Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/i2util-1.6/I2util/ErrLog.c
Examining data/i2util-1.6/I2util/ErrLogImmediate.c
Examining data/i2util-1.6/I2util/ErrLogSyslog.c
Examining data/i2util-1.6/I2util/Pthread.c
Examining data/i2util-1.6/I2util/Pthread.h
Examining data/i2util-1.6/I2util/addr.c
Examining data/i2util-1.6/I2util/addr.h
Examining data/i2util-1.6/I2util/conf.c
Examining data/i2util-1.6/I2util/conf.h
Examining data/i2util-1.6/I2util/errlog.h
Examining data/i2util-1.6/I2util/errlogimmediate.h
Examining data/i2util-1.6/I2util/errlogsyslog.h
Examining data/i2util-1.6/I2util/hex.c
Examining data/i2util-1.6/I2util/hex.h
Examining data/i2util-1.6/I2util/hmac-sha1.c
Examining data/i2util-1.6/I2util/hmac-sha1.h
Examining data/i2util-1.6/I2util/io.c
Examining data/i2util-1.6/I2util/io.h
Examining data/i2util-1.6/I2util/mach_dep.c
Examining data/i2util-1.6/I2util/mach_dep.h
Examining data/i2util-1.6/I2util/md5.c
Examining data/i2util-1.6/I2util/md5.h
Examining data/i2util-1.6/I2util/pbkdf2.c
Examining data/i2util-1.6/I2util/pbkdf2.h
Examining data/i2util-1.6/I2util/random.c
Examining data/i2util-1.6/I2util/random.h
Examining data/i2util-1.6/I2util/readpassphrase.c
Examining data/i2util-1.6/I2util/readpassphrase.h
Examining data/i2util-1.6/I2util/saddr.c
Examining data/i2util-1.6/I2util/saddr.h
Examining data/i2util-1.6/I2util/sha1.c
Examining data/i2util-1.6/I2util/sha1.h
Examining data/i2util-1.6/I2util/sha1P.h
Examining data/i2util-1.6/I2util/table.c
Examining data/i2util-1.6/I2util/table.h
Examining data/i2util-1.6/I2util/util.h
Examining data/i2util-1.6/I2util/utilP.h
Examining data/i2util-1.6/aespasswd/aespasswd.c
Examining data/i2util-1.6/pfstore/pfstore.c
Examining data/i2util-1.6/test/hmac-sha1test.c
Examining data/i2util-1.6/test/pbkdf2test.c
Examining data/i2util-1.6/test/sha1test.c
FINAL RESULTS:
data/i2util-1.6/I2util/ErrLog.c:701:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void) vsnprintf(buf,sizeof(buf),new_format,ap);
data/i2util-1.6/I2util/ErrLogSyslog.c:414:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
rc = sprintf(bufptr, "%s", ev->msg);
data/i2util-1.6/I2util/addr.c:208:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->ai_canonname,src->ai_canonname);
data/i2util-1.6/I2util/conf.c:206:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key,line);
data/i2util-1.6/I2util/conf.c:225:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(val,line);
data/i2util-1.6/aespasswd/aespasswd.c:107:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc,argv,copts)) != -1){
data/i2util-1.6/pfstore/pfstore.c:112:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc,argv,copts)) != -1){
data/i2util-1.6/I2util/ErrLog.c:681:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_format[MSG_BUF_SIZE];
data/i2util-1.6/I2util/ErrLog.c:682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSG_BUF_SIZE];
data/i2util-1.6/I2util/ErrLogImmediate.c:134:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftime[64];
data/i2util-1.6/I2util/ErrLogSyslog.c:363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096], *bufptr;
data/i2util-1.6/I2util/ErrLogSyslog.c:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftime[64];
data/i2util-1.6/I2util/addr.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[NI_MAXHOST+1];
data/i2util-1.6/I2util/addr.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[NI_MAXSERV+1];
data/i2util-1.6/I2util/addr.c:187:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->ai_addr,src->ai_addr,src->ai_addrlen);
data/i2util-1.6/I2util/addr.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[NI_MAXHOST+1];
data/i2util-1.6/I2util/addr.c:504:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v4addr.sin_addr.s_addr,
data/i2util-1.6/I2util/addr.c:540:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr->saddr,saddr,saddrlen);
data/i2util-1.6/I2util/addr.c:1398:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t8[0],&h32,4);
data/i2util-1.6/I2util/addr.c:1399:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t8[4],&l32,4);
data/i2util-1.6/I2util/addr.c:1414:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t32,&t8[0],4);
data/i2util-1.6/I2util/addr.c:1419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t32,&t8[4],4);
data/i2util-1.6/I2util/conf.c:399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[I2MAXIDENTITYLEN+1]; /* add one extra byte */
