Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libpam-pwdfile-1.0/bigcrypt.c
Examining data/libpam-pwdfile-1.0/bigcrypt.h
Examining data/libpam-pwdfile-1.0/md5.c
Examining data/libpam-pwdfile-1.0/md5.h
Examining data/libpam-pwdfile-1.0/md5_crypt.c
Examining data/libpam-pwdfile-1.0/pam_pwdfile.c
FINAL RESULTS:
data/libpam-pwdfile-1.0/bigcrypt.c:62:18: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
strncpy(outptr, crypt(key, salt), SALT_SIZE + ESEGMENT_SIZE);
data/libpam-pwdfile-1.0/bigcrypt.c:70:19: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
strncpy(outptr, crypt(key, salt) + SALT_SIZE, ESEGMENT_SIZE);
data/libpam-pwdfile-1.0/md5_crypt.c:90:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(passwd, magic);
data/libpam-pwdfile-1.0/pam_pwdfile.c:204:30: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (!(crypted_password = crypt_r(password, stored_crypted_password, &crypt_buf)))
data/libpam-pwdfile-1.0/pam_pwdfile.c:206:30: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (!(crypted_password = crypt(password, stored_crypted_password)))
data/libpam-pwdfile-1.0/bigcrypt.c:45:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outbuf[MAX_SEGMENTS * ESEGMENT_SIZE + SALT_SIZE + 1]; /* static storage area */
data/libpam-pwdfile-1.0/md5.c:71:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, len);
data/libpam-pwdfile-1.0/md5.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, t);
data/libpam-pwdfile-1.0/md5.c:83:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/libpam-pwdfile-1.0/md5.c:92:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/libpam-pwdfile-1.0/md5.c:99:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)
data/libpam-pwdfile-1.0/md5.c:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in + 56, ctx->bits, 8);
data/libpam-pwdfile-1.0/md5.c:135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, ctx->buf, 16);
data/libpam-pwdfile-1.0/md5.h:10:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[64];
data/libpam-pwdfile-1.0/md5.h:15:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void GoodMD5Final(unsigned char digest[16], struct MD5Context *);
data/libpam-pwdfile-1.0/md5.h:19:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void BrokenMD5Final(unsigned char digest[16], struct MD5Context *);
data/libpam-pwdfile-1.0/md5_crypt.c:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char passwd[120], *p;
data/libpam-pwdfile-1.0/md5_crypt.c:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char final[16];
data/libpam-pwdfile-1.0/pam_pwdfile.c:148:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(pwdfile = fopen(pwdfilename, "r"))) {
data/libpam-pwdfile-1.0/bigcrypt.c:53:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(salt) == (SALT_SIZE + ESEGMENT_SIZE)) /* conventional crypt */
data/libpam-pwdfile-1.0/bigcrypt.c:62:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outptr, crypt(key, salt), SALT_SIZE + ESEGMENT_SIZE);
data/libpam-pwdfile-1.0/bigcrypt.c:70:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outptr, crypt(key, salt) + SALT_SIZE, ESEGMENT_SIZE);
data/libpam-pwdfile-1.0/md5_crypt.c:49:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(sp, magic, strlen(magic)))
data/libpam-pwdfile-1.0/md5_crypt.c:50:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen(magic);
data/libpam-pwdfile-1.0/md5_crypt.c:62:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Name(MD5Update)(&ctx,(unsigned const char *)pw,strlen(pw));
data/libpam-pwdfile-1.0/md5_crypt.c:65:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Name(MD5Update)(&ctx,(unsigned const char *)magic,strlen(magic));
data/libpam-pwdfile-1.0/md5_crypt.c:72:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
data/libpam-pwdfile-1.0/md5_crypt.c:74:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
data/libpam-pwdfile-1.0/md5_crypt.c:76:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (pl = strlen(pw); pl > 0; pl -= 16)
data/libpam-pwdfile-1.0/md5_crypt.c:83:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0, i = strlen(pw); i; i >>= 1)
data/libpam-pwdfile-1.0/md5_crypt.c:91:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(passwd, sp, sl);
data/libpam-pwdfile-1.0/md5_crypt.c:92:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(passwd, "$");
data/libpam-pwdfile-1.0/md5_crypt.c:104:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
data/libpam-pwdfile-1.0/md5_crypt.c:112:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
data/libpam-pwdfile-1.0/md5_crypt.c:117:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw));
data/libpam-pwdfile-1.0/md5_crypt.c:121:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = passwd + strlen(passwd);
data/libpam-pwdfile-1.0/pam_pwdfile.c:116:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp(argv[i], "pwdfile=", strlen("pwdfile=")))
data/libpam-pwdfile-1.0/pam_pwdfile.c:117:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwdfilename = argv[i] + strlen("pwdfile=");
data/libpam-pwdfile-1.0/pam_pwdfile.c:183:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stored_crypted_password && !strlen(stored_crypted_password)) {
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 741 in approximately 0.06 seconds (12885 lines/second)
Physical Source Lines of Code (SLOC) = 463
Hits@level = [0] 0 [1] 20 [2] 14 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 39 [1+] 39 [2+] 19 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 84.2333 [1+] 84.2333 [2+] 41.0367 [3+] 10.7991 [4+] 10.7991 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.