Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libmacaroons-0.3.0/base64.c
Examining data/libmacaroons-0.3.0/base64.h
Examining data/libmacaroons-0.3.0/bindings/go/macaroons/wrapper.c
Examining data/libmacaroons-0.3.0/bindings/go/macaroons/wrapper.h
Examining data/libmacaroons-0.3.0/constants.h
Examining data/libmacaroons-0.3.0/custom-config.h
Examining data/libmacaroons-0.3.0/macaroons.h
Examining data/libmacaroons-0.3.0/packet.c
Examining data/libmacaroons-0.3.0/packet.h
Examining data/libmacaroons-0.3.0/port.h
Examining data/libmacaroons-0.3.0/port.c
Examining data/libmacaroons-0.3.0/macaroons.c
FINAL RESULTS:
data/libmacaroons-0.3.0/base64.c:132:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[3];
data/libmacaroons-0.3.0/base64.c:133:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[4];
data/libmacaroons-0.3.0/macaroons.c:162:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:199:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char genkey[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:211:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char derived_key[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:254:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:318:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[2 * MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:345:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char new_sig[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:347:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_nonce[MACAROON_SECRET_NONCE_BYTES];
data/libmacaroons-0.3.0/macaroons.c:348:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_plaintext[MACAROON_SECRET_TEXT_ZERO_BYTES + MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:349:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_ciphertext[MACAROON_SECRET_BOX_ZERO_BYTES + MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:350:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vid[VID_NONCE_KEY_SZ];
data/libmacaroons-0.3.0/macaroons.c:446:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char derived_key[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:462:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:528:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:731:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_key[MACAROON_SECRET_KEY_BYTES];
data/libmacaroons-0.3.0/macaroons.c:733:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_plaintext[MACAROON_SECRET_TEXT_ZERO_BYTES + MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:734:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_ciphertext[MACAROON_SECRET_BOX_ZERO_BYTES + MACAROON_HASH_BYTES + SECRET_BOX_OVERHEAD];
data/libmacaroons-0.3.0/macaroons.c:735:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vid_data[VID_NONCE_KEY_SZ];
data/libmacaroons-0.3.0/macaroons.c:820:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:821:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char csig[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:929:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char derived_key[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/macaroons.c:1427:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[MACAROON_HASH_BYTES];
data/libmacaroons-0.3.0/packet.c:136:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prefix[PACKET_PREFIX];
data/libmacaroons-0.3.0/port.c:99:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[crypto_auth_hmacsha256_KEYBYTES];
data/libmacaroons-0.3.0/macaroons.c:1298:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ser_sz = strlen(ser);
data/libmacaroons-0.3.0/macaroons.c:1574:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t _data_sz = strlen(_data);
ANALYSIS SUMMARY:
Hits = 27
Lines analyzed = 3420 in approximately 0.10 seconds (32689 lines/second)
Physical Source Lines of Code (SLOC) = 2411
Hits@level = [0] 0 [1] 2 [2] 25 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 27 [1+] 27 [2+] 25 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 11.1987 [1+] 11.1987 [2+] 10.3691 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.