Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/loudmouth-1.5.3/loudmouth/lm-data-objects.h
Examining data/loudmouth-1.5.3/loudmouth/lm-message.h
Examining data/loudmouth-1.5.3/loudmouth/lm-sha.c
Examining data/loudmouth-1.5.3/loudmouth/lm-debug.h
Examining data/loudmouth-1.5.3/loudmouth/lm-feature-ping.c
Examining data/loudmouth-1.5.3/loudmouth/test-dns.c
Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-base.c
Examining data/loudmouth-1.5.3/loudmouth/lm-message-queue.h
Examining data/loudmouth-1.5.3/loudmouth/lm-internals.h
Examining data/loudmouth-1.5.3/loudmouth/lm-sasl.c
Examining data/loudmouth-1.5.3/loudmouth/lm-debug.c
Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-gnutls.c
Examining data/loudmouth-1.5.3/loudmouth/lm-idummy.c
Examining data/loudmouth-1.5.3/loudmouth/lm-utils.h
Examining data/loudmouth-1.5.3/loudmouth/lm-error.h
Examining data/loudmouth-1.5.3/loudmouth/lm-dummy.h
Examining data/loudmouth-1.5.3/loudmouth/lm-proxy.h
Examining data/loudmouth-1.5.3/loudmouth/lm-utils.c
Examining data/loudmouth-1.5.3/loudmouth/lm-connection.h
Examining data/loudmouth-1.5.3/loudmouth/lm-data-objects.c
Examining data/loudmouth-1.5.3/loudmouth/lm-socket.c
Examining data/loudmouth-1.5.3/loudmouth/lm-asyncns-resolver.c
Examining data/loudmouth-1.5.3/loudmouth/lm-sock.h
Examining data/loudmouth-1.5.3/loudmouth/md5.h
Examining data/loudmouth-1.5.3/loudmouth/lm-message.c
Examining data/loudmouth-1.5.3/loudmouth/lm-connection.c
Examining data/loudmouth-1.5.3/loudmouth/lm-simple-io.h
Examining data/loudmouth-1.5.3/loudmouth/lm-sock.c
Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-internals.h
Examining data/loudmouth-1.5.3/loudmouth/lm-proxy.c
Examining data/loudmouth-1.5.3/loudmouth/lm-message-node.h
Examining data/loudmouth-1.5.3/loudmouth/lm-message-queue.c
Examining data/loudmouth-1.5.3/loudmouth/lm-ssl.h
Examining data/loudmouth-1.5.3/loudmouth/lm-feature-ping.h
Examining data/loudmouth-1.5.3/loudmouth/lm-misc.c
Examining data/loudmouth-1.5.3/loudmouth/lm-misc.h
Examining data/loudmouth-1.5.3/loudmouth/lm-message-handler.c
Examining data/loudmouth-1.5.3/loudmouth/lm-resolver.h
Examining data/loudmouth-1.5.3/loudmouth/lm-error.c
Examining data/loudmouth-1.5.3/loudmouth/lm-sha.h
Examining data/loudmouth-1.5.3/loudmouth/lm-socket.h
Examining data/loudmouth-1.5.3/loudmouth/loudmouth.h
Examining data/loudmouth-1.5.3/loudmouth/lm-simple-io.c
Examining data/loudmouth-1.5.3/loudmouth/lm-sasl.h
Examining data/loudmouth-1.5.3/loudmouth/lm-old-socket.h
Examining data/loudmouth-1.5.3/loudmouth/lm-parser.c
Examining data/loudmouth-1.5.3/loudmouth/md5.c
Examining data/loudmouth-1.5.3/loudmouth/lm-blocking-resolver.h
Examining data/loudmouth-1.5.3/loudmouth/lm-dummy.c
Examining data/loudmouth-1.5.3/loudmouth/lm-asyncns-resolver.h
Examining data/loudmouth-1.5.3/loudmouth/lm-blocking-resolver.c
Examining data/loudmouth-1.5.3/loudmouth/lm-parser.h
Examining data/loudmouth-1.5.3/loudmouth/lm-message-handler.h
Examining data/loudmouth-1.5.3/loudmouth/lm-idummy.h
Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-openssl.c
Examining data/loudmouth-1.5.3/loudmouth/lm-xmpp-writer.c
Examining data/loudmouth-1.5.3/loudmouth/lm-message-node.c
Examining data/loudmouth-1.5.3/loudmouth/lm-marshal.c
Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-base.h
Examining data/loudmouth-1.5.3/loudmouth/lm-ssl-generic.c
Examining data/loudmouth-1.5.3/loudmouth/lm-xmpp-writer.h
Examining data/loudmouth-1.5.3/loudmouth/lm-marshal.h
Examining data/loudmouth-1.5.3/loudmouth/lm-old-socket.c
Examining data/loudmouth-1.5.3/loudmouth/lm-resolver.c
Examining data/loudmouth-1.5.3/tests/test-data-objects.c
Examining data/loudmouth-1.5.3/tests/test-parser.c
Examining data/loudmouth-1.5.3/examples/lm-register.c
Examining data/loudmouth-1.5.3/examples/lm-send-async.c
Examining data/loudmouth-1.5.3/examples/test-tunnel.c
Examining data/loudmouth-1.5.3/examples/test-lm.c
Examining data/loudmouth-1.5.3/examples/test-http-proxy.c
Examining data/loudmouth-1.5.3/examples/lm-change-password.c
FINAL RESULTS:
data/loudmouth-1.5.3/loudmouth/lm-resolver.c:487:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pref_name, name);
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:324:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(features+4, lm_auth_parameters_get_username (sasl->auth_params));
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:501:16: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
n[i] = g_random_int();
data/loudmouth-1.5.3/loudmouth/lm-blocking-resolver.c:151:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char srv_ans[SRV_LEN];
data/loudmouth-1.5.3/loudmouth/lm-misc.c:87:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/loudmouth-1.5.3/loudmouth/lm-misc.c:92:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "G_IO_ERR ");
data/loudmouth-1.5.3/loudmouth/lm-misc.c:94:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "G_IO_HUP ");
data/loudmouth-1.5.3/loudmouth/lm-misc.c:96:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "G_IO_NVAL ");
