Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libpwquality-1.4.2/src/pwquality.h
Examining data/libpwquality-1.4.2/src/pwqprivate.h
Examining data/libpwquality-1.4.2/src/generate.c
Examining data/libpwquality-1.4.2/src/check.c
Examining data/libpwquality-1.4.2/src/settings.c
Examining data/libpwquality-1.4.2/src/error.c
Examining data/libpwquality-1.4.2/src/pam_pwquality.c
Examining data/libpwquality-1.4.2/src/pwmake.c
Examining data/libpwquality-1.4.2/src/pwscore.c
Examining data/libpwquality-1.4.2/python/pwquality.c
FINAL RESULTS:
data/libpwquality-1.4.2/src/check.c:525:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (wrapped, oldmono);
data/libpwquality-1.4.2/src/check.c:526:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (wrapped, oldmono);
data/libpwquality-1.4.2/python/pwquality.c:196:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
data/libpwquality-1.4.2/src/check.c:598:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char freq[256];
data/libpwquality-1.4.2/src/check.c:609:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, password, len);
data/libpwquality-1.4.2/src/error.c:21:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char intbuf[PWQ_MAX_ERROR_MESSAGE_LEN];
data/libpwquality-1.4.2/src/generate.c:51:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(PATH_DEV_URANDOM, O_RDONLY);
data/libpwquality-1.4.2/src/generate.c:103:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entropy[(PWQ_MAX_ENTROPY_BITS+PWQ_MAX_ENTROPY_BITS/9)/8 + 2];
data/libpwquality-1.4.2/src/pam_pwquality.c:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
data/libpwquality-1.4.2/src/pam_pwquality.c:102:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libpwquality-1.4.2/src/pam_pwquality.c:107:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(PATH_PASSWD, "r");
data/libpwquality-1.4.2/src/pam_pwquality.c:226:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
data/libpwquality-1.4.2/src/pwmake.c:47:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bits = atoi(argv[1]);
data/libpwquality-1.4.2/src/pwscore.c:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libpwquality-1.4.2/src/settings.c:120:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[PWQSETTINGS_MAX_LINELEN+1];
data/libpwquality-1.4.2/src/settings.c:123:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(cfgfile, "r");
data/libpwquality-1.4.2/src/settings.c:283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80]; /* no options with name longer than that */
data/libpwquality-1.4.2/src/check.c:35:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (new);
data/libpwquality-1.4.2/src/check.c:56:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((i == 0) || (strlen(old) < i)) {
data/libpwquality-1.4.2/src/check.c:62:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((j == 0) || (strlen(new) < j)) {
data/libpwquality-1.4.2/src/check.c:97:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen(old);
data/libpwquality-1.4.2/src/check.c:98:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(new);
data/libpwquality-1.4.2/src/check.c:150:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new) >= (strlen(old) * 2)) {
data/libpwquality-1.4.2/src/check.c:150:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new) >= (strlen(old) * 2)) {
data/libpwquality-1.4.2/src/check.c:375:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dist, userlen = strlen(user);
data/libpwquality-1.4.2/src/check.c:446:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) >= PWQ_MIN_WORD_LENGTH) {
data/libpwquality-1.4.2/src/check.c:523:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrapped = malloc(strlen(oldmono) * 2 + 1);
data/libpwquality-1.4.2/src/check.c:571:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(newmono, 0, strlen(newmono));
data/libpwquality-1.4.2/src/check.c:578:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(oldmono, 0, strlen(oldmono));
data/libpwquality-1.4.2/src/check.c:583:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(wrapped, 0, strlen(wrapped));
data/libpwquality-1.4.2/src/check.c:601:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(password);
data/libpwquality-1.4.2/src/generate.c:56:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rv = read(fd, buf + offset, bytes);
data/libpwquality-1.4.2/src/pwscore.c:52:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fgets(buf, sizeof(buf), stdin) == NULL || (len = strlen(buf)) == 0) {
data/libpwquality-1.4.2/src/settings.c:137:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(linebuf);
data/libpwquality-1.4.2/src/settings.c:289:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(option);
data/libpwquality-1.4.2/src/settings.c:298:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, option, len);
ANALYSIS SUMMARY:
Hits = 36
Lines analyzed = 3010 in approximately 0.12 seconds (25291 lines/second)
Physical Source Lines of Code (SLOC) = 2083
Hits@level = [0] 27 [1] 19 [2] 15 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 63 [1+] 36 [2+] 17 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 30.2448 [1+] 17.2828 [2+] 8.16131 [3+] 0.960154 [4+] 0.960154 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.