Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libnss-docker-0.02/src/libnss_docker.c
Examining data/libnss-docker-0.02/test/src/test-docker-api-client.c
Examining data/libnss-docker-0.02/test/src/test-docker-api-server.c
FINAL RESULTS:
data/libnss-docker-0.02/src/libnss_docker.c:172:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(docker_api_addr.sun_path, DOCKER_SOCKET);
data/libnss-docker-0.02/src/libnss_docker.c:186:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
req_message_len = snprintf(req_message_buffer, sizeof(req_message_buffer) - 1, DOCKER_API_REQUEST, hostname);
data/libnss-docker-0.02/src/libnss_docker.c:272:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result->h_name, name);
data/libnss-docker-0.02/test/src/test-docker-api-client.c:28:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(serv_addr.sun_path, argv[1]);
data/libnss-docker-0.02/test/src/test-docker-api-client.c:42:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buffer, 10240, DOCKER_API_REQUEST, argv[2], argv[3]);
data/libnss-docker-0.02/test/src/test-docker-api-server.c:40:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(serv_addr.sun_path, argv[2]);
data/libnss-docker-0.02/test/src/test-docker-api-server.c:82:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer, DOCKER_RESPONSE_NOTFOUND, "CONTAINER");
data/libnss-docker-0.02/test/src/test-docker-api-server.c:84:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer, DOCKER_RESPONSE_NOTFOUND, begin_container);
data/libnss-docker-0.02/test/src/test-docker-api-server.c:86:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer, DOCKER_RESPONSE_SUCCESS, argv[4], argv[3]);
data/libnss-docker-0.02/src/libnss_docker.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256];
data/libnss-docker-0.02/src/libnss_docker.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req_message_buffer[sizeof(DOCKER_API_REQUEST) + HOST_NAME_MAX];
data/libnss-docker-0.02/src/libnss_docker.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res_message_buffer[10240];
data/libnss-docker-0.02/src/libnss_docker.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddress_str[16];
data/libnss-docker-0.02/src/libnss_docker.c:286:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr_ptr, &ipaddress_addr, result->h_length);
data/libnss-docker-0.02/src/libnss_docker.c:291:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char **) addr_list)[0] = addr_ptr;
data/libnss-docker-0.02/src/libnss_docker.c:292:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char **) addr_list)[1] = NULL;
data/libnss-docker-0.02/test/src/test-docker-api-client.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10240];
data/libnss-docker-0.02/test/src/test-docker-api-server.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10240];
data/libnss-docker-0.02/test/src/test-docker-api-server.c:31:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
how_many = atoi(argv[1]);
data/libnss-docker-0.02/src/libnss_docker.c:56:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
data/libnss-docker-0.02/src/libnss_docker.c:142:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/libnss-docker-0.02/src/libnss_docker.c:153:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hostname, name, sizeof(hostname));
data/libnss-docker-0.02/src/libnss_docker.c:193:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(sockfd, req_message_buffer, strlen(req_message_buffer)) < 0) {
data/libnss-docker-0.02/src/libnss_docker.c:200:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res_message_len = read(sockfd, res_message_buffer, sizeof(res_message_buffer) - 1);
data/libnss-docker-0.02/src/libnss_docker.c:251:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ipaddress_str, begin_ipaddress, ipaddress_len);
data/libnss-docker-0.02/src/libnss_docker.c:265:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = ALIGN(strlen(name) + 1) + sizeof(char*) + ALIGN(sizeof(struct in_addr));
data/libnss-docker-0.02/src/libnss_docker.c:274:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_offset = ALIGN(strlen(name) + 1);
data/libnss-docker-0.02/test/src/test-docker-api-client.c:10:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
data/libnss-docker-0.02/test/src/test-docker-api-client.c:43:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(sockfd, buffer, strlen(buffer)) < 0) {
data/libnss-docker-0.02/test/src/test-docker-api-client.c:48:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sockfd, buffer, 10240);
data/libnss-docker-0.02/test/src/test-docker-api-server.c:10:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
data/libnss-docker-0.02/test/src/test-docker-api-server.c:63:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(newsockfd, buffer, 10240);
data/libnss-docker-0.02/test/src/test-docker-api-server.c:89:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(newsockfd, buffer, strlen(buffer)) < 0) {
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 489 in approximately 0.05 seconds (10141 lines/second)
Physical Source Lines of Code (SLOC) = 320
Hits@level = [0] 4 [1] 14 [2] 10 [3] 0 [4] 9 [5] 0
Hits@level+ = [0+] 37 [1+] 33 [2+] 19 [3+] 9 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 115.625 [1+] 103.125 [2+] 59.375 [3+] 28.125 [4+] 28.125 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.