examining data/efitools-1.9.2/include/sha256.h Examining data/efitools-1.9.2/include/shell.h Examining data/efitools-1.9.2/include/shim_protocol.h Examining data/efitools-1.9.2/include/simple_file.h Examining data/efitools-1.9.2/include/variableformat.h Examining data/efitools-1.9.2/include/variables.h Examining data/efitools-1.9.2/include/variables_iterators.h Examining data/efitools-1.9.2/include/version.h Examining data/efitools-1.9.2/include/wincert.h Examining data/efitools-1.9.2/include/x509.h Examining data/efitools-1.9.2/lib/asn1/asn1.c Examining data/efitools-1.9.2/lib/asn1/asn1.h Examining data/efitools-1.9.2/lib/asn1/asn1_parser.c Examining data/efitools-1.9.2/lib/asn1/asn1_parser.h Examining data/efitools-1.9.2/lib/asn1/chunk.c Examining data/efitools-1.9.2/lib/asn1/chunk.h Examining data/efitools-1.9.2/lib/asn1/enumerator.c Examining data/efitools-1.9.2/lib/asn1/enumerator.h Examining data/efitools-1.9.2/lib/asn1/identification.c Examining data/efitools-1.9.2/lib/asn1/identification.h Examining data/efitools-1.9.2/lib/asn1/oid.c Examining data/efitools-1.9.2/lib/asn1/oid.h Examining data/efitools-1.9.2/lib/asn1/test.c Examining data/efitools-1.9.2/lib/asn1/typedefs.h Examining data/efitools-1.9.2/lib/asn1/x509.c Examining data/efitools-1.9.2/lib/configtable.c Examining data/efitools-1.9.2/lib/console.c Examining data/efitools-1.9.2/lib/execute.c Examining data/efitools-1.9.2/lib/guid.c Examining data/efitools-1.9.2/lib/kernel_efivars.c Examining data/efitools-1.9.2/lib/openssl_sign.c Examining data/efitools-1.9.2/lib/pecoff.c Examining data/efitools-1.9.2/lib/pkcs7verify.c Examining data/efitools-1.9.2/lib/security_policy.c Examining data/efitools-1.9.2/lib/sha256.c Examining data/efitools-1.9.2/lib/shell.c Examining data/efitools-1.9.2/lib/shim_protocol.c Examining data/efitools-1.9.2/lib/simple_file.c Examining data/efitools-1.9.2/lib/variables.c Examining data/efitools-1.9.2/sig-list-to-certs.c Examining data/efitools-1.9.2/sign-efi-sig-list.c FINAL RESULTS: data/efitools-1.9.2/HashTool.c:89:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf0, L"Enroll this hash into "); data/efitools-1.9.2/HashTool.c:91:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(buf0, L"UEFI signature database?"); data/efitools-1.9.2/HashTool.c:93:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(buf0, L"MOK database?"); data/efitools-1.9.2/HashTool.c:96:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf1, L"File: "); data/efitools-1.9.2/HashTool.c:97:2: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(buf1, file_name); data/efitools-1.9.2/HashTool.c:99:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf2, L"Hash: "); data/efitools-1.9.2/HashTool.c:198:3: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(line2, L"Platform is in "); data/efitools-1.9.2/HashTool.c:199:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(line2, SetupMode ? L"Setup Mode" : L"User Mode"); data/efitools-1.9.2/HashTool.c:200:3: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(line3, L"Secure Boot is "); data/efitools-1.9.2/HashTool.c:201:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(line3, variable_is_secureboot() ? L"on" : L"off"); data/efitools-1.9.2/KeyTool.c:281:3: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(str2, L"Hash: "); data/efitools-1.9.2/KeyTool.c:310:3: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(str2, L"Hash: "); data/efitools-1.9.2/KeyTool.c:447:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf0, L"Enroll hash into "); data/efitools-1.9.2/KeyTool.c:448:2: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(buf0, keyinfo[key].text); data/efitools-1.9.2/KeyTool.c:451:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf1, L"File: "); data/efitools-1.9.2/KeyTool.c:452:2: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(buf1, file_name); data/efitools-1.9.2/KeyTool.c:454:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf2, L"Hash: "); data/efitools-1.9.2/KeyTool.c:479:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(error, keyinfo[key].name); data/efitools-1.9.2/KeyTool.c:484:4: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(error, L": Variable has no entries"); data/efitools-1.9.2/KeyTool.c:490:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(file_name, L"\\"); data/efitools-1.9.2/KeyTool.c:491:2: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(file_name, keyinfo[key].name); data/efitools-1.9.2/KeyTool.c:492:2: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(file_name, L".esl"); data/efitools-1.9.2/KeyTool.c:509:2: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(error, L": Successfully written to "); data/efitools-1.9.2/KeyTool.c:510:2: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(error, file_name); data/efitools-1.9.2/KeyTool.c:769:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(line2, L"Platform