Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcryptui-3.12.2/libcryptui/cryptui-key-store.c
Examining data/libcryptui-3.12.2/libcryptui/cryptui-defines.h
Examining data/libcryptui-3.12.2/libcryptui/tests/cryptui-test-ui.c
Examining data/libcryptui-3.12.2/libcryptui/cryptui-marshal.c
Examining data/libcryptui-3.12.2/libcryptui/cryptui-key-combo.h
Examining data/libcryptui-3.12.2/libcryptui/cryptui-key-list.h
Examining data/libcryptui-3.12.2/libcryptui/cryptui-key-store.h
Examining data/libcryptui-3.12.2/libcryptui/cryptui-key-chooser.h
Examining data/libcryptui-3.12.2/libcryptui/cryptui-key-chooser.c
Examining data/libcryptui-3.12.2/libcryptui/cryptui-keyset.c
Examining data/libcryptui-3.12.2/libcryptui/cryptui.h
Examining data/libcryptui-3.12.2/libcryptui/cryptui-keyset.h
Examining data/libcryptui-3.12.2/libcryptui/cryptui-marshal.h
Examining data/libcryptui-3.12.2/libcryptui/cryptui-priv.h
Examining data/libcryptui-3.12.2/libcryptui/cryptui-key-list.c
Examining data/libcryptui-3.12.2/libcryptui/cryptui-key-combo.c
Examining data/libcryptui-3.12.2/libcryptui/cryptui.c
Examining data/libcryptui-3.12.2/libegg/eggsmclient.h
Examining data/libcryptui-3.12.2/libegg/egg-datetime.c
Examining data/libcryptui-3.12.2/libegg/eggsmclient-xsmp.c
Examining data/libcryptui-3.12.2/libegg/egg-datetime.h
Examining data/libcryptui-3.12.2/libegg/eggdesktopfile.h
Examining data/libcryptui-3.12.2/libegg/eggsmclient-private.h
Examining data/libcryptui-3.12.2/libegg/eggdesktopfile.c
Examining data/libcryptui-3.12.2/libegg/eggsmclient.c
Examining data/libcryptui-3.12.2/daemon/seahorse-service.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-key-op.c
Examining data/libcryptui-3.12.2/daemon/seahorse-notification.c
Examining data/libcryptui-3.12.2/daemon/seahorse-unknown-source.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-subkey.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-operation.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-operation.c
Examining data/libcryptui-3.12.2/daemon/seahorse-progress.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-source.h
Examining data/libcryptui-3.12.2/daemon/seahorse-operation.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-key.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-uid.c
Examining data/libcryptui-3.12.2/daemon/seahorse-passphrase.c
Examining data/libcryptui-3.12.2/daemon/seahorse-service-crypto-bindings.h
Examining data/libcryptui-3.12.2/daemon/seahorse-object.c
Examining data/libcryptui-3.12.2/daemon/seahorse-unknown-source.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gtkstock.h
Examining data/libcryptui-3.12.2/daemon/seahorse-set.h
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-subkey.c
Examining data/libcryptui-3.12.2/daemon/seahorse-service-keyset.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpg-options.c
Examining data/libcryptui-3.12.2/daemon/seahorse-context.h
Examining data/libcryptui-3.12.2/daemon/seahorse-unix-signal.h
Examining data/libcryptui-3.12.2/daemon/seahorse-object-list.h
Examining data/libcryptui-3.12.2/daemon/seahorse-marshal.h
Examining data/libcryptui-3.12.2/daemon/seahorse-validity.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-subkey.h
Examining data/libcryptui-3.12.2/daemon/seahorse-widget.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-key-op.h
Examining data/libcryptui-3.12.2/daemon/seahorse-types.h
Examining data/libcryptui-3.12.2/daemon/seahorse-validity.h
Examining data/libcryptui-3.12.2/daemon/seahorse-progress.h
Examining data/libcryptui-3.12.2/daemon/seahorse-set.c
Examining data/libcryptui-3.12.2/daemon/seahorse-service.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme.h
Examining data/libcryptui-3.12.2/daemon/seahorse-secure-buffer.h
Examining data/libcryptui-3.12.2/daemon/seahorse-context.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-data.h
Examining data/libcryptui-3.12.2/daemon/seahorse-types.c
Examining data/libcryptui-3.12.2/daemon/seahorse-secure-memory.h
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-uid.c