data/i2util-1.6/I2util/conf.c:506:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_ret,kbuf,I2KEYLEN);
data/i2util-1.6/I2util/conf.c:537:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[(I2KEYLEN*2)+1]; /* size for hex version */
data/i2util-1.6/I2util/hmac-sha1.c:160:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key,inkey,len);
data/i2util-1.6/I2util/io.c:283:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr,fptr,len);
data/i2util-1.6/I2util/mach_dep.c:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *sys_errlist[NUM_ERRORS];
data/i2util-1.6/I2util/md5.c:226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/i2util-1.6/I2util/md5.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, free);
data/i2util-1.6/I2util/md5.c:241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/i2util-1.6/I2util/md5.h:37:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/i2util-1.6/I2util/pbkdf2.c:167:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,salt,saltlen);
data/i2util-1.6/I2util/pbkdf2.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+saltlen,ival,4);
data/i2util-1.6/I2util/pbkdf2.c:174:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u,buffer,prf_hlen);
data/i2util-1.6/I2util/pbkdf2.c:283:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out,outbuff,r);
data/i2util-1.6/I2util/random.c:78:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (rand_src->fd = open((char *)data, O_RDONLY))<0){
data/i2util-1.6/I2util/readpassphrase.c:114:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) {
data/i2util-1.6/I2util/readpassphrase.c:228:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) {
data/i2util-1.6/I2util/saddr.c:82:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sau_mem->sin6,sa,sa_len);
data/i2util-1.6/I2util/saddr.c:90:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sau_mem->sin,sa,sa_len);
data/i2util-1.6/I2util/saddr.c:145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa_mem,&sau->sas,*sa_len_in_out);
data/i2util-1.6/I2util/saddr.c:204:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v4rec.sin_addr.s_addr,
data/i2util-1.6/I2util/saddr.c:224:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v4rec.sin_addr.s_addr,
data/i2util-1.6/I2util/saddr.c:326:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v4rec.sin_addr.s_addr,
data/i2util-1.6/I2util/sha1.c:112:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(block, buffer, I2SHA1_BLOCK_SIZE);
data/i2util-1.6/I2util/sha1.c:242:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&sha1->buffer[j], data, (i = 64-j));
data/i2util-1.6/I2util/sha1.c:257:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&sha1->buffer[j], &data[i], len - i);
data/i2util-1.6/aespasswd/aespasswd.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockfname[PATH_MAX];
data/i2util-1.6/aespasswd/aespasswd.c:161:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fromfp = fopen(keyfname,"r+");
data/i2util-1.6/aespasswd/aespasswd.c:210:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockfd = open(lockfname,O_RDWR|O_CREAT,S_IRUSR|S_IWUSR);
data/i2util-1.6/aespasswd/aespasswd.c:239:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppbuf[1024];
data/i2util-1.6/aespasswd/aespasswd.c:240:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[1024];
data/i2util-1.6/pfstore/pfstore.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockfname[PATH_MAX];
data/i2util-1.6/pfstore/pfstore.c:158:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fromfp = fopen(pffname,"r+");
data/i2util-1.6/pfstore/pfstore.c:207:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockfd = open(lockfname,O_RDWR|O_CREAT,S_IRUSR|S_IWUSR);
data/i2util-1.6/pfstore/pfstore.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[2048];
data/i2util-1.6/test/hmac-sha1test.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hd[(2*I2SHA1_DIGEST_SIZE)+1];
data/i2util-1.6/test/hmac-sha1test.c:127:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)txt,"Hi There");
data/i2util-1.6/test/hmac-sha1test.c:139:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)key,"Jefe");
data/i2util-1.6/test/hmac-sha1test.c:140:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)txt,"what do ya want for nothing?");
data/i2util-1.6/test/hmac-sha1test.c:179:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)txt,"Test With Truncation");
