Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mkelfimage-2.7/main/mkelfImage.c
Examining data/mkelfimage-2.7/linux-ia64/convert.h
Examining data/mkelfimage-2.7/linux-ia64/convert.bin.c
Examining data/mkelfimage-2.7/linux-ia64/mkelf-linux-ia64.c
Examining data/mkelfimage-2.7/linux-ia64/convert_params.c
Examining data/mkelfimage-2.7/include/elf_boot.h
Examining data/mkelfimage-2.7/include/elf.h
Examining data/mkelfimage-2.7/include/mkelfImage.h
Examining data/mkelfimage-2.7/include/linuxbios_tables.h
Examining data/mkelfimage-2.7/arch/i386/include/limits.h
Examining data/mkelfimage-2.7/arch/i386/include/arch/io.h
Examining data/mkelfimage-2.7/arch/i386/include/stdint.h
Examining data/mkelfimage-2.7/arch/ia64/include/limits.h
Examining data/mkelfimage-2.7/arch/ia64/include/stdint.h
Examining data/mkelfimage-2.7/linux-i386/x86-linux.h
Examining data/mkelfimage-2.7/linux-i386/convert.h
Examining data/mkelfimage-2.7/linux-i386/mkelf-linux-i386.c
Examining data/mkelfimage-2.7/linux-i386/uniform_boot.h
Examining data/mkelfimage-2.7/linux-i386/convert_params.c
Examining data/mkelfimage-2.7/linux-i386/convert.bin.c
Examining data/mkelfimage-2.7/util/bin-to-hex.c
Examining data/mkelfimage-2.7/kunzip_src/include/stdlib.h
Examining data/mkelfimage-2.7/kunzip_src/include/string.h
Examining data/mkelfimage-2.7/kunzip_src/include/types.h
Examining data/mkelfimage-2.7/kunzip_src/include/stdarg.h
Examining data/mkelfimage-2.7/kunzip_src/arch/i386/include/stddef.h
Examining data/mkelfimage-2.7/kunzip_src/arch/i386/include/stdint.h
Examining data/mkelfimage-2.7/kunzip_src/arch/alpha/include/stddef.h
Examining data/mkelfimage-2.7/kunzip_src/arch/alpha/include/va-alpha.h
Examining data/mkelfimage-2.7/kunzip_src/arch/alpha/include/stdint.h
Examining data/mkelfimage-2.7/kunzip_src/lib/memcpy.c
Examining data/mkelfimage-2.7/kunzip_src/lib/inflate.c
Examining data/mkelfimage-2.7/kunzip_src/lib/memcmp.c
Examining data/mkelfimage-2.7/kunzip_src/lib/memset.c
Examining data/mkelfimage-2.7/kunzip_src/lib/malloc.c
Examining data/mkelfimage-2.7/kunzip_src/lib/kunzip.c
FINAL RESULTS:
data/mkelfimage-2.7/kunzip_src/lib/kunzip.c:15:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DBG(x) printf x
data/mkelfimage-2.7/linux-i386/convert_params.c:284:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void printf(const char *fmt, ...)
data/mkelfimage-2.7/linux-ia64/convert_params.c:50:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void printf(const char *fmt, ...)
