Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c
FINAL RESULTS:
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:115:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
#define crypt apr_password_validate
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:622:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, val);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:870:23: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
sent_pw = (char *) crypt(sent_pw, real_pw);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:442:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pg_errstr[MAX_STRING_LEN];
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:449:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[APR_MD5_DIGESTSIZE];
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:450:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char md5hash[APR_MD5_DIGESTSIZE * 2 + 1];
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[MAX_STRING_LEN];
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:700:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[MAX_STRING_LEN];
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:911:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[MAX_STRING_LEN];
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:914:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fields[MAX_STRING_LEN];
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:915:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char values[MAX_STRING_LEN];
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:919:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[MAX_STRING_LEN]; /* time in string format */
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:453:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apr_md5(digest, (const unsigned char *) pw, strlen(pw));
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:612:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(result = (char *) apr_pcalloc(r->pool, strlen(val) + 1))) {
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:639:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_user = apr_palloc(r->pool, 1 + 2 * strlen(user));
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:640:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pg_check_string(safe_user, user, strlen(user), r, sec);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:705:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_user = apr_palloc(r->pool, 1 + 2 * strlen(user));
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:706:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_group = apr_palloc(r->pool, 1 + 2 * strlen(group));
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:715:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pg_check_string(safe_user, user, strlen(user), r, sec);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:716:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pg_check_string(safe_group, group, strlen(group), r, sec);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:844:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sec->auth_pg_nopasswd) && (!strlen(real_pw))) {
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:856:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!strlen(real_pw)) || (!strlen(sent_pw))) {
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:856:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!strlen(real_pw)) || (!strlen(sent_pw))) {
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:923:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_user = apr_palloc(r->pool, 1 + 2 * strlen(user));
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:924:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_pw = apr_palloc(r->pool, 1 + 2 * strlen(sent_pw));
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:925:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_req = apr_palloc(r->pool, 1 + 2 * strlen(r->the_request));
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:936:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pg_check_string(safe_user, user, strlen(user), r, sec);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:937:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pg_check_string(safe_pw, sent_pw, strlen(sent_pw), r, sec);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:938:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pg_check_string(safe_req, r->the_request, strlen(r->the_request), r, sec);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:980:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:980:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:983:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:983:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:988:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:988:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:990:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:990:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:995:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:995:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:997:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1);
data/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:997:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1);
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 1058 in approximately 0.09 seconds (11517 lines/second)
Physical Source Lines of Code (SLOC) = 789
Hits@level = [0] 0 [1] 29 [2] 9 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 41 [1+] 41 [2+] 12 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 51.9645 [1+] 51.9645 [2+] 15.2091 [3+] 3.80228 [4+] 3.80228 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.