data/i2util-1.6/test/hmac-sha1test.c:192:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)txt,"Test Using Larger Than Block-Size Key - Hash Key First");
data/i2util-1.6/test/hmac-sha1test.c:206:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)txt,
data/i2util-1.6/test/pbkdf2test.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hd[(2*32)+1];
data/i2util-1.6/test/pbkdf2test.c:121:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hd,"\'N/A\'");
data/i2util-1.6/test/pbkdf2test.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saltbuff[8];
data/i2util-1.6/test/pbkdf2test.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passbuff[65];
data/i2util-1.6/test/sha1test.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hd[(2*I2SHA1_DIGEST_SIZE)+1];
data/i2util-1.6/I2util/ErrLog.c:175:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(strlen(buf));
data/i2util-1.6/I2util/ErrLog.c:704:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(buf,sizeof(char),strlen(buf),stderr);
data/i2util-1.6/I2util/ErrLogSyslog.c:165:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncasecmp(ptr->c_name,name,strlen(ptr->c_name)) == 0){
data/i2util-1.6/I2util/ErrLogSyslog.c:231:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncasecmp(ptr->c_name,name,strlen(ptr->c_name)) == 0){
data/i2util-1.6/I2util/addr.c:147:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(addr->node,"unknown",sizeof(addr->node));
data/i2util-1.6/I2util/addr.c:149:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(addr->port,"unknown",sizeof(addr->port));
data/i2util-1.6/I2util/addr.c:194:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(src->ai_canonname);
data/i2util-1.6/I2util/addr.c:233:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(to->node,from->node,sizeof(to->node));
data/i2util-1.6/I2util/addr.c:238:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(to->port,from->port,sizeof(to->port));
data/i2util-1.6/I2util/addr.c:288:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff,node,sizeof(buff));
data/i2util-1.6/I2util/addr.c:326:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nptr && strlen(nptr)){
data/i2util-1.6/I2util/addr.c:327:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr->node,nptr,sizeof(addr->node));
data/i2util-1.6/I2util/addr.c:331:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pptr && strlen(pptr)){
data/i2util-1.6/I2util/addr.c:342:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr->port,pptr,sizeof(addr->port));
data/i2util-1.6/I2util/addr.c:400:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(addr->node,"unixsock",sizeof(addr->node));
data/i2util-1.6/I2util/addr.c:401:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(addr->port,"unnamed",sizeof(addr->port));
data/i2util-1.6/I2util/addr.c:422:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(addr->node,"unknown",sizeof(addr->node));
data/i2util-1.6/I2util/addr.c:423:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(addr->port,"unknown",sizeof(addr->port));
data/i2util-1.6/I2util/addr.c:1133:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,addr->node,*len);
data/i2util-1.6/I2util/addr.c:1135:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(buf); i++) {
data/i2util-1.6/I2util/addr.c:1187:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,addr->port,*len);
data/i2util-1.6/I2util/addr.c:1237:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen("[]:") + strlen(addr->node) + strlen(addr->port);
data/i2util-1.6/I2util/addr.c:1237:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen("[]:") + strlen(addr->node) + strlen(addr->port);
data/i2util-1.6/I2util/addr.c:1237:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen("[]:") + strlen(addr->node) + strlen(addr->port);
data/i2util-1.6/I2util/addr.c:1240:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(buf,"[",*len);
data/i2util-1.6/I2util/addr.c:1241:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf,addr->node,*len);
data/i2util-1.6/I2util/addr.c:1242:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf,"]:",*len);
data/i2util-1.6/I2util/addr.c:1243:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf,addr->port,*len);
data/i2util-1.6/I2util/conf.c:73:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(fp)) != EOF){
data/i2util-1.6/I2util/conf.c:91:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(fp)) != EOF){
data/i2util-1.6/I2util/conf.c:111:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(fp) == '\n'){