Examining data/libcryptui-3.12.2/daemon/seahorse-service-crypto.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-generate.h
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-signature.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gpg-options.h
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-key.c
Examining data/libcryptui-3.12.2/daemon/seahorse-widget.h
Examining data/libcryptui-3.12.2/daemon/seahorse-service-bindings.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-generate.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-source.c
Examining data/libcryptui-3.12.2/daemon/seahorse-util.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpg-op.c
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-key.h
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-module.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-uid.h
Examining data/libcryptui-3.12.2/daemon/seahorse-source.c
Examining data/libcryptui-3.12.2/daemon/seahorse-object.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-key.h
Examining data/libcryptui-3.12.2/daemon/seahorse-source.h
Examining data/libcryptui-3.12.2/daemon/seahorse-transfer-operation.h
Examining data/libcryptui-3.12.2/daemon/seahorse-unknown.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gpg-op.h
Examining data/libcryptui-3.12.2/daemon/seahorse-object-list.c
Examining data/libcryptui-3.12.2/daemon/seahorse-passphrase.h
Examining data/libcryptui-3.12.2/daemon/seahorse-libdialogs.h
Examining data/libcryptui-3.12.2/daemon/seahorse-gtkstock.c
Examining data/libcryptui-3.12.2/daemon/seahorse-transfer-operation.c
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-uid.h
Examining data/libcryptui-3.12.2/daemon/seahorse-operation.c
Examining data/libcryptui-3.12.2/daemon/seahorse-daemon.c
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-module.c
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp.c
Examining data/libcryptui-3.12.2/daemon/seahorse-service-keyset-bindings.h
Examining data/libcryptui-3.12.2/daemon/seahorse-unix-signal.c
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-signature.c
Examining data/libcryptui-3.12.2/daemon/seahorse-unknown.c
Examining data/libcryptui-3.12.2/daemon/seahorse-util.h
Examining data/libcryptui-3.12.2/daemon/seahorse-dbus-server.c
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp-subkey.h
Examining data/libcryptui-3.12.2/daemon/seahorse-pgp.h
Examining data/libcryptui-3.12.2/daemon/seahorse-marshal.c
Examining data/libcryptui-3.12.2/daemon/seahorse-gpgme-data.c
Examining data/libcryptui-3.12.2/daemon/seahorse-daemon.h
Examining data/libcryptui-3.12.2/daemon/seahorse-secure-buffer.c
Examining data/libcryptui-3.12.2/daemon/seahorse-secure-memory.c
FINAL RESULTS:
data/libcryptui-3.12.2/daemon/seahorse-util.c:670:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ret, uri);
data/libcryptui-3.12.2/daemon/seahorse-util.c:690:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ret, ext);
data/libcryptui-3.12.2/daemon/seahorse-gpg-options.c:215:52: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gpg_homedir = g_strconcat (g_get_home_dir(), ++t, NULL);
data/libcryptui-3.12.2/daemon/seahorse-daemon.c:93:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open ("/dev/null", O_RDONLY, 0666);
data/libcryptui-3.12.2/daemon/seahorse-daemon.c:94:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open ("/dev/null", O_WRONLY, 0666);
data/libcryptui-3.12.2/daemon/seahorse-daemon.c:95:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open ("/dev/null", O_WRONLY, 0666);
data/libcryptui-3.12.2/daemon/seahorse-gpg-options.c:52:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, mode)) == -1) {
data/libcryptui-3.12.2/daemon/seahorse-secure-buffer.c:102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pv->text + at, chars, n_bytes);
data/libcryptui-3.12.2/daemon/seahorse-util.c:1537:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[3];
data/libcryptui-3.12.2/daemon/seahorse-util.c:1606:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(tokens[i]);
