stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-online-accounts-3.38.0/src/daemon/main.c
Examining data/gnome-online-accounts-3.38.0/src/daemon/goadaemon.h
Examining data/gnome-online-accounts-3.38.0/src/daemon/goadaemon.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaewsclient.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goasouplogger.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaoauth2provider-web-extension.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goawebview.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goawebextension.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/nautilus-floating-bar.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goadlnaservermanager.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goamediaserverprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goawebextensionmain.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goasmtpauth.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaobjectskeletonutils.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goawindowsliveprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goabackend.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goamailauth.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goabackendenumtypes.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaowncloudprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goarestproxy.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaobjectskeletonutils.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goafacebookprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goamailclient.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaoauth2provider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goawebview.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaprovider-priv.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goamailclient.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goakerberosprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goakerberosprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaoauthprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goafedoraprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaimapauthlogin.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaexchangeprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/nautilus-floating-bar.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goabackendenumtypes.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goafedoraprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goabackendinit.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goafoursquareprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goabackendenums-priv.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/gconstructor.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goasmtpauth.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaimapsmtpprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaimapsmtpprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaewsclient.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goautils.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaoauth2provider-web-view.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goagoogleprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goawebextension.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goafacebookprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goahttpclient.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaimapauthlogin.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaoauthprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goamediaserverprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goawindowsliveprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goalastfmprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goalastfmprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goabackendenums.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaoauth2provider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaflickrprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaexchangeprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goamailauth.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaowncloudprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goahttpclient.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaflickrprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goarestproxy.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goaoauth2provider-priv.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goadlnaservermanager.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goagoogleprovider.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goasouplogger.h
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goafoursquareprovider.c
Examining data/gnome-online-accounts-3.38.0/src/goabackend/goautils.c
Examining data/gnome-online-accounts-3.38.0/src/goa/goaerror.c
Examining data/gnome-online-accounts-3.38.0/src/goa/goaversion.c
Examining data/gnome-online-accounts-3.38.0/src/goa/goaenumtypes.h
Examining data/gnome-online-accounts-3.38.0/src/goa/goaenums.h
Examining data/gnome-online-accounts-3.38.0/src/goa/goaclient.h
Examining data/gnome-online-accounts-3.38.0/src/goa/goaenumtypes.c
Examining data/gnome-online-accounts-3.38.0/src/goa/goa.h
Examining data/gnome-online-accounts-3.38.0/src/goa/goa-generated.c
Examining data/gnome-online-accounts-3.38.0/src/goa/goaversion.h
Examining data/gnome-online-accounts-3.38.0/src/goa/goaclient.c
Examining data/gnome-online-accounts-3.38.0/src/goa/goa-generated.h
Examining data/gnome-online-accounts-3.38.0/src/goa/goaerror.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentitymanager.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaalarm.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/main.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/org.gnome.Identity.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityutils.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentity.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goakerberosidentity.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityenumtypes.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentity.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityutils.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goakerberosidentitymanager.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityinquiryprivate.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentitymanagererror.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentitymanager.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityinquiry.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityenumtypes.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityservice.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/org.gnome.Identity.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityinquiry.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentitymanagerprivate.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaalarm.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentitymanagererror.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goakerberosidentityinquiry.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityservice.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goakerberosidentityinquiry.c
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goakerberosidentitymanager.h
Examining data/gnome-online-accounts-3.38.0/src/goaidentity/goakerberosidentity.c
Examining data/gnome-online-accounts-3.38.0/src/examples/introspect-providers.c
Examining data/gnome-online-accounts-3.38.0/src/examples/list-accounts.c
Examining data/gnome-online-accounts-3.38.0/src/examples/list-providers.c
Examining data/gnome-online-accounts-3.38.0/src/examples/lastfm-shout.c

FINAL RESULTS:

data/gnome-online-accounts-3.38.0/src/goabackend/goaoauth2provider.c:668:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ret_access_token_expires_in = atoi (expires_in_str);
data/gnome-online-accounts-3.38.0/src/goabackend/goaoauth2provider.c:846:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            priv->access_token_expires_in = atoi (expires_in_str);
data/gnome-online-accounts-3.38.0/src/goabackend/goaoauthprovider.c:554:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ret_access_token_expires_in = atoi (expires_in_str);
data/gnome-online-accounts-3.38.0/src/goabackend/goaoauthprovider.c:557:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ret_session_handle_expires_in = atoi (expires_in_str);
data/gnome-online-accounts-3.38.0/src/goabackend/gconstructor.h:60:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  __pragma(section(".CRT$XCU",read)) \
data/gnome-online-accounts-3.38.0/src/goabackend/gconstructor.h:68:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  __pragma(section(".CRT$XCU",read)) \
data/gnome-online-accounts-3.38.0/src/goabackend/gconstructor.h:80:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  section(".CRT$XCU",read)
data/gnome-online-accounts-3.38.0/src/goabackend/gconstructor.h:87:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  section(".CRT$XCU",read)
data/gnome-online-accounts-3.38.0/src/goabackend/goaimapauthlogin.c:198:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (str);
data/gnome-online-accounts-3.38.0/src/goabackend/goaowncloudprovider.c:428:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pretty_path[strlen(pretty_path) - 1] = '\0';
data/gnome-online-accounts-3.38.0/src/goabackend/goasmtpauth.c:112:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!g_str_has_prefix (response, "250") || strlen (response) < 4)
data/gnome-online-accounts-3.38.0/src/goabackend/goasmtpauth.c:482:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      auth_arg_plain_len = 2 * strlen (self->username) + 2 + strlen (self->password);
data/gnome-online-accounts-3.38.0/src/goabackend/goasmtpauth.c:482:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      auth_arg_plain_len = 2 * strlen (self->username) + 2 + strlen (self->password);
data/gnome-online-accounts-3.38.0/src/goabackend/goasmtpauth.c:496:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      auth_arg_plain_len = strlen (self->username);
data/gnome-online-accounts-3.38.0/src/goabackend/goasmtpauth.c:516:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      auth_arg_plain_len = strlen (self->password);
data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityservice.c:84:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                              strlen (identifier));
data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityutils.c:104:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  studly_string_length = strlen (studly_string);
data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityutils.c:139:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (dashed_string[strlen (old_prefix)] == '-' ||
data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityutils.c:140:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       dashed_string[strlen (old_prefix)] == '_'))
data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityutils.c:141:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dashed_string += strlen (old_prefix) + 1;
data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityutils.c:147:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i += strlen (new_prefix) + 1;
data/gnome-online-accounts-3.38.0/src/goaidentity/goaidentityutils.c:149:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  dbus_error_string_length = strlen (dbus_error_string);
data/gnome-online-accounts-3.38.0/src/goaidentity/goakerberosidentityinquiry.c:282:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  answer_length = strlen (answer);
data/gnome-online-accounts-3.38.0/src/goaidentity/goakerberosidentityinquiry.c:290:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (kerberos_query->kerberos_prompt->reply->data,

ANALYSIS SUMMARY:

Hits = 24
Lines analyzed = 67558 in approximately 1.59 seconds (42498 lines/second)
Physical Source Lines of Code (SLOC) = 46821
Hits@level = [0]   0 [1]  20 [2]   4 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  24 [1+]  24 [2+]   4 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 0.512591 [1+] 0.512591 [2+] 0.0854318 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.