Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libpam-tacplus-1.3.8/support.h
Examining data/libpam-tacplus-1.3.8/pam_tacplus.c
Examining data/libpam-tacplus-1.3.8/support.c
Examining data/libpam-tacplus-1.3.8/pam_tacplus.h
Examining data/libpam-tacplus-1.3.8/libtac/lib/author_s.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/messages.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/version.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/read_wait.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/xalloc.h
Examining data/libpam-tacplus-1.3.8/libtac/lib/md5.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/crypt.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/xalloc.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/author_r.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/magic.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/acct_r.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/hdr_check.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/authen_r.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/magic.h
Examining data/libpam-tacplus-1.3.8/libtac/lib/acct_s.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/messages.h
Examining data/libpam-tacplus-1.3.8/libtac/lib/connect.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/md5.h
Examining data/libpam-tacplus-1.3.8/libtac/lib/cont_s.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/header.c
Examining data/libpam-tacplus-1.3.8/libtac/lib/attrib.c
Examining data/libpam-tacplus-1.3.8/libtac/include/cdefs.h
Examining data/libpam-tacplus-1.3.8/libtac/include/libtac.h
Examining data/libpam-tacplus-1.3.8/libtac/include/tacplus.h
FINAL RESULTS:
data/libpam-tacplus-1.3.8/libtac/include/libtac.h:48:21: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
#define TACDEBUG(x) syslog x;
data/libpam-tacplus-1.3.8/libtac/include/libtac.h:54:22: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
#define TACSYSLOG(x) syslog x;
data/libpam-tacplus-1.3.8/libtac/lib/xalloc.c:76:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(dst, src);
data/libpam-tacplus-1.3.8/support.c:45:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, args);
data/libpam-tacplus-1.3.8/support.c:224:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(server_buf, *argv + 7);
data/libpam-tacplus-1.3.8/libtac/lib/magic.c:67:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/libpam-tacplus-1.3.8/libtac/lib/magic.c:83:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (u_int32_t)random();
data/libpam-tacplus-1.3.8/libtac/lib/magic.c:87:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (u_int32_t)random();
data/libpam-tacplus-1.3.8/libtac/include/libtac.h:117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tac_login[64];
data/libpam-tacplus-1.3.8/libtac/lib/acct_r.c:127:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((u_char *) tb+TAC_ACCT_REPLY_FIXED_FIELDS_SIZE, msg, tb->msg_len);
data/libpam-tacplus-1.3.8/libtac/lib/acct_s.c:123:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&tb, pkt, TAC_ACCT_REQ_FIXED_FIELDS_SIZE);
data/libpam-tacplus-1.3.8/libtac/lib/acct_s.c:136:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(data, pkt + pktl, len);
data/libpam-tacplus-1.3.8/libtac/lib/attrib.c:71:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(name, a->attr, l1); /* paste name */
data/libpam-tacplus-1.3.8/libtac/lib/attrib.c:74:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(value, (a->attr+l1+1), l2); /* paste value */
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[MD5_LEN];
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:70:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mdp[1], pass, strlen(pass));
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:71:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mdp + strlen(pass) + 1, chal, chal_len);
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:78:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&token[1], chal, chal_len);
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:79:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(token + chal_len + 1, digest, MD5_LEN);
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:134:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(user, pkt+pkt_len, user_len); /* user */
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:136:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(tty, pkt+pkt_len, port_len); /* tty */
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:138:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(r_addr, pkt+pkt_len, r_addr_len); /* rem addr */
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:141:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(token, pkt+pkt_len, token_len); /* password */
data/libpam-tacplus-1.3.8/libtac/lib/author_r.c:144:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((u_char *) tb+TAC_AUTHOR_REPLY_FIXED_FIELDS_SIZE
data/libpam-tacplus-1.3.8/libtac/lib/author_r.c:154:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((u_char *) tb + TAC_AUTHOR_REPLY_FIXED_FIELDS_SIZE
