Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jss-4.8.0/org/mozilla/jss/CryptoManager.c
Examining data/jss-4.8.0/org/mozilla/jss/PK11Finder.c
Examining data/jss-4.8.0/org/mozilla/jss/SecretDecoderRing/KeyManager.c
Examining data/jss-4.8.0/org/mozilla/jss/asn1/ASN1Util.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/Algorithm.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/Algorithm.h
Examining data/jss-4.8.0/org/mozilla/jss/crypto/KBKDF.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/PQGParams.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/Policy.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/SecretDecoderRing.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/Buffer.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/BufferProxy.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/BufferProxy.h
Examining data/jss-4.8.0/org/mozilla/jss/nss/PR.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/PRErrors.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/PRFDProxy.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/PRFDProxy.h
Examining data/jss-4.8.0/org/mozilla/jss/nss/SECErrors.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/SSL.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/SSLErrors.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/SSLFDProxy.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/SSLFDProxy.h
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Cert.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Cipher.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyGenerator.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11MessageDigest.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Module.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11PrivKey.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11PubKey.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11SecureRandom.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Signature.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Store.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11SymKey.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11SymmetricKeyDeriver.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Token.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/attrs/CKAttribute.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/attrs/CKAttribute.h
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/pk11util.h
Examining data/jss-4.8.0/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLCipher.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLServerSocket.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLVersionRange.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLVersionRange.h
Examining data/jss-4.8.0/org/mozilla/jss/ssl/callbacks.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/common.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javax/BufferPRFD.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javax/BufferPRFD.h
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javax/j_buffer.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javax/j_buffer.h
Examining data/jss-4.8.0/org/mozilla/jss/ssl/jssl.h
Examining data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFD.c
Examining data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c
Examining data/jss-4.8.0/org/mozilla/jss/tests/buffer_size_1.c
Examining data/jss-4.8.0/org/mozilla/jss/tests/buffer_size_4.c
Examining data/jss-4.8.0/org/mozilla/jss/util/GlobalRefProxy.c
Examining data/jss-4.8.0/org/mozilla/jss/util/GlobalRefProxy.h
Examining data/jss-4.8.0/org/mozilla/jss/util/NSPRerrs.h
Examining data/jss-4.8.0/org/mozilla/jss/util/NativeEnclosure.c
Examining data/jss-4.8.0/org/mozilla/jss/util/NativeEnclosure.h
Examining data/jss-4.8.0/org/mozilla/jss/util/NativeErrcodes.c
Examining data/jss-4.8.0/org/mozilla/jss/util/SECerrs.h
Examining data/jss-4.8.0/org/mozilla/jss/util/SSLerrs.h
Examining data/jss-4.8.0/org/mozilla/jss/util/StaticVoidPointer.c
Examining data/jss-4.8.0/org/mozilla/jss/util/StaticVoidPointer.h
Examining data/jss-4.8.0/org/mozilla/jss/util/errstrings.c
Examining data/jss-4.8.0/org/mozilla/jss/util/java_ids.h
Examining data/jss-4.8.0/org/mozilla/jss/util/jss_bigint.h
Examining data/jss-4.8.0/org/mozilla/jss/util/jss_exceptions.h
Examining data/jss-4.8.0/org/mozilla/jss/util/jssutil.c
Examining data/jss-4.8.0/org/mozilla/jss/util/jssutil.h
Examining data/jss-4.8.0/org/mozilla/jss/util/jssver.c
Examining data/jss-4.8.0/tools/tests/cmac.c
FINAL RESULTS:
data/jss-4.8.0/org/mozilla/jss/PK11Finder.c:1138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( node->data, buf, len );
data/jss-4.8.0/org/mozilla/jss/PK11Finder.c:1317:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkcs7Bytes+processed, node->data, node->len);
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:327:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:386:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:412:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyGenerator.c:153:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->data, bytes, item->len);
data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyGenerator.c:205:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ivData[8];
data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyWrapper.c:452:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[256] = {0};
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:61:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:106:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:115:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:149:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:641:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.inet.ip, addrBAelems, 4);
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:653:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.ipv6.ip,addrBAelems, 16);
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:811:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:838:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:859:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:880:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/common.c:504:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.inet.ip, addrBAelems, 4);
data/jss-4.8.0/org/mozilla/jss/ssl/common.c:516:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.ipv6.ip,addrBAelems, 16);
data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c:221:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes+outbufLen,iov[iovi].iov_base, iov[iovi].iov_len);
data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c:366:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) &addr->inet.ip, addrBytes, 4);
data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c:370:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) &addr->ipv6.ip,addrBytes, 16);
data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c:553:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, bytes, retval);
data/jss-4.8.0/org/mozilla/jss/ssl/javax/BufferPRFD.c:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr->ipv6.ip, internal->peer_addr, 16);
data/jss-4.8.0/org/mozilla/jss/ssl/javax/BufferPRFD.c:348:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd->secret->peer_addr, peer_info, len);
data/jss-4.8.0/org/mozilla/jss/ssl/javax/j_buffer.c:163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(write_ptr, input, write_size);
data/jss-4.8.0/org/mozilla/jss/ssl/javax/j_buffer.c:260:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, read_ptr, read_size);
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:361:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, client_message, strlen(client_message));
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, server_message, strlen(server_message));
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes+1, item->data, size-1);
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:432:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->data, bytes, size);
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:709:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*data, array_data, array_length);
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:379:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PR_ASSERT( strlen(manuChars) == 33 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:380:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PR_ASSERT( strlen(libraryChars) == 33 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:381:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PR_ASSERT( strlen(tokChars) == 33 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:382:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PR_ASSERT( strlen(keyTokChars) == 33 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:383:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PR_ASSERT( strlen(slotChars) == 65 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:384:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PR_ASSERT( strlen(keySlotChars) == 65 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:385:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PR_ASSERT( strlen(fipsChars) == 65 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:386:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PR_ASSERT( strlen(fipsKeyChars) == 65 );
data/jss-4.8.0/org/mozilla/jss/nss/PR.c:365:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
error_size = strlen(error_name);
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:48:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cipher_java = JSS_ToByteArray(env, cipher, strlen(cipher));
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:52:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
issuer_java = JSS_ToByteArray(env, issuer, strlen(issuer));
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:56:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subject_java = JSS_ToByteArray(env, subject, strlen(subject));
data/jss-4.8.0/org/mozilla/jss/ssl/common.c:52:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgLen = strlen(message) + strlen(errStr) + 40;
data/jss-4.8.0/org/mozilla/jss/ssl/common.c:52:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgLen = strlen(message) + strlen(errStr) + 40;
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:361:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf, client_message, strlen(client_message));
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:362:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PRInt32 ret = PR_Write(c_nspr, buf, strlen(buf));
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:383:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf, server_message, strlen(server_message));
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:384:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = PR_Write(s_nspr, buf, strlen(buf));
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:53:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgLen = strlen(message) + strlen(errStr) + 40;
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:53:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgLen = strlen(message) + strlen(errStr) + 40;
ANALYSIS SUMMARY:
Hits = 56
Lines analyzed = 34764 in approximately 0.93 seconds (37259 lines/second)
Physical Source Lines of Code (SLOC) = 24062
Hits@level = [0] 67 [1] 20 [2] 36 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 123 [1+] 56 [2+] 36 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 5.11179 [1+] 2.32732 [2+] 1.49613 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 4 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.