data/libcryptui-3.12.2/libegg/egg-datetime.c:46:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, tmp, sizeof (struct tm));
data/libcryptui-3.12.2/libegg/egg-datetime.c:61:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, tmp, sizeof (struct tm));
data/libcryptui-3.12.2/libegg/eggsmclient-xsmp.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_str[64];
data/libcryptui-3.12.2/libegg/eggsmclient-xsmp.c:317:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string_ret[256];
data/libcryptui-3.12.2/libegg/eggsmclient-xsmp.c:869:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (state_file_path, O_WRONLY | O_CREAT | O_EXCL, 0644);
data/libcryptui-3.12.2/daemon/seahorse-gpg-op.c:84:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gpgme_data_write (keydata, output, strlen (output)) == -1)
data/libcryptui-3.12.2/daemon/seahorse-gpg-options.c:59:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd, GPG_CONF_HEADER, strlen (GPG_CONF_HEADER)) == -1) {
data/libcryptui-3.12.2/daemon/seahorse-gpg-options.c:70:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
find_config_file (gboolean read, GError **err)
data/libcryptui-3.12.2/daemon/seahorse-gpg-options.c:104:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read)
data/libcryptui-3.12.2/daemon/seahorse-gpg-options.c:205:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t += strlen (HOME_PREFIX);
data/libcryptui-3.12.2/daemon/seahorse-gpg-options.c:359:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = line + strlen (*opt);
data/libcryptui-3.12.2/daemon/seahorse-gpg-options.c:425:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = n + strlen (options[i]);
data/libcryptui-3.12.2/daemon/seahorse-gpgme-data.c:390:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen ((gchar*)text);
data/libcryptui-3.12.2/daemon/seahorse-gpgme-generate.c:200:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail (strlen(name) >= 5);
data/libcryptui-3.12.2/daemon/seahorse-gpgme-generate.c:275:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_widget_set_sensitive (widget, name && strlen (g_strstrip (name)) >= 5);
data/libcryptui-3.12.2/daemon/seahorse-gpgme-key-op.c:98:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) < 5)
data/libcryptui-3.12.2/daemon/seahorse-gpgme-key-op.c:129:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (email != NULL && strlen (email) > 0)
data/libcryptui-3.12.2/daemon/seahorse-gpgme-key-op.c:131:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (comment != NULL && strlen (comment) > 0)
data/libcryptui-3.12.2/daemon/seahorse-gpgme-source.c:86:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (passphrase_info && strlen(passphrase_info) < 16) {
data/libcryptui-3.12.2/daemon/seahorse-notification.c:201:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = g_markup_parse_context_parse (ctx, outer, strlen (outer), &err);
data/libcryptui-3.12.2/daemon/seahorse-notification.c:511:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((ret = g_markup_parse_context_parse (ctx, osummary, strlen (osummary), &err)))
data/libcryptui-3.12.2/daemon/seahorse-notification.c:512:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = g_markup_parse_context_parse (ctx, obody, strlen (obody), &err);
data/libcryptui-3.12.2/daemon/seahorse-object.c:255:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/libcryptui-3.12.2/daemon/seahorse-pgp-key.c:388:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (keyid);
data/libcryptui-3.12.2/daemon/seahorse-pgp-key.c:421:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (keyid);
data/libcryptui-3.12.2/daemon/seahorse-pgp-key.c:600:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_match = strlen (match);
data/libcryptui-3.12.2/daemon/seahorse-pgp-key.c:605:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_keyid = strlen (keyid);
data/libcryptui-3.12.2/daemon/seahorse-pgp-subkey.c:383:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (raw);
data/libcryptui-3.12.2/daemon/seahorse-service-crypto.c:534:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flags, cleartext, strlen(cleartext),