data/libpam-tacplus-1.3.8/libtac/lib/author_r.c:185:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/libpam-tacplus-1.3.8/libtac/lib/author_r.c:190:21: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(argp, buff, (int)*pktp);
data/libpam-tacplus-1.3.8/libtac/lib/author_s.c:109:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&tb, pkt, TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE);
data/libpam-tacplus-1.3.8/libtac/lib/author_s.c:122:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(data, pkt + pktl, len);
data/libpam-tacplus-1.3.8/libtac/lib/connect.c:179:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char server_address[INET6_ADDRSTRLEN+16];
data/libpam-tacplus-1.3.8/libtac/lib/connect.c:199:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(server_address, "Unknown AF");
data/libpam-tacplus-1.3.8/libtac/lib/cont_s.c:74:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&tb, pkt+pkt_len, TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE); /* packet body beginning */
data/libpam-tacplus-1.3.8/libtac/lib/cont_s.c:76:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(pass, pkt+pkt_len, pass_len); /* password */
data/libpam-tacplus-1.3.8/libtac/lib/crypt.c:50:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&hdr->session_id, buf, sizeof(session_id));
data/libpam-tacplus-1.3.8/libtac/lib/crypt.c:52:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(tac_secret, buf+bp, strlen(tac_secret));
data/libpam-tacplus-1.3.8/libtac/lib/crypt.c:61:13: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(pad+((i-1)*MD5_LEN), buf+bp, MD5_LEN);
data/libpam-tacplus-1.3.8/libtac/lib/header.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tac_login[64]; /* default is PAP */
data/libpam-tacplus-1.3.8/libtac/lib/magic.c:60:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rfd = open("/dev/urandom", O_RDONLY);
data/libpam-tacplus-1.3.8/libtac/lib/md5.c:27:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/libpam-tacplus-1.3.8/libtac/lib/md5.c:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, mdContext->digest, 16);
data/libpam-tacplus-1.3.8/libtac/lib/md5.h:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[64]; /* input buffer */
data/libpam-tacplus-1.3.8/libtac/lib/md5.h:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16]; /* actual digest after MD5Final call */
data/libpam-tacplus-1.3.8/pam_tacplus.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/libpam-tacplus-1.3.8/pam_tacplus.c:61:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu", (unsigned long)time(NULL));
data/libpam-tacplus-1.3.8/pam_tacplus.c:68:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%hu", task_id);
data/libpam-tacplus-1.3.8/pam_tacplus.c:516:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribute[attr->attr_len];
data/libpam-tacplus-1.3.8/pam_tacplus.c:517:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[attr->attr_len];
data/libpam-tacplus-1.3.8/pam_tacplus.c:524:13: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(attr->attr, attribute, attr->attr_len-strlen(sep));
data/libpam-tacplus-1.3.8/pam_tacplus.c:526:13: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(sep, value, strlen(sep));
data/libpam-tacplus-1.3.8/support.c:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tac_service[64];
data/libpam-tacplus-1.3.8/support.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tac_protocol[64];
data/libpam-tacplus-1.3.8/support.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tac_prompt[64];
data/libpam-tacplus-1.3.8/support.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/libpam-tacplus-1.3.8/support.c:214:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *port, server_buf[256];
data/libpam-tacplus-1.3.8/support.c:260:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tac_timeout = atoi(*argv + 8);
data/libpam-tacplus-1.3.8/support.h:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tac_service[64];
data/libpam-tacplus-1.3.8/support.h:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tac_protocol[64];
data/libpam-tacplus-1.3.8/support.h:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tac_prompt[64];
data/libpam-tacplus-1.3.8/libtac/lib/acct_r.c:54:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r=read(fd, &th, TAC_PLUS_HDR_SIZE);
data/libpam-tacplus-1.3.8/libtac/lib/acct_r.c:90:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r=read(fd, tb, len_from_header);
data/libpam-tacplus-1.3.8/libtac/lib/acct_s.c:74:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_len=(u_char) strlen(user);
data/libpam-tacplus-1.3.8/libtac/lib/acct_s.c:75:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
port_len=(u_char) strlen(tty);
data/libpam-tacplus-1.3.8/libtac/lib/acct_s.c:76:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r_addr_len=(u_char) strlen(r_addr);
data/libpam-tacplus-1.3.8/libtac/lib/attrib.c:32:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_char l1 = (u_char) strlen(name);
