Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/loudmouth-1.5.3/loudmouth/lm-data-objects.h Examining data/loudmouth-1.5.3/loudmouth/lm-message.h Examining data/loudmouth-1.5.3/loudmouth/lm-sha.c Examining data/loudmouth-1.5.3/loudmouth/lm-debug.h Examining data/loudmouth-1.5.3/loudmouth/lm-feature-ping.c Examining data/loudmouth-1.5.3/loudmouth/test-dns.c Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-base.c Examining data/loudmouth-1.5.3/loudmouth/lm-message-queue.h Examining data/loudmouth-1.5.3/loudmouth/lm-internals.h Examining data/loudmouth-1.5.3/loudmouth/lm-sasl.c Examining data/loudmouth-1.5.3/loudmouth/lm-debug.c Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-gnutls.c Examining data/loudmouth-1.5.3/loudmouth/lm-idummy.c Examining data/loudmouth-1.5.3/loudmouth/lm-utils.h Examining data/loudmouth-1.5.3/loudmouth/lm-error.h Examining data/loudmouth-1.5.3/loudmouth/lm-dummy.h Examining data/loudmouth-1.5.3/loudmouth/lm-proxy.h Examining data/loudmouth-1.5.3/loudmouth/lm-utils.c Examining data/loudmouth-1.5.3/loudmouth/lm-connection.h Examining data/loudmouth-1.5.3/loudmouth/lm-data-objects.c Examining data/loudmouth-1.5.3/loudmouth/lm-socket.c Examining data/loudmouth-1.5.3/loudmouth/lm-asyncns-resolver.c Examining data/loudmouth-1.5.3/loudmouth/lm-sock.h Examining data/loudmouth-1.5.3/loudmouth/md5.h Examining data/loudmouth-1.5.3/loudmouth/lm-message.c Examining data/loudmouth-1.5.3/loudmouth/lm-connection.c Examining data/loudmouth-1.5.3/loudmouth/lm-simple-io.h Examining data/loudmouth-1.5.3/loudmouth/lm-sock.c Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-internals.h Examining data/loudmouth-1.5.3/loudmouth/lm-proxy.c Examining data/loudmouth-1.5.3/loudmouth/lm-message-node.h Examining data/loudmouth-1.5.3/loudmouth/lm-message-queue.c Examining data/loudmouth-1.5.3/loudmouth/lm-ssl.h Examining data/loudmouth-1.5.3/loudmouth/lm-feature-ping.h Examining data/loudmouth-1.5.3/loudmouth/lm-misc.c Examining data/loudmouth-1.5.3/loudmouth/lm-misc.h Examining data/loudmouth-1.5.3/loudmouth/lm-message-handler.c Examining data/loudmouth-1.5.3/loudmouth/lm-resolver.h Examining data/loudmouth-1.5.3/loudmouth/lm-error.c Examining data/loudmouth-1.5.3/loudmouth/lm-sha.h Examining data/loudmouth-1.5.3/loudmouth/lm-socket.h Examining data/loudmouth-1.5.3/loudmouth/loudmouth.h Examining data/loudmouth-1.5.3/loudmouth/lm-simple-io.c Examining data/loudmouth-1.5.3/loudmouth/lm-sasl.h Examining data/loudmouth-1.5.3/loudmouth/lm-old-socket.h Examining data/loudmouth-1.5.3/loudmouth/lm-parser.c Examining data/loudmouth-1.5.3/loudmouth/md5.c Examining data/loudmouth-1.5.3/loudmouth/lm-blocking-resolver.h Examining data/loudmouth-1.5.3/loudmouth/lm-dummy.c Examining data/loudmouth-1.5.3/loudmouth/lm-asyncns-resolver.h Examining data/loudmouth-1.5.3/loudmouth/lm-blocking-resolver.c Examining data/loudmouth-1.5.3/loudmouth/lm-parser.h Examining data/loudmouth-1.5.3/loudmouth/lm-message-handler.h Examining data/loudmouth-1.5.3/loudmouth/lm-idummy.h Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-openssl.c Examining data/loudmouth-1.5.3/loudmouth/lm-xmpp-writer.c Examining data/loudmouth-1.5.3/loudmouth/lm-message-node.c Examining data/loudmouth-1.5.3/loudmouth/lm-marshal.c Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-base.h Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-generic.c Examining data/loudmouth-1.5.3/loudmouth/lm-xmpp-writer.h Examining data/loudmouth-1.5.3/loudmouth/lm-marshal.h Examining data/loudmouth-1.5.3/loudmouth/lm-old-socket.c Examining data/loudmouth-1.5.3/loudmouth/lm-resolver.c Examining data/loudmouth-1.5.3/tests/test-data-objects.c Examining data/loudmouth-1.5.3/tests/test-parser.c Examining data/loudmouth-1.5.3/examples/lm-register.c Examining data/loudmouth-1.5.3/examples/lm-send-async.c Examining data/loudmouth-1.5.3/examples/test-tunnel.c Examining data/loudmouth-1.5.3/examples/test-lm.c Examining data/loudmouth-1.5.3/examples/test-http-proxy.c Examining data/loudmouth-1.5.3/examples/lm-change-password.c FINAL RESULTS: data/loudmouth-1.5.3/loudmouth/lm-resolver.c:487:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pref_name, name); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:324:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(features+4, lm_auth_parameters_get_username (sasl->auth_params)); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:501:16: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. n[i] = g_random_int(); data/loudmouth-1.5.3/loudmouth/lm-blocking-resolver.c:151:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char srv_ans[SRV_LEN]; data/loudmouth-1.5.3/loudmouth/lm-misc.c:87:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/loudmouth-1.5.3/loudmouth/lm-misc.c:92:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "G_IO_ERR "); data/loudmouth-1.5.3/loudmouth/lm-misc.c:94:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "G_IO_HUP "); data/loudmouth-1.5.3/loudmouth/lm-misc.c:96:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "G_IO_NVAL "); data/loudmouth-1.5.3/loudmouth/lm-misc.c:98:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "G_IO_IN "); data/loudmouth-1.5.3/loudmouth/lm-misc.c:100:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "G_IO_OUT "); data/loudmouth-1.5.3/loudmouth/lm-old-socket.c:592:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NI_MAXHOST]; data/loudmouth-1.5.3/loudmouth/lm-old-socket.c:593:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portname[NI_MAXSERV]; data/loudmouth-1.5.3/loudmouth/lm-old-socket.c:783:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dispbuf[128]; data/loudmouth-1.5.3/loudmouth/lm-resolver.c:450:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/loudmouth-1.5.3/loudmouth/lm-resolver.c:451:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pref_name[256]; data/loudmouth-1.5.3/loudmouth/lm-sasl.c:571:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (a1, digest_md5, 16); data/loudmouth-1.5.3/loudmouth/lm-sha.c:203:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/loudmouth-1.5.3/loudmouth/lm-sha.c:504:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sc->buffer.bytes[sc->bufferLength], data, bytesToCopy); data/loudmouth-1.5.3/loudmouth/lm-sha.c:530:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sc->buffer.bytes[sc->bufferLength], data, len); data/loudmouth-1.5.3/loudmouth/lm-sha.c:544:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sc->buffer.bytes[sc->bufferLength], data, bytesToCopy); data/loudmouth-1.5.3/loudmouth/lm-sock.c:352:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[IPV6_MAX_ADDRESS_LEN]; data/loudmouth-1.5.3/loudmouth/lm-ssl-base.h:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fingerprint[LM_FINGERPRINT_LENGTH]; data/loudmouth-1.5.3/loudmouth/md5.c:170:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xbuf, data, 64); data/loudmouth-1.5.3/loudmouth/md5.c:344:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pms->buf + offset, p, copy); data/loudmouth-1.5.3/loudmouth/md5.c:358:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pms->buf, p, left); data/loudmouth-1.5.3/loudmouth/lm-connection.c:469:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/loudmouth-1.5.3/loudmouth/lm-parser.c:283:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_bytes = strlen (buffer); data/loudmouth-1.5.3/loudmouth/lm-parser.c:349:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (gssize)strlen (valid), NULL)) { data/loudmouth-1.5.3/loudmouth/lm-proxy.c:108:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (gsize) strlen (tmp1)); data/loudmouth-1.5.3/loudmouth/lm-proxy.c:122:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send (fd, str, strlen (str), 0); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:155:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). token.length = strlen ((char *)token.value); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:317:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). input_buffer_desc.length = 4 + strlen(lm_auth_parameters_get_username (sasl->auth_params)); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:565:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_append (&md5_calc, (const md5_byte_t *)tmp, strlen(tmp)); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:570:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (a1); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:575:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a2h = sasl_md5_hex_hash (a2, strlen(a2)); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:579:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kdh = sasl_md5_hex_hash (kd, strlen(kd)); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:589:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a2h = sasl_md5_hex_hash (a2, strlen(a2)); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:593:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sasl->digest_md5_rspauth = sasl_md5_hex_hash (kd, strlen(kd)); data/loudmouth-1.5.3/loudmouth/lm-sasl.c:629:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (gsize) strlen(response)); data/loudmouth-1.5.3/loudmouth/lm-sha.c:615:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SHA1Update (&ctx, str, strlen (str)); data/loudmouth-1.5.3/loudmouth/lm-socket.c:149:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!LM_SOCKET_GET_IFACE(socket)->read) { data/loudmouth-1.5.3/loudmouth/lm-socket.c:153:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return LM_SOCKET_GET_IFACE(socket)->read (socket, buf, buf_len, read_len); data/loudmouth-1.5.3/loudmouth/lm-socket.h:45:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gboolean (*read) (LmSocket *socket, ANALYSIS SUMMARY: Hits = 43 Lines analyzed = 15671 in approximately 0.43 seconds (36864 lines/second) Physical Source Lines of Code (SLOC) = 10346 Hits@level = [0] 1 [1] 18 [2] 22 [3] 1 [4] 2 [5] 0 Hits@level+ = [0+] 44 [1+] 43 [2+] 25 [3+] 3 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 4.25285 [1+] 4.1562 [2+] 2.41639 [3+] 0.289967 [4+] 0.193311 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.