Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libjwt-1.10.2/include/jwt.h
Examining data/libjwt-1.10.2/libjwt/jwt-openssl.c
Examining data/libjwt-1.10.2/libjwt/jwt-gnutls.c
Examining data/libjwt-1.10.2/libjwt/jwt.c
Examining data/libjwt-1.10.2/libjwt/jwt-private.h
Examining data/libjwt-1.10.2/tests/jwt_dump.c
Examining data/libjwt-1.10.2/tests/jwt_ec.c
Examining data/libjwt-1.10.2/tests/jwt_encode.c
Examining data/libjwt-1.10.2/tests/jwt_grant.c
Examining data/libjwt-1.10.2/tests/jwt_header.c
Examining data/libjwt-1.10.2/tests/jwt_new.c
Examining data/libjwt-1.10.2/tests/jwt_rsa.c
FINAL RESULTS:
data/libjwt-1.10.2/libjwt/jwt.c:871:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new, str);
data/libjwt-1.10.2/libjwt/jwt.c:1036:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, head);
data/libjwt-1.10.2/libjwt/jwt.c:1038:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, body);
data/libjwt-1.10.2/libjwt/jwt-gnutls.c:194:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*out, sig_dat.data, sig_dat.size);
data/libjwt-1.10.2/libjwt/jwt-gnutls.c:233:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*out + r_out_padding, r.data + r_padding, r.size - r_padding);
data/libjwt-1.10.2/libjwt/jwt-gnutls.c:234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*out + (r.size - r_padding + r_out_padding) + s_out_padding,
data/libjwt-1.10.2/libjwt/jwt-openssl.c:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[EVP_MAX_MD_SIZE];
data/libjwt-1.10.2/libjwt/jwt-openssl.c:247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*out, sig, slen);
data/libjwt-1.10.2/libjwt/jwt-openssl.c:290:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*out, raw_buf, buf_len);
data/libjwt-1.10.2/libjwt/jwt.c:149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jwt->key, key, len);
data/libjwt-1.10.2/libjwt/jwt.c:231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->key, jwt->key, jwt->key_len);
data/libjwt-1.10.2/libjwt/jwt.c:545:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->key, key, key_len);
data/libjwt-1.10.2/tests/jwt_dump.c:35:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen("/dev/null", "w");
data/libjwt-1.10.2/tests/jwt_ec.c:33:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[16384];
data/libjwt-1.10.2/tests/jwt_ec.c:63:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(key_file, "r");
data/libjwt-1.10.2/tests/jwt_ec.c:70:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(key_path, "r");
data/libjwt-1.10.2/tests/jwt_encode.c:49:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen("/dev/null", "w");
data/libjwt-1.10.2/tests/jwt_encode.c:134:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key256[32] = "012345678901234567890123456789XY";
data/libjwt-1.10.2/tests/jwt_encode.c:173:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key384[48] = "aaaabbbbccccddddeeeeffffgggghhhh"
data/libjwt-1.10.2/tests/jwt_encode.c:214:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key512[64] = "012345678901234567890123456789XY"
data/libjwt-1.10.2/tests/jwt_encode.c:253:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key512[64] = "012345678901234567890123456789XY"
data/libjwt-1.10.2/tests/jwt_encode.c:292:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key512[64] = "012345678901234567890123456789XY"
data/libjwt-1.10.2/tests/jwt_new.c:70:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key256[32] = "012345678901234567890123456789XY";
data/libjwt-1.10.2/tests/jwt_new.c:219:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key256[32] = "012345678901234567890123456789XY";
data/libjwt-1.10.2/tests/jwt_new.c:283:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key384[48] = "aaaabbbbccccddddeeeeffffg"
data/libjwt-1.10.2/tests/jwt_new.c:302:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key512[64] = "012345678901234567890123456789XY"
data/libjwt-1.10.2/tests/jwt_rsa.c:33:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char key[16384];
data/libjwt-1.10.2/tests/jwt_rsa.c:89:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(key_file, "r");
data/libjwt-1.10.2/tests/jwt_rsa.c:96:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(key_path, "r");
data/libjwt-1.10.2/libjwt/jwt-gnutls.c:73:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gnutls_hmac_fast(alg, jwt->key, jwt->key_len, str, strlen(str), *out)) {
data/libjwt-1.10.2/libjwt/jwt-gnutls.c:117:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(str)
data/libjwt-1.10.2/libjwt/jwt-gnutls.c:269:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(head)
data/libjwt-1.10.2/libjwt/jwt-openssl.c:78:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const unsigned char *)str, strlen(str), (unsigned char *)*out,
