Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hd-idle-1.05+ds/hd-idle.c
FINAL RESULTS:
data/hd-idle-1.05+ds/hd-idle.c:500:14: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((len = readlink(path, buf, sizeof(buf) - 1)) <= 0) {
data/hd-idle-1.05+ds/hd-idle.c:135:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define dprintf if (debug) printf
data/hd-idle-1.05+ds/hd-idle.c:269:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "%*d %*d %s %*u %*u %u %*u %*u %*u %u %*u %*u %*u %*u",
data/hd-idle-1.05+ds/hd-idle.c:548:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, va);
data/hd-idle-1.05+ds/hd-idle.c:191:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "t:a:i:l:dh")) != -1) {
data/hd-idle-1.05+ds/hd-idle.c:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[50];
data/hd-idle-1.05+ds/hd-idle.c:213:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
it->idle_time = atoi(optarg);
data/hd-idle-1.05+ds/hd-idle.c:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/hd-idle-1.05+ds/hd-idle.c:261:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(STAT_FILE, "r")) == NULL) {
data/hd-idle-1.05+ds/hd-idle.c:296:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ds, &tmp, sizeof(*ds));
data/hd-idle-1.05+ds/hd-idle.c:380:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_RDONLY);
data/hd-idle-1.05+ds/hd-idle.c:381:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_WRONLY);
data/hd-idle-1.05+ds/hd-idle.c:382:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_WRONLY);
data/hd-idle-1.05+ds/hd-idle.c:403:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sense_buf[255];
data/hd-idle-1.05+ds/hd-idle.c:404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[100];
data/hd-idle-1.05+ds/hd-idle.c:423:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(dev_name, O_RDONLY)) < 0) {
data/hd-idle-1.05+ds/hd-idle.c:430:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/hd-idle-1.05+ds/hd-idle.c:450:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(logfile, "a")) != NULL) {
data/hd-idle-1.05+ds/hd-idle.c:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[20];
data/hd-idle-1.05+ds/hd-idle.c:461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstr[20];
data/hd-idle-1.05+ds/hd-idle.c:492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/hd-idle-1.05+ds/hd-idle.c:507:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, path, sizeof(buf) - 1);
data/hd-idle-1.05+ds/hd-idle.c:509:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/hd-idle-1.05+ds/hd-idle.c:514:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = buf + strlen(buf) - 1; s >= buf && isdigit(*s); s--) {
ANALYSIS SUMMARY:
Hits = 24
Lines analyzed = 575 in approximately 0.07 seconds (8793 lines/second)
Physical Source Lines of Code (SLOC) = 322
Hits@level = [0] 18 [1] 3 [2] 16 [3] 1 [4] 3 [5] 1
Hits@level+ = [0+] 42 [1+] 24 [2+] 21 [3+] 5 [4+] 4 [5+] 1
Hits/KSLOC@level+ = [0+] 130.435 [1+] 74.5342 [2+] 65.2174 [3+] 15.528 [4+] 12.4224 [5+] 3.10559
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.