Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gtans-1.99.0/src/callbacks.c
Examining data/gtans-1.99.0/src/callbacks.h
Examining data/gtans-1.99.0/src/interface.c
Examining data/gtans-1.99.0/src/interface.h
Examining data/gtans-1.99.0/src/main.c
Examining data/gtans-1.99.0/src/main.h
Examining data/gtans-1.99.0/src/support.c
Examining data/gtans-1.99.0/src/support.h
FINAL RESULTS:
data/gtans-1.99.0/src/callbacks.c:309:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (helpfile, 1023, HELPFILE_PATH, filext);
data/gtans-1.99.0/src/callbacks.c:310:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (helpfiledef, 1023, HELPFILE_PATH, "");
data/gtans-1.99.0/src/main.c:196:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*pnt,name);
data/gtans-1.99.0/src/main.c:990:35: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define SPESC if (lres==1) lres = fscanf
data/gtans-1.99.0/src/main.c:1134:38: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define SPEPRINT if (lres>=0) lres = fprintf
data/gtans-1.99.0/src/main.c:1234:49: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define SPESCAN if ( lres!=EOF && lres ) lres = fscanf
data/gtans-1.99.0/src/support.c:150:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (full_filename, directory);
data/gtans-1.99.0/src/support.c:151:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_filename, G_DIR_SEPARATOR_S);
data/gtans-1.99.0/src/support.c:152:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_filename, filename);
data/gtans-1.99.0/src/main.c:1855:27: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
usergtdir = g_strconcat(g_get_home_dir(), G_DIR_SEPARATOR_S USERHOMEDIR, NULL);
data/gtans-1.99.0/src/callbacks.c:293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/gtans-1.99.0/src/callbacks.c:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpfile[1024], *helpfile_ext;
data/gtans-1.99.0/src/callbacks.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpfiledef[1024];
data/gtans-1.99.0/src/callbacks.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filext[4];
data/gtans-1.99.0/src/callbacks.c:312:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (hlpfile=fopen(helpfile,"r"))!=NULL ||
data/gtans-1.99.0/src/callbacks.c:313:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(hlpfile=fopen(helpfiledef,"r"))!=NULL ) {
data/gtans-1.99.0/src/main.c:122:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dumtabpxnam[3],**tabpxnam=dumtabpxnam-PXSTART;
data/gtans-1.99.0/src/main.c:936:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (hand = fopen(statusfilename, "r"))!=NULL ){
data/gtans-1.99.0/src/main.c:958:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (hand = fopen(statusfilename, "w"))!=NULL ){
data/gtans-1.99.0/src/main.c:976:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/gtans-1.99.0/src/main.c:1002:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (hand = fopen(name, "r"))!=NULL &&
data/gtans-1.99.0/src/main.c:1143:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (hand=fopen(userconf, "w"))!=NULL){
data/gtans-1.99.0/src/main.c:1238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dumname[1024];
data/gtans-1.99.0/src/main.c:1247:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (hand = fopen(filename, "r"))!=NULL &&
data/gtans-1.99.0/src/main.c:1254:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dumname, "ErrorInConfigFile");
data/gtans-1.99.0/src/main.c:1285:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dumname, "ErrorInConfigFile");
data/gtans-1.99.0/src/main.c:1827:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (hand=fopen("pouet.fig", "w"))!=NULL){
data/gtans-1.99.0/src/callbacks.c:308:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (filext, helpfile_ext, 2);
data/gtans-1.99.0/src/main.c:195:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pnt=(char *)g_malloc(strlen(name)+1);
data/gtans-1.99.0/src/main.c:938:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( fgetc(hand)=='y' )
data/gtans-1.99.0/src/main.c:980:13: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
*lres = fscanf(fhd, "%99s",buf);
data/gtans-1.99.0/src/support.c:148:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_filename = (gchar*) g_malloc (strlen (directory) + 1
data/gtans-1.99.0/src/support.c:149:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (filename) + 1);
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 4484 in approximately 0.68 seconds (6588 lines/second)
Physical Source Lines of Code (SLOC) = 3357
Hits@level = [0] 7 [1] 6 [2] 17 [3] 1 [4] 9 [5] 0
Hits@level+ = [0+] 40 [1+] 33 [2+] 27 [3+] 10 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 11.9154 [1+] 9.83021 [2+] 8.0429 [3+] 2.97885 [4+] 2.68097 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.