data/libjwt-1.10.2/libjwt/jwt-openssl.c:121:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const unsigned char *)head, strlen(head), res, &res_len);
data/libjwt-1.10.2/libjwt/jwt-openssl.c:226:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (EVP_DigestSignUpdate(mdctx, str, strlen(str)) != 1)
data/libjwt-1.10.2/libjwt/jwt-openssl.c:428:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (EVP_DigestVerifyUpdate(mdctx, head, strlen(head)) != 1)
data/libjwt-1.10.2/libjwt/jwt.c:51:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_count = base64_decode_block(coded_src, strlen(coded_src), plain_dst, &_state);
data/libjwt-1.10.2/libjwt/jwt.c:303:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/libjwt-1.10.2/libjwt/jwt.c:359:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/libjwt-1.10.2/libjwt/jwt.c:579:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !grant || !strlen(grant)) {
data/libjwt-1.10.2/libjwt/jwt.c:591:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !grant || !strlen(grant)) {
data/libjwt-1.10.2/libjwt/jwt.c:603:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !grant || !strlen(grant)) {
data/libjwt-1.10.2/libjwt/jwt.c:622:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (grant && strlen(grant))
data/libjwt-1.10.2/libjwt/jwt.c:637:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !grant || !strlen(grant) || !val)
data/libjwt-1.10.2/libjwt/jwt.c:651:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !grant || !strlen(grant))
data/libjwt-1.10.2/libjwt/jwt.c:665:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !grant || !strlen(grant))
data/libjwt-1.10.2/libjwt/jwt.c:700:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (grant == NULL || !strlen(grant))
data/libjwt-1.10.2/libjwt/jwt.c:729:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !header || !strlen(header)) {
data/libjwt-1.10.2/libjwt/jwt.c:741:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !header || !strlen(header)) {
data/libjwt-1.10.2/libjwt/jwt.c:753:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !header || !strlen(header)) {
data/libjwt-1.10.2/libjwt/jwt.c:772:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (header && strlen(header))
data/libjwt-1.10.2/libjwt/jwt.c:787:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !header || !strlen(header) || !val)
data/libjwt-1.10.2/libjwt/jwt.c:801:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !header || !strlen(header))
data/libjwt-1.10.2/libjwt/jwt.c:815:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!jwt || !header || !strlen(header))
data/libjwt-1.10.2/libjwt/jwt.c:850:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (header == NULL || !strlen(header))
data/libjwt-1.10.2/libjwt/jwt.c:863:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new = calloc(1, strlen(str) + 1);
data/libjwt-1.10.2/libjwt/jwt.c:865:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new = realloc(*buf, strlen(*buf) + strlen(str) + 1);
data/libjwt-1.10.2/libjwt/jwt.c:865:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new = realloc(*buf, strlen(*buf) + strlen(str) + 1);
data/libjwt-1.10.2/libjwt/jwt.c:999:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
head = alloca(strlen(buf) * 2);
data/libjwt-1.10.2/libjwt/jwt.c:1004:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jwt_Base64encode(head, buf, strlen(buf));
data/libjwt-1.10.2/libjwt/jwt.c:1005:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
head_len = strlen(head);
data/libjwt-1.10.2/libjwt/jwt.c:1018:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body = alloca(strlen(buf) * 2);
data/libjwt-1.10.2/libjwt/jwt.c:1023:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jwt_Base64encode(body, buf, strlen(buf));
data/libjwt-1.10.2/libjwt/jwt.c:1024:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body_len = strlen(body);
data/libjwt-1.10.2/libjwt/jwt.c:1037:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ".");
data/libjwt-1.10.2/tests/jwt_dump.c:110:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(key));
data/libjwt-1.10.2/tests/jwt_new.c:268:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = jwt_decode(&jwt, token, (const unsigned char *)key256, strlen(key256));
ANALYSIS SUMMARY:
Hits = 67
Lines analyzed = 4721 in approximately 0.19 seconds (25429 lines/second)
Physical Source Lines of Code (SLOC) = 3112
Hits@level = [0] 2 [1] 38 [2] 26 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 69 [1+] 67 [2+] 29 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 22.1722 [1+] 21.5296 [2+] 9.31877 [3+] 0.96401 [4+] 0.96401 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.