Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/bb.c
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/bb.h
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/error.c
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/error.h
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/native_constants.c
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/native_constants.h
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.h
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl_private.h
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.h
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslutils.c
Examining data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/tcn.h
FINAL RESULTS:
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c:147:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, str);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c:154:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, prefix);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c:155:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, str);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/error.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[TCN_BUFFER_SZ] = {'\0'};
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/error.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serr[512] = {0};
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c:425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dllPath[MAX_DLL_PATH_LEN + 1];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:141:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bioUserData->buffer, &bioUserData->nonApplicationBuffer[bioUserData->nonApplicationBufferOffset], (size_t) writeChunk);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:142:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bioUserData->buffer[writeChunk], bioUserData->nonApplicationBuffer, (size_t) newnonApplicationBufferOffset);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:145:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bioUserData->buffer, &bioUserData->nonApplicationBuffer[bioUserData->nonApplicationBufferOffset], (size_t) writeAmount);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:200:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bioUserData->nonApplicationBuffer[startIndex], in, (size_t) writeChunk);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:201:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bioUserData->nonApplicationBuffer, &in[writeChunk], (size_t) (writeAmount - writeChunk));
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:203:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bioUserData->nonApplicationBuffer[startIndex], in, (size_t) writeAmount);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bioUserData->buffer, in, (size_t) writeChunk);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:260:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, bioUserData->buffer, (size_t) readAmount);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:583:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unmapped[540];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:869:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:1409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:1644:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:1665:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, session->master_key, outlen);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:1680:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, ssl->s3->server_random, outlen);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:1695:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, ssl->s3->client_random, outlen);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:1852:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:1896:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:1951:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:2017:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:2030:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:2064:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:2100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:2194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:2277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:2463:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl_private.h:271:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key_name[SSL_SESSION_TICKET_KEY_NAME_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl_private.h:272:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hmac_key[SSL_SESSION_TICKET_HMAC_KEY_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl_private.h:273:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aes_key[SSL_SESSION_TICKET_AES_KEY_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl_private.h:344:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char context_id[SHA_DIGEST_LENGTH];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:292:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:503:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:643:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[PEM_BUFSIZE];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:720:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:815:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[ERR_LEN];
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:947:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_data, proto_chars, proto_chars_len);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:1255:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int find_session_key(tcn_ssl_ctxt_t *c, unsigned char key_name[16], tcn_ssl_ticket_key_t *key, int *is_current_key) {
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:1273:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) {
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:1288:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_name, key.key_name, 16);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:1339:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ticket_keys[i].key_name, key, 16);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:1340:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ticket_keys[i].hmac_key, key + 16, 16);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:1341:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ticket_keys[i].aes_key, key + 32, 16);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:2142:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, b, arrayLen);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:2205:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, b, arrayLen);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:2268:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, b, arrayLen);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:2626:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dynamicMethods, fixed_method_table, sizeof(fixed_method_table));
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c:143:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* result = (char*) malloc(sizeof(char) * (strlen(str) + 1));
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c:150:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* result = (char*) malloc(sizeof(char) * (strlen(prefix) + strlen(str) + 1));
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c:150:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* result = (char*) malloc(sizeof(char) * (strlen(prefix) + strlen(str) + 1));
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c:184:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (copy != NULL && n < strlen(copy)) {
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/jnilib.c:195:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t s2len = strlen(s2);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/ssl.c:327:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int) tcn_write_to_bytebuffer(bio, in, strlen(in));
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:427:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)strlen(J2S(id)),
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslcontext.c:920:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
proto_chars_len = strlen(proto_chars);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslutils.c:206:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, password, bufsiz);
data/netty-tcnative-2.0.28/openssl-dynamic/src/main/c/sslutils.c:210:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int)strlen(buf);
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 8239 in approximately 0.21 seconds (38648 lines/second)
Physical Source Lines of Code (SLOC) = 5960
Hits@level = [0] 12 [1] 10 [2] 48 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 73 [1+] 61 [2+] 51 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 12.2483 [1+] 10.2349 [2+] 8.55705 [3+] 0.503356 [4+] 0.503356 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.