Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/galax-1.1/tools/Jungle/smalldb.h
Examining data/galax-1.1/tools/Jungle/smallapi.c
Examining data/galax-1.1/tools/stemmer/stemmer.c
Examining data/galax-1.1/tools/stemmer/stemmer.h
Examining data/galax-1.1/galapi/c_api/galax_stub.c
Examining data/galax-1.1/galapi/c_api/galax_util.h
Examining data/galax-1.1/galapi/c_api/galax.h
Examining data/galax-1.1/galapi/c_api/itemlist.c
Examining data/galax-1.1/galapi/c_api/itemlist.h
Examining data/galax-1.1/galapi/c_api/galax_types.h
Examining data/galax-1.1/galapi/c_api/galax_util.c
Examining data/galax-1.1/galapi/java_api/galax_jni_stub.c
Examining data/galax-1.1/examples/wsdl/iksemel_test/myroster.c
Examining data/galax-1.1/examples/jungle/c-jungle.c
Examining data/galax-1.1/examples/c_api/test.c
Examining data/galax-1.1/examples/c_api/example.c
Examining data/galax-1.1/extensions/apache/mod_xquery2.c
Examining data/galax-1.1/extensions/apache/mod_xquery_common.c
Examining data/galax-1.1/extensions/apache/mod_xquery.c
Examining data/galax-1.1/extensions/apache/mod_xquery_common.h
FINAL RESULTS:
data/galax-1.1/examples/wsdl/iksemel_test/myroster.c:23:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s_err, faultstring);
data/galax-1.1/examples/wsdl/iksemel_test/myroster.c:25:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (s_err, detail);
data/galax-1.1/tools/stemmer/stemmer.c:483:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( word, rule->new_end );
data/galax-1.1/tools/stemmer/stemmer.c:550:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( word, *inword );
data/galax-1.1/tools/stemmer/stemmer.c:595:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( *inword, word );
data/galax-1.1/examples/c_api/example.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fake_argv[2];
data/galax-1.1/examples/c_api/example.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vars[3];
data/galax-1.1/examples/c_api/test.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fake_argv[2], *vars[4];
data/galax-1.1/examples/jungle/c-jungle.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fake_argv[2];
data/galax-1.1/examples/wsdl/iksemel_test/myroster.c:16:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_err [1024];
data/galax-1.1/examples/wsdl/iksemel_test/myroster.c:22:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (s_err, "<soapenv:Fault xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"><faultcode>Server</faultcode><faultstring>");
data/galax-1.1/examples/wsdl/iksemel_test/myroster.c:24:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (s_err, "</faultstring><faultactor>Jabber wrapper</faultactor><detail>");
data/galax-1.1/examples/wsdl/iksemel_test/myroster.c:26:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (s_err, "</detail></soapenv:Fault>");
data/galax-1.1/extensions/apache/mod_xquery_common.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_LEN];
data/galax-1.1/extensions/apache/mod_xquery_common.c:90:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_body, req_body, total_bytes);
data/galax-1.1/extensions/apache/mod_xquery_common.c:92:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_body + total_bytes, buffer, bytes_read);
data/galax-1.1/extensions/apache/mod_xquery_common.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vars[1];
data/galax-1.1/extensions/apache/mod_xquery_common.c:219:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrapper_name[11];
data/galax-1.1/extensions/apache/mod_xquery_common.c:221:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (wrapper_name, "p%d", j);
data/galax-1.1/extensions/apache/mod_xquery_common.c:311:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LOGFILE = fopen("/tmp/galax.log3","w");
data/galax-1.1/galapi/c_api/galax_stub.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fake_argv[2];
data/galax-1.1/tools/Jungle/smallapi.c:77:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
retval = (*dbenvp)->open((*dbenvp), db_home, flg, mode);
data/galax-1.1/tools/Jungle/smallapi.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * argument[2];
data/galax-1.1/tools/Jungle/smallapi.c:186:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
retval = (*dbp)->open((*dbp), NULL, dbname, NULL, type, DB_CREATE, 0664);
data/galax-1.1/tools/stemmer/stemmer.c:536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[MAXWORDLEN+1];
data/galax-1.1/extensions/apache/mod_xquery.c:82:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ap_set_content_length (r, strlen(buf));
data/galax-1.1/extensions/apache/mod_xquery2.c:90:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ap_set_content_length (r, strlen(buf));
data/galax-1.1/extensions/apache/mod_xquery_common.c:240:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0!=err || 0 == strlen(buf))
data/galax-1.1/tools/Jungle/smallapi.c:386:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(key_string, key->data, key->size);
data/galax-1.1/tools/Jungle/smallapi.c:387:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data_string, data->data, data->size);
data/galax-1.1/tools/Jungle/smallapi.c:425:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
skey->data = malloc((strlen(sskey)+1) * sizeof(char));
data/galax-1.1/tools/Jungle/smallapi.c:426:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(skey->data, sskey, (strlen(sskey)+1));
data/galax-1.1/tools/Jungle/smallapi.c:426:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(skey->data, sskey, (strlen(sskey)+1));
data/galax-1.1/tools/Jungle/smallapi.c:427:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
skey->size = strlen(sskey)+1;
data/galax-1.1/tools/Jungle/smallapi.c:462:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data_string,data->data,data->size);
data/galax-1.1/tools/Jungle/smallapi.c:493:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
skey->data = malloc((strlen(sskey)+1) * sizeof(char));
data/galax-1.1/tools/Jungle/smallapi.c:494:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(skey->data, sskey, (strlen(sskey)+1));
data/galax-1.1/tools/Jungle/smallapi.c:494:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(skey->data, sskey, (strlen(sskey)+1));
data/galax-1.1/tools/Jungle/smallapi.c:495:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
skey->size = strlen(sskey)+1;
data/galax-1.1/tools/stemmer/stemmer.c:384:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((length = (int) strlen(word)) < 3) /* This was < 2 in original - Moseley 10/19/99 */
data/galax-1.1/tools/stemmer/stemmer.c:464:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = word + strlen( word ) - 1;
data/galax-1.1/tools/stemmer/stemmer.c:481:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen( word ) + rule->new_offset + 1 ) >= MAXWORDLEN )
data/galax-1.1/tools/stemmer/stemmer.c:545:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( *inword ) >= MAXWORDLEN )
data/galax-1.1/tools/stemmer/stemmer.c:579:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen( word );
data/galax-1.1/tools/stemmer/stemmer.c:610:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(input_string);
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 7773 in approximately 0.29 seconds (26372 lines/second)
Physical Source Lines of Code (SLOC) = 4879
Hits@level = [0] 183 [1] 20 [2] 20 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 228 [1+] 45 [2+] 25 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 46.7309 [1+] 9.2232 [2+] 5.124 [3+] 1.0248 [4+] 1.0248 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.