is in "); data/efitools-1.9.2/KeyTool.c:770:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(line2, SetupMode ? L"Setup Mode" : L"User Mode"); data/efitools-1.9.2/KeyTool.c:771:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(line3, L"Secure Boot is "); data/efitools-1.9.2/KeyTool.c:772:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(line3, SecureBoot ? L"on" : L"off"); data/efitools-1.9.2/PreLoader.c:70:3: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf, L"Failed to start "); data/efitools-1.9.2/PreLoader.c:71:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(buf, loader); data/efitools-1.9.2/PreLoader.c:94:4: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf, L"Failed to start backup programme "); data/efitools-1.9.2/PreLoader.c:95:4: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(buf, hashtool); data/efitools-1.9.2/PreLoader.c:131:3: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf, L"Failed to start "); data/efitools-1.9.2/PreLoader.c:132:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(buf, loader); data/efitools-1.9.2/ReadVars.c:72:5: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(buf1, L"Hash: "); data/efitools-1.9.2/lib/asn1/identification.c:192:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. written = snprintf(buf, len, "%.*" STRA, (int)printable.len, printable.ptr); data/efitools-1.9.2/lib/asn1/typedefs.h:11:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf(s, l, f...) SPrint(s, l, L ## f) data/efitools-1.9.2/lib/execute.c:82:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(*PathName, devpathstr); data/efitools-1.9.2/lib/execute.c:85:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(*PathName, L"\\"); data/efitools-1.9.2/lib/execute.c:86:2: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(*PathName, name); data/efitools-1.9.2/lib/kernel_efivars.c:40:2: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). mktemp(fname); data/efitools-1.9.2/lib/kernel_efivars.c:42:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system(cmdline); data/efitools-1.9.2/lib/kernel_efivars.c:69:3: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(ptr, "%*s on %s type %s %*[^\n]\n%n", path, type, &count); data/efitools-1.9.2/lib/kernel_efivars.c:79:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(kernel_efi_path, path); data/efitools-1.9.2/lib/sha256.c:379:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(str, buf); data/efitools-1.9.2/lib/simple_file.c:243:3: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(entries[i], name); data/efitools-1.9.2/lib/simple_file.c:252:4: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(*selected , entries[val]); data/efitools-1.9.2/lib/simple_file.c:286:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(newfilter, filter); data/efitools-1.9.2/lib/simple_file.c:421:2: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(newname, name); data/efitools-1.9.2/lib/simple_file.c:469:3: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(newname, name); data/efitools-1.9.2/lib/simple_file.c:472:4: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(newname, L"\\"); data/efitools-1.9.2/lib/simple_file.c:473:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(newname, selected); data/efitools-1.9.2/lib/simple_file.c:485:3: [4] (buffer) StrCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrCpy(*result, name); data/efitools-1.9.2/lib/simple_file.c:487:4: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(*result, L"\\"); data/efitools-1.9.2/lib/simple_file.c:488:3: [4] (buffer) StrCat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). StrCat(*result, selected); data/efitools-1.9.2/sig-list-to-certs.c:114:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(esl_name, "%s-%d.esl",certfile,count); data/efitools-1.9.2/sig-list-to-certs.c:115:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s-%d.%s",certfile,count++,ext); data/efitools-1.9.2/cert-to-efi-hash-list.c:83:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sha = atoi(argv[2]); data/efitools-1.9.2/cert-to-efi-hash-list.c:201:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(efifile, "w"); data/efitools-1.9.2/cert-to-efi-sig-list.c:111:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(efifile, "w"); data/efitools-1.9.2/efi-readvar.c:159:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, O_CREAT|O_TRUNC|O_WRONLY, 0600); data/efitools-1.9.2/efi-updatevar.c:197:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CertList, (void *) CertList + CertList->SignatureListSize, DataSize - ((char *) CertList - buf)); data/efitools-1.9.2/efi-updatevar.c:204:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Cert, (void *)Cert + CertList->SignatureSize, remain); data/efitools-1.9.2/efi-updatevar.c:209:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDONLY); data/efitools-1.9.2/efi-updatevar.c:357:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, owners[i], sizeof(*owners[i])); data/efitools-1.9.2/efi-updatevar.c:359:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &attributes, sizeof(attributes)); data/efitools-1.9.2/efi-updatevar.c:361:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, ×tamp, sizeof(timestamp)); data/efitools-1.9.2/efi-updatevar.c:363:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, buf, st.st_size); data/efitools-1.9.2/efi-updatevar.c:373:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(var_auth->AuthInfo.CertData, tmp, sigsize); data/efitools-1.9.2/efi-updatevar.c:382:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuf, var_auth, siglen); data/efitools-1.9.2/efi-updatevar.c:383:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuf + siglen, buf, st.st_size); data/efitools-1.9.2/flash-var.c:49:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t var[128]; data/efitools-1.9.2/flash-var.c:129:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). flashfile = open(argv[1], O_RDWR); data/efitools-1.9.2/flash-var.c:135:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). varfile = open(argv[3], O_RDONLY); data/efitools-1.9.2/flash-var.c:196:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, var, varlen); data/efitools-1.9.2/flash-var.c:198:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, vardata, varfilesize); data/efitools-1.9.2/hash-to-efi-sig-list.c:83:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fdefifile = open(argv[i + 1], O_RDONLY); data/efitools-1.9.2/hash-to-efi-sig-list.c:118:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d->SignatureData, hash[i], sizeof(hash[i])); data/efitools-1.9.2/hash-to-efi-sig-list.c:121:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fdoutfile = open(argv[hashes + 1], O_CREAT|O_WRONLY|O_TRUNC, S_IWUSR|S_IRUSR); data/efitools-1.9.2/include/buildefi.h:10:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define CopyMem(d, s, l) memcpy(d, s, l) data/efitools-1.9.2/include/kernel_efivars.h:22:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. set_variable_hash(const char *var, EFI_GUID *owner, uint32_t attributes, data/efitools-1.9.2/lib/asn1/chunk.c:37:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clone.ptr, chunk.ptr, chunk.len); data/efitools-1.9.2/lib/asn1/test.c:12:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[512]; data/efitools-1.9.2/lib/asn1/test.c:14:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(argv[1], O_RDONLY); data/efitools-1.9.2/lib/asn1/typedefs.h:28:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy MEMCPY data/efitools-1.9.2/lib/guid.c:17:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[256]; data/efitools-1.9.2/lib/guid.c:19:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%08x-%04hx-%04hx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx", data/efitools-1.9.2/lib/kernel_efivars.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[256]; data/efitools-1.9.2/lib/kernel_efivars.c:46:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fname, O_RDONLY); data/efitools-1.9.2/lib/kernel_efivars.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[512], type[512]; data/efitools-1.9.2/lib/kernel_efivars.c:97:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(varfs, O_RDONLY); data/efitools-1.9.2/lib/kernel_efivars.c:170:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(varfs, O_RDWR|O_CREAT|O_TRUNC, 0644); data/efitools-1.9.2/lib/kernel_efivars.c:174:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuf, &attributes, sizeof(attributes)); data/efitools-1.9.2/lib/kernel_efivars.c:175:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuf + sizeof(attributes), buf, size); data/efitools-1.9.2/lib/kernel_efivars.c:201:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newdata + newsize - size, buf, size); data/efitools-1.9.2/lib/kernel_efivars.c:240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d->SignatureData, hash, SHA256_DIGEST_SIZE); data/efitools-1.9.2/lib/kernel_efivars.c:247:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. set_variable_hash(const char *var, EFI_GUID *owner, uint32_t attributes, data/efitools-1.9.2/lib/openssl_sign.c:101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[128]; data/efitools-1.9.2/lib/simple_file.