Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/lua-ldap-1.2.5/src/compat-5.3.c Examining data/lua-ldap-1.2.5/src/compat-5.3.h Examining data/lua-ldap-1.2.5/src/open2winldap.h Examining data/lua-ldap-1.2.5/src/lualdap.c Examining data/lua-ldap-1.2.5/vc6/resource.h FINAL RESULTS: data/lua-ldap-1.2.5/src/lualdap.c:508:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cred.bv_val, password); data/lua-ldap-1.2.5/src/lualdap.c:1023:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(host_with_schema, host); data/lua-ldap-1.2.5/src/compat-5.3.c:403:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512] = { 0 }; data/lua-ldap-1.2.5/src/compat-5.3.c:473:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[COMPAT53_LUA_FILE_BUFFER_SIZE]; /* area for reading file */ data/lua-ldap-1.2.5/src/compat-5.3.c:496:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512] = {0}; data/lua-ldap-1.2.5/src/compat-5.3.c:570:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lf.f = fopen(filename, "r"); /* default stdlib doesn't forcefully lock files here */ data/lua-ldap-1.2.5/src/compat-5.3.c:675:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newptr, B->ptr, B->nelems); data/lua-ldap-1.2.5/src/compat-5.3.c:686:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(luaL_prepbuffsize(B, l), s, l); data/lua-ldap-1.2.5/src/compat-5.3.c:769:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, mptr, LUA_EXTRASPACE); data/lua-ldap-1.2.5/src/lualdap.c:848:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *attrs[LUALDAP_MAX_ATTRS]; data/lua-ldap-1.2.5/src/lualdap.c:881:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/lua-ldap-1.2.5/src/lualdap.c:884:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (buff, "closed"); data/lua-ldap-1.2.5/src/lualdap.c:886:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buff, "%p", (void*)conn); data/lua-ldap-1.2.5/src/lualdap.c:897:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/lua-ldap-1.2.5/src/lualdap.c:901:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (buff, "closed"); data/lua-ldap-1.2.5/src/lualdap.c:903:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buff, "%p", (void*)search); data/lua-ldap-1.2.5/src/lualdap.c:1022:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(host_with_schema, "ldap://"); data/lua-ldap-1.2.5/src/compat-5.3.c:510:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(lf->f); data/lua-ldap-1.2.5/src/compat-5.3.c:515:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return getc(lf->f); /* return next character */ data/lua-ldap-1.2.5/src/compat-5.3.c:530:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(lf->f); data/lua-ldap-1.2.5/src/compat-5.3.c:532:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). *cp = getc(lf->f); /* skip end-of-line, if present */ data/lua-ldap-1.2.5/src/compat-5.3.h:254:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). luaL_addlstring((B), (s), strlen((s))) data/lua-ldap-1.2.5/src/lualdap.c:506:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cred.bv_len = strlen(password); data/lua-ldap-1.2.5/src/lualdap.c:1021:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *host_with_schema = malloc(strlen(host) + 8); ANALYSIS SUMMARY: Hits = 24 Lines analyzed = 2533 in approximately 0.09 seconds (27275 lines/second) Physical Source Lines of Code (SLOC) = 1798 Hits@level = [0] 1 [1] 7 [2] 15 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 25 [1+] 24 [2+] 17 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 13.9043 [1+] 13.3482 [2+] 9.45495 [3+] 1.11235 [4+] 1.11235 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.