data/loudmouth-1.5.3/loudmouth/lm-misc.c:98:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "G_IO_IN ");
data/loudmouth-1.5.3/loudmouth/lm-misc.c:100:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "G_IO_OUT ");
data/loudmouth-1.5.3/loudmouth/lm-old-socket.c:592:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NI_MAXHOST];
data/loudmouth-1.5.3/loudmouth/lm-old-socket.c:593:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portname[NI_MAXSERV];
data/loudmouth-1.5.3/loudmouth/lm-old-socket.c:783:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dispbuf[128];
data/loudmouth-1.5.3/loudmouth/lm-resolver.c:450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/loudmouth-1.5.3/loudmouth/lm-resolver.c:451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref_name[256];
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:571:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a1, digest_md5, 16);
data/loudmouth-1.5.3/loudmouth/lm-sha.c:203:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/loudmouth-1.5.3/loudmouth/lm-sha.c:504:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sc->buffer.bytes[sc->bufferLength], data, bytesToCopy);
data/loudmouth-1.5.3/loudmouth/lm-sha.c:530:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sc->buffer.bytes[sc->bufferLength], data, len);
data/loudmouth-1.5.3/loudmouth/lm-sha.c:544:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sc->buffer.bytes[sc->bufferLength], data, bytesToCopy);
data/loudmouth-1.5.3/loudmouth/lm-sock.c:352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[IPV6_MAX_ADDRESS_LEN];
data/loudmouth-1.5.3/loudmouth/lm-ssl-base.h:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fingerprint[LM_FINGERPRINT_LENGTH];
data/loudmouth-1.5.3/loudmouth/md5.c:170:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf, data, 64);
data/loudmouth-1.5.3/loudmouth/md5.c:344:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf + offset, p, copy);
data/loudmouth-1.5.3/loudmouth/md5.c:358:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf, p, left);
data/loudmouth-1.5.3/loudmouth/lm-connection.c:469:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/loudmouth-1.5.3/loudmouth/lm-parser.c:283:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining_bytes = strlen (buffer);
data/loudmouth-1.5.3/loudmouth/lm-parser.c:349:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(gssize)strlen (valid), NULL)) {
data/loudmouth-1.5.3/loudmouth/lm-proxy.c:108:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(gsize) strlen (tmp1));
data/loudmouth-1.5.3/loudmouth/lm-proxy.c:122:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send (fd, str, strlen (str), 0);
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:155:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token.length = strlen ((char *)token.value);
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:317:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_buffer_desc.length = 4 + strlen(lm_auth_parameters_get_username (sasl->auth_params));
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:565:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append (&md5_calc, (const md5_byte_t *)tmp, strlen(tmp));
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:570:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (a1);
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:575:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a2h = sasl_md5_hex_hash (a2, strlen(a2));
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:579:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kdh = sasl_md5_hex_hash (kd, strlen(kd));
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:589:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a2h = sasl_md5_hex_hash (a2, strlen(a2));
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:593:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sasl->digest_md5_rspauth = sasl_md5_hex_hash (kd, strlen(kd));
data/loudmouth-1.5.3/loudmouth/lm-sasl.c:629:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(gsize) strlen(response));
data/loudmouth-1.5.3/loudmouth/lm-sha.c:615:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1Update (&ctx, str, strlen (str));
data/loudmouth-1.5.3/loudmouth/lm-socket.c:149:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!LM_SOCKET_GET_IFACE(socket)->read) {
data/loudmouth-1.5.3/loudmouth/lm-socket.c:153:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return LM_SOCKET_GET_IFACE(socket)->read (socket, buf, buf_len, read_len);
data/loudmouth-1.5.3/loudmouth/lm-socket.h:45:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gboolean (*read) (LmSocket *socket,
ANALYSIS SUMMARY:
Hits = 43
Lines analyzed = 15671 in approximately 0.43 seconds (36864 lines/second)
Physical Source Lines of Code (SLOC) = 10346
Hits@level = [0] 1 [1] 18 [2] 22 [3] 1 [4] 2 [5] 0
Hits@level+ = [0+] 44 [1+] 43 [2+] 25 [3+] 3 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 4.25285 [1+] 4.1562 [2+] 2.41639 [3+] 0.289967 [4+] 0.193311 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.