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/efitools-1.9.2/lib/simple_file.c:152:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/efitools-1.9.2/lib/simple_file.c:214:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/efitools-1.9.2/sig-list-to-certs.c:54:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(efifile, O_RDONLY); data/efitools-1.9.2/sig-list-to-certs.c:119:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g = fopen(esl_name, "w"); data/efitools-1.9.2/sig-list-to-certs.c:124:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g = fopen(name, "w"); data/efitools-1.9.2/sign-efi-sig-list.c:76:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t var[256]; data/efitools-1.9.2/sign-efi-sig-list.c:203:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fdefifile = open(efifile, O_RDONLY); data/efitools-1.9.2/sign-efi-sig-list.c:216:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, var, varlen); data/efitools-1.9.2/sign-efi-sig-list.c:218:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &vendor_guid, sizeof(vendor_guid)); data/efitools-1.9.2/sign-efi-sig-list.c:220:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &attributes, sizeof(attributes)); data/efitools-1.9.2/sign-efi-sig-list.c:222:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, ×tamp, sizeof(timestamp)); data/efitools-1.9.2/sign-efi-sig-list.c:236:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int infile = open(signedinput, O_RDONLY); data/efitools-1.9.2/sign-efi-sig-list.c:265:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(var_auth->AuthInfo.CertData, sigbuf, sigsize); data/efitools-1.9.2/sign-efi-sig-list.c:276:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fdoutfile = open(outfile, O_CREAT|O_WRONLY|O_TRUNC, S_IWUSR|S_IRUSR); data/efitools-1.9.2/efi-updatevar.c:220:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, buf, st.st_size); data/efitools-1.9.2/efi-updatevar.c:225:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *crt_file_ext = &crt_file[strlen(crt_file) - 4]; data/efitools-1.9.2/efi-updatevar.c:349:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int signbuflen = strlen(var)*2 + sizeof(EFI_GUID) + sizeof(attributes) + sizeof(timestamp) + st.st_size; data/efitools-1.9.2/efi-updatevar.c:353:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (j = 0; j < strlen(var); j++) { data/efitools-1.9.2/flash-var.c:89:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(argv[2]) + 1; i++) data/efitools-1.9.2/flash-var.c:144:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(varfile, vardata, varfilesize) != varfilesize) { data/efitools-1.9.2/flash-var.c:154:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(flashfile, buf, sizeof(EFI_GUID)) != sizeof(EFI_GUID)) data/efitools-1.9.2/flash-var.c:164:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(flashfile, buf, sizeof(VARIABLE_STORE_HEADER)); data/efitools-1.9.2/flash-var.c:176:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(flashfile, buf, size); data/efitools-1.9.2/hash-to-efi-sig-list.c:92:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fdefifile, efifile, st.st_size); data/efitools-1.9.2/lib/asn1/test.c:22:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, buf, st.st_size); data/efitools-1.9.2/lib/kernel_efivars.c:61:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, buf, st.st_size); data/efitools-1.9.2/lib/kernel_efivars.c:78:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kernel_efi_path = malloc(strlen(path) + 1); data/efitools-1.9.2/lib/kernel_efivars.c:89:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int varfs_len = strlen(var) + 48 + strlen(kernel_efi_path); data/efitools-1.9.2/lib/kernel_efivars.c:89:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int varfs_len = strlen(var) + 48 + strlen(kernel_efi_path); data/efitools-1.9.2/lib/kernel_efivars.c:107:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, &attr, sizeof(attr)); data/efitools-1.9.2/lib/kernel_efivars.c:113:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, buf, st.st_size - sizeof(attr)); data/efitools-1.9.2/lib/kernel_efivars.c:163:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int varfs_len = strlen(var) + 48 + strlen(kernel_efi_path); data/efitools-1.9.2/lib/kernel_efivars.c:163:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int varfs_len = strlen(var) + 48 + strlen(kernel_efi_path); data/efitools-1.9.2/sig-list-to-certs.c:51:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc(strlen(certfile)+10); data/efitools-1.9.2/sig-list-to-certs.c:52:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). esl_name = malloc(strlen(certfile)+10); data/efitools-1.9.2/sig-list-to-certs.c:75:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, buf, st.st_size) != st.st_size) { data/efitools-1.9.2/sign-efi-sig-list.c:224:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fdefifile, ptr, st.st_size); data/efitools-1.9.2/sign-efi-sig-list.c:245:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(infile, sigbuf, sigsize); ANALYSIS SUMMARY: Hits = 137 Lines analyzed = 11489 in approximately 0.36 seconds (31602 lines/second) Physical Source Lines of Code (SLOC) = 8164 Hits@level = [0] 122 [1] 24 [2] 56 [3] 0 [4] 57 [5] 0 Hits@level+ = [0+] 259 [1+] 137 [2+] 113 [3+] 57 [4+] 57 [5+] 0 Hits/KSLOC@level+ = [0+] 31.7246 [1+] 16.781 [2+] 13.8413 [3+] 6.98187 [4+] 6.98187 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.