data/i2util-1.6/I2util/conf.c:202:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(line)+1 > max){
data/i2util-1.6/I2util/conf.c:221:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(line)+1 > max){
data/i2util-1.6/I2util/conf.c:268:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(fp)) != EOF){
data/i2util-1.6/I2util/conf.c:294:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(fp)) != EOF){
data/i2util-1.6/I2util/conf.c:502:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(id_ret,rbuf,sizeof(rbuf));
data/i2util-1.6/I2util/conf.c:539:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!id || (id[0] == '\0') || (strlen(id) > I2MAXIDENTITYLEN)){
data/i2util-1.6/I2util/conf.c:614:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idq_len = strlen(id_query);
data/i2util-1.6/I2util/conf.c:836:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(limstr);
data/i2util-1.6/I2util/conf.c:911:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(limstr);
data/i2util-1.6/I2util/io.c:87:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((nread = read(fd, ptr, nleft)) < 0){
data/i2util-1.6/I2util/readpassphrase.c:154:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write(output, prompt, strlen(prompt));
data/i2util-1.6/I2util/readpassphrase.c:156:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (p = buf; (nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) {
data/i2util-1.6/I2util/readpassphrase.c:271:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write(output, prompt, strlen(prompt));
data/i2util-1.6/I2util/readpassphrase.c:277:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(((nr = read(input, &ch, 1)) == 1)&&(ch != '\n')&&(ch != '\r')){
data/i2util-1.6/aespasswd/aespasswd.c:146:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[0]);
data/i2util-1.6/aespasswd/aespasswd.c:185:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lockfname,keyfname,len);
data/i2util-1.6/aespasswd/aespasswd.c:194:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lockfname,dname,len);
data/i2util-1.6/aespasswd/aespasswd.c:199:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(lockfname) - strlen(lockfname) - 1;
data/i2util-1.6/aespasswd/aespasswd.c:200:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(lockfname,"/.",len);
data/i2util-1.6/aespasswd/aespasswd.c:202:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lockfname,progname,len);
data/i2util-1.6/aespasswd/aespasswd.c:203:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len -= strlen(progname);
data/i2util-1.6/aespasswd/aespasswd.c:204:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(lockfname,".lock",len);
data/i2util-1.6/aespasswd/aespasswd.c:259:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pplen = strlen(passphrase);
data/i2util-1.6/pfstore/pfstore.c:182:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lockfname,pffname,len);
data/i2util-1.6/pfstore/pfstore.c:191:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lockfname,dname,len);
data/i2util-1.6/pfstore/pfstore.c:196:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(lockfname) - strlen(lockfname) - 1;
data/i2util-1.6/pfstore/pfstore.c:197:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(lockfname,"/.",len);
data/i2util-1.6/pfstore/pfstore.c:199:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lockfname,progname,len);
data/i2util-1.6/pfstore/pfstore.c:200:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len -= strlen(progname);
data/i2util-1.6/pfstore/pfstore.c:201:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(lockfname,".lock",len);
data/i2util-1.6/pfstore/pfstore.c:279:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t *)passphrase,strlen(passphrase),
data/i2util-1.6/test/sha1test.c:92:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
I2Sha1((uint8_t*)in[0],strlen(in[0]),result);
data/i2util-1.6/test/sha1test.c:111:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
I2Sha1((uint8_t*)in[1],strlen(in[1]),result);
ANALYSIS SUMMARY:
Hits = 133
Lines analyzed = 10451 in approximately 0.29 seconds (35576 lines/second)
Physical Source Lines of Code (SLOC) = 5290
Hits@level = [0] 74 [1] 64 [2] 62 [3] 2 [4] 5 [5] 0
Hits@level+ = [0+] 207 [1+] 133 [2+] 69 [3+] 7 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 39.1304 [1+] 25.1418 [2+] 13.0435 [3+] 1.32325 [4+] 0.94518 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.