data/mkelfimage-2.7/main/mkelfImage.c:31:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/mkelfimage-2.7/main/mkelfImage.c:557:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/mkelfimage-2.7/linux-i386/mkelf-linux-i386.c:257:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt_long(argc, argv, short_options, options, 0)) != -1) {
data/mkelfimage-2.7/linux-ia64/mkelf-linux-ia64.c:176:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt_long(argc, argv, short_options, options, 0)) != -1) {
data/mkelfimage-2.7/main/mkelfImage.c:593:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, short_options, options, 0)) != -1) {
data/mkelfimage-2.7/include/elf.h:166:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ident[EI_NIDENT]; /* File identification. */
data/mkelfimage-2.7/include/elf.h:183:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ident[EI_NIDENT]; /* File identification. */
data/mkelfimage-2.7/kunzip_src/include/string.h:27:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
extern void *memcpy(void *dest, const void *src, size_t n);
data/mkelfimage-2.7/kunzip_src/lib/inflate.c:595:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(slide + w, slide + d, e);
data/mkelfimage-2.7/kunzip_src/lib/inflate.c:1072:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[2]; /* magic header */
data/mkelfimage-2.7/kunzip_src/lib/kunzip.c:58:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char window[WSIZE]; /* Sliding window buffer */
data/mkelfimage-2.7/kunzip_src/lib/memcpy.c:2:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memcpy(void *__dest, __const void *__src, size_t __n)
data/mkelfimage-2.7/linux-i386/convert_params.c:215:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#undef memcpy
data/mkelfimage-2.7/linux-i386/convert_params.c:299:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40], *q = tmp;
data/mkelfimage-2.7/linux-i386/convert_params.c:403:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void* memcpy(void *dest, const void *src, size_t len)
data/mkelfimage-2.7/linux-i386/convert_params.c:507:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, arg, len);
data/mkelfimage-2.7/linux-i386/convert_params.c:598:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char boot_device[4];
data/mkelfimage-2.7/linux-i386/convert_params.c:1467:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->real_mode->command_line, info->image->cmdline, len);
data/mkelfimage-2.7/linux-i386/convert_params.c:1499:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->real_mode->param_block_signature, "HdrS", 4);
data/mkelfimage-2.7/linux-ia64/convert_params.c:65:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40], *q = tmp;
data/mkelfimage-2.7/linux-ia64/convert_params.c:134:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memcpy(void *vdest, void *vsrc, size_t size)
data/mkelfimage-2.7/main/mkelfImage.c:123:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/mkelfimage-2.7/main/mkelfImage.c:320:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + offset, &hdr, sizeof(hdr));
data/mkelfimage-2.7/main/mkelfImage.c:322:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + offset, note[i].n_name, n_namesz);
data/mkelfimage-2.7/main/mkelfImage.c:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + offset, note[i].n_desc, note[i].n_descsz);
data/mkelfimage-2.7/main/mkelfImage.c:510:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(output, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IRGRP | S_IROTH);
data/mkelfimage-2.7/linux-i386/mkelf-linux-i386.c:307:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(params->cmdline, cmdline, sizeof(params->cmdline));
data/mkelfimage-2.7/linux-i386/mkelf-linux-i386.c:374:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
note[0].n_descsz = strlen(note[0].n_desc)+1;
data/mkelfimage-2.7/linux-i386/mkelf-linux-i386.c:379:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
note[1].n_descsz = strlen(note[1].n_desc);
data/mkelfimage-2.7/linux-ia64/mkelf-linux-ia64.c:216:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(params->cmdline, cmdline, sizeof(params->cmdline));
data/mkelfimage-2.7/linux-ia64/mkelf-linux-ia64.c:259:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
note[0].n_descsz = strlen(note[0].n_desc)+1;
data/mkelfimage-2.7/linux-ia64/mkelf-linux-ia64.c:264:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
note[1].n_descsz = strlen(note[1].n_desc)+1;
data/mkelfimage-2.7/main/mkelfImage.c:138:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, buf + progress, size - progress);
data/mkelfimage-2.7/main/mkelfImage.c:253:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += roundup(strlen(note[i].n_name)+1, 4);
data/mkelfimage-2.7/main/mkelfImage.c:314:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_namesz = strlen(note[i].n_name) +1;
data/mkelfimage-2.7/util/bin-to-hex.c:8:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getchar()) != EOF) {
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 6916 in approximately 0.28 seconds (25111 lines/second)
Physical Source Lines of Code (SLOC) = 5335
Hits@level = [0] 144 [1] 10 [2] 21 [3] 3 [4] 5 [5] 0
Hits@level+ = [0+] 183 [1+] 39 [2+] 29 [3+] 8 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 34.3018 [1+] 7.31022 [2+] 5.4358 [3+] 1.49953 [4+] 0.937207 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.