data/libcryptui-3.12.2/daemon/seahorse-service-crypto.c:684:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gerr = gpgme_data_new_from_mem (&plain, cleartext, strlen (cleartext), FALSE);
data/libcryptui-3.12.2/daemon/seahorse-service-crypto.c:730:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crypttext, strlen(crypttext),
data/libcryptui-3.12.2/daemon/seahorse-service-crypto.c:866:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gerr = gpgme_data_new_from_mem (&cipher, crypttext, strlen (crypttext), FALSE);
data/libcryptui-3.12.2/daemon/seahorse-service.c:269:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input = g_memory_input_stream_new_from_data (data, strlen (data), NULL);
data/libcryptui-3.12.2/daemon/seahorse-unix-signal.c:64:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize read;
data/libcryptui-3.12.2/daemon/seahorse-unix-signal.c:68:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, &err)) == G_IO_STATUS_NORMAL) {
data/libcryptui-3.12.2/daemon/seahorse-unix-signal.c:71:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 1)
data/libcryptui-3.12.2/daemon/seahorse-util.c:334:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gsize read;
data/libcryptui-3.12.2/daemon/seahorse-util.c:338:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (g_input_stream_read_all (input, &ch, 1, &read, NULL, NULL) && read == 1) {
data/libcryptui-3.12.2/daemon/seahorse-util.c:347:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copied += strlen (start);
data/libcryptui-3.12.2/daemon/seahorse-util.c:354:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (g_input_stream_read_all (input, &ch, 1, &read, NULL, NULL) && read == 1) {
data/libcryptui-3.12.2/daemon/seahorse-util.c:434:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int r, l = strlen (s);
data/libcryptui-3.12.2/daemon/seahorse-util.c:535:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = uri + strlen (uri);
data/libcryptui-3.12.2/daemon/seahorse-util.c:616:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (prefix);
data/libcryptui-3.12.2/daemon/seahorse-util.c:668:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (uri);
data/libcryptui-3.12.2/daemon/seahorse-util.c:669:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = g_new0 (gchar, len + strlen(ext) + 16);
data/libcryptui-3.12.2/daemon/seahorse-util.c:687:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ret, ".");
data/libcryptui-3.12.2/daemon/seahorse-util.c:870:19: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t mask = umask (0077);
data/libcryptui-3.12.2/daemon/seahorse-util.c:872:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask);
data/libcryptui-3.12.2/daemon/seahorse-util.c:1187:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri = g_strndup (path, strlen (path) - 4);
data/libcryptui-3.12.2/daemon/seahorse-util.c:1503:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = e = b + strlen (b);
data/libcryptui-3.12.2/libegg/egg-datetime.c:1255:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen (_("AM"));
data/libcryptui-3.12.2/libegg/egg-datetime.c:1256:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (_("PM"));
data/libcryptui-3.12.2/libegg/egg-datetime.c:1257:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len3 = strlen (scp);
data/libcryptui-3.12.2/libegg/eggsmclient-xsmp.c:1147:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pv.length = strlen (value);
data/libcryptui-3.12.2/libegg/eggsmclient-xsmp.c:1180:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pv.length = strlen (values->pdata[i]);
data/libcryptui-3.12.2/libegg/eggsmclient-xsmp.c:1209:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop->vals[0].length = strlen (value);
ANALYSIS SUMMARY:
Hits = 66
Lines analyzed = 33414 in approximately 0.90 seconds (37306 lines/second)
Physical Source Lines of Code (SLOC) = 20168
Hits@level = [0] 7 [1] 51 [2] 12 [3] 1 [4] 2 [5] 0
Hits@level+ = [0+] 73 [1+] 66 [2+] 15 [3+] 3 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 3.6196 [1+] 3.27251 [2+] 0.743752 [3+] 0.14875 [4+] 0.099167 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.