Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/tacplus_client.h
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/utils.c
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/md5.h
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/md5.c
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/parse.h
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/regmagic.h
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/regexp.h
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/encrypt.c
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_plus.h
Examining data/libauthen-tacacsplus-perl-0.28/tacpluslib/expire.h
FINAL RESULTS:
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:177:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tac_key,key);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:175:1: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/libauthen-tacacsplus-perl-0.28/tacpluslib/encrypt.c:63:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(key, mdp, strlen(key));
data/libauthen-tacacsplus-perl-0.28/tacpluslib/encrypt.c:73:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(prev_hash, mdp, MD5_LEN);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/encrypt.c:137:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(hash, last_hash, MD5_LEN);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/md5.c:67:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MD5_memcpy(out,in,len) memcpy(out, in, len)
data/libauthen-tacacsplus-perl-0.28/tacpluslib/md5.c:77:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/libauthen-tacacsplus-perl-0.28/tacpluslib/md5.c:179:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16]; /* message digest */
data/libauthen-tacacsplus-perl-0.28/tacpluslib/md5.c:182:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/libauthen-tacacsplus-perl-0.28/tacpluslib/md5.c:208:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/libauthen-tacacsplus-perl-0.28/tacpluslib/md5.c:358:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) output)[i] = (char) value;
data/libauthen-tacacsplus-perl-0.28/tacpluslib/md5.h:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/libauthen-tacacsplus-perl-0.28/tacpluslib/regexp.h:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *startp[NSUBEXP];
data/libauthen-tacacsplus-perl-0.28/tacpluslib/regexp.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *endp[NSUBEXP];
data/libauthen-tacacsplus-perl-0.28/tacpluslib/regexp.h:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char program[1]; /* Unwarranted chumminess with compiler. */
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tac_key[128];
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ourhost[128];
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:84:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(username,buf+datalength+TAC_PLUS_HDR_SIZE,as.user_len);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:87:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ourtty,buf+datalength+TAC_PLUS_HDR_SIZE,ourtty_len);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:91:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ourhost,buf+datalength+TAC_PLUS_HDR_SIZE,ourhost_len);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:96:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(password,buf+datalength+TAC_PLUS_HDR_SIZE,as.data_len);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:100:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&hdr,buf,TAC_PLUS_HDR_SIZE);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:101:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&as,buf+TAC_PLUS_HDR_SIZE,TAC_AUTHEN_START_FIXED_FIELDS_SIZE);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:146:1: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(msg,buf+TAC_PLUS_HDR_SIZE+TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE,msg_len);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:149:1: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&hdr,buf,TAC_PLUS_HDR_SIZE);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:150:1: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&ac,buf+TAC_PLUS_HDR_SIZE,TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:194:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tac_port.sin_port=htons (atoi(port_name));
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_plus.h:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authen_name[AUTHEN_NAME_SIZE];
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_plus.h:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[NAS_PORT_MAX_LEN+1]; /* For error reporting */
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_plus.h:709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[64]; /* User name */
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_plus.h:710:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char NAS_name[32]; /* NAS user logged into */
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_plus.h:711:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char NAS_port[32]; /* ...port on that NAS */
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_plus.h:712:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char NAC_address[32]; /* ...IP address of NAS */
data/libauthen-tacacsplus-perl-0.28/tacpluslib/utils.c:104:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(p, string, len);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/utils.c:150:1: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(s1, s2, len)
data/libauthen-tacacsplus-perl-0.28/tacpluslib/encrypt.c:53:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md_len = sizeof(session_id) + strlen(key) + sizeof(version) +
data/libauthen-tacacsplus-perl-0.28/tacpluslib/encrypt.c:63:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bcopy(key, mdp, strlen(key));
data/libauthen-tacacsplus-perl-0.28/tacpluslib/encrypt.c:64:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mdp += strlen(key);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:173:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ourhost_len=strlen(ourhost);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:174:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ourtty_len=strlen(ourtty);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/tac_client.c:315:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read_len = read(fd,buf+have_len,buf_len-have_len);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/utils.c:121:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(substring);
data/libauthen-tacacsplus-perl-0.28/tacpluslib/utils.c:123:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len > (int) strlen(string)) {
ANALYSIS SUMMARY:
Hits = 43
Lines analyzed = 2035 in approximately 0.06 seconds (32368 lines/second)
Physical Source Lines of Code (SLOC) = 1291
Hits@level = [0] 3 [1] 8 [2] 33 [3] 1 [4] 1 [5] 0
Hits@level+ = [0+] 46 [1+] 43 [2+] 35 [3+] 2 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 35.6313 [1+] 33.3075 [2+] 27.1108 [3+] 1.54919 [4+] 0.774593 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.