data/libpam-tacplus-1.3.8/libtac/lib/attrib.c:39:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = (u_char) strlen(value);
data/libpam-tacplus-1.3.8/libtac/lib/authen_r.c:54:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, &th, TAC_PLUS_HDR_SIZE);
data/libpam-tacplus-1.3.8/libtac/lib/authen_r.c:83:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, tb, len_from_header);
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:66:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chal_len = strlen(chal);
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:67:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mdp_len = sizeof(u_char) + strlen(pass) + chal_len;
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:70:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&mdp[1], pass, strlen(pass));
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:71:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(mdp + strlen(pass) + 1, chal, chal_len);
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:85:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_len = strlen(user);
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:86:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
port_len = strlen(tty);
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:87:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r_addr_len = strlen(r_addr);
data/libpam-tacplus-1.3.8/libtac/lib/authen_s.c:88:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token_len = strlen(token);
data/libpam-tacplus-1.3.8/libtac/lib/author_r.c:62:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, &th, TAC_PLUS_HDR_SIZE);
data/libpam-tacplus-1.3.8/libtac/lib/author_r.c:97:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, tb, len_from_header);
data/libpam-tacplus-1.3.8/libtac/lib/author_s.c:60:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_len = (u_char) strlen(user);
data/libpam-tacplus-1.3.8/libtac/lib/author_s.c:61:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
port_len = (u_char) strlen(tty);
data/libpam-tacplus-1.3.8/libtac/lib/author_s.c:62:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r_addr_len = (u_char) strlen(r_addr);
data/libpam-tacplus-1.3.8/libtac/lib/connect.c:186:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(server_address + strlen(server_address), 14, ":%hu",
data/libpam-tacplus-1.3.8/libtac/lib/connect.c:194:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(server_address + strlen(server_address), 14, ":%hu",
data/libpam-tacplus-1.3.8/libtac/lib/cont_s.c:50:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass_len = strlen(pass);
data/libpam-tacplus-1.3.8/libtac/lib/crypt.c:39:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize = sizeof(hdr->session_id) + strlen(tac_secret) + sizeof(hdr->version)
data/libpam-tacplus-1.3.8/libtac/lib/crypt.c:52:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bcopy(tac_secret, buf+bp, strlen(tac_secret));
data/libpam-tacplus-1.3.8/libtac/lib/crypt.c:53:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(tac_secret);
data/libpam-tacplus-1.3.8/libtac/lib/magic.c:81:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(rfd, &ret, sizeof(ret)) < sizeof(ret)) {
data/libpam-tacplus-1.3.8/libtac/lib/xalloc.c:71:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) >= dst_size) {
data/libpam-tacplus-1.3.8/pam_tacplus.c:376:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bzero (pass, strlen (pass));
data/libpam-tacplus-1.3.8/pam_tacplus.c:524:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bcopy(attr->attr, attribute, attr->attr_len-strlen(sep));
data/libpam-tacplus-1.3.8/pam_tacplus.c:525:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribute[attr->attr_len-strlen(sep)] = '\0';
data/libpam-tacplus-1.3.8/pam_tacplus.c:526:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bcopy(sep, value, strlen(sep));
data/libpam-tacplus-1.3.8/pam_tacplus.c:527:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value[strlen(sep)] = '\0';
data/libpam-tacplus-1.3.8/pam_tacplus.c:540:34: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
if (pam_putenv(pamh, strncat(attribute, value, strlen(value))) != PAM_SUCCESS)
data/libpam-tacplus-1.3.8/pam_tacplus.c:540:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pam_putenv(pamh, strncat(attribute, value, strlen(value))) != PAM_SUCCESS)
data/libpam-tacplus-1.3.8/support.c:201:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (chr = 0; chr < strlen(tac_prompt); chr++) {
data/libpam-tacplus-1.3.8/support.c:220:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*argv + 7) >= sizeof(server_buf)) {
ANALYSIS SUMMARY:
Hits = 97
Lines analyzed = 3902 in approximately 0.19 seconds (20417 lines/second)
Physical Source Lines of Code (SLOC) = 2325
Hits@level = [0] 36 [1] 39 [2] 50 [3] 3 [4] 5 [5] 0
Hits@level+ = [0+] 133 [1+] 97 [2+] 58 [3+] 8 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 57.2043 [1+] 41.7204 [2+] 24.9462 [3+] 3.44086 [4+] 2.15054 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.