Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nvram-wakeup-1.1/nvram-wakeup-mb.c
Examining data/nvram-wakeup-1.1/biosinfo.c
Examining data/nvram-wakeup-1.1/nvramops.c
Examining data/nvram-wakeup-1.1/time.c
Examining data/nvram-wakeup-1.1/nvram-wakeup-mb.h
Examining data/nvram-wakeup-1.1/bios.c
Examining data/nvram-wakeup-1.1/byteops.c
Examining data/nvram-wakeup-1.1/nvram-wakeup.h
Examining data/nvram-wakeup-1.1/guess.c
Examining data/nvram-wakeup-1.1/tools.c
Examining data/nvram-wakeup-1.1/rtc.c
Examining data/nvram-wakeup-1.1/readconf.c
Examining data/nvram-wakeup-1.1/cat_nvram.c
Examining data/nvram-wakeup-1.1/gmt-test.c
Examining data/nvram-wakeup-1.1/nvram-wakeup.c
FINAL RESULTS:
data/nvram-wakeup-1.1/guess.c:205:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, CVSREV_guess_c "\n");
data/nvram-wakeup-1.1/tools.c:103:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(out, fmt, ap);
data/nvram-wakeup-1.1/tools.c:113:16: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(out, fmt, ap);
data/nvram-wakeup-1.1/tools.c:120:20: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(msg, size, fmt, ap);
data/nvram-wakeup-1.1/tools.c:125:21: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(lvl, msg);
data/nvram-wakeup-1.1/tools.c:141:21: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(out, fmt, ap);
data/nvram-wakeup-1.1/nvram-wakeup.c:925:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int i = getopt_long(*argc, *argv, optstring, opts, NULL);
data/nvram-wakeup-1.1/bios.c:94:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_mem = open(MEM_DEV, O_RDONLY);
data/nvram-wakeup-1.1/biosinfo.c:23:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( argc > 1 && strcmp((char *)argv[1], "--debug") == 0)
data/nvram-wakeup-1.1/cat_nvram.c:35:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[MAXNVRAMSIZE];
data/nvram-wakeup-1.1/guess.c:45:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte[MAXFILES][MAXNVRAMSIZE];
data/nvram-wakeup-1.1/guess.c:200:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *files[MAXFILES];
data/nvram-wakeup-1.1/guess.c:218:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(files[i], "%02u.%02u.%02u.%02u%c", day[i], hour[i], min[i], sec[i], stat[i]?'+':'-');
data/nvram-wakeup-1.1/guess.c:219:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd[i] = open (files[i], O_RDONLY);
data/nvram-wakeup-1.1/nvram-wakeup.c:59:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char oBytes[MAXNVRAMSIZE];
data/nvram-wakeup-1.1/nvram-wakeup.c:60:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nBytes[MAXNVRAMSIZE];
data/nvram-wakeup-1.1/nvram-wakeup.c:206:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_rtc = open(RTC_DEV, O_RDONLY);
data/nvram-wakeup-1.1/nvram-wakeup.c:253:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nBytes, oBytes, sizeof(oBytes));
data/nvram-wakeup-1.1/nvram-wakeup.c:272:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_rtc = open( RTC_DEV, O_RDONLY );
data/nvram-wakeup-1.1/nvram-wakeup.c:804:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_rtc = open( RTC_DEV, O_RDONLY );
data/nvram-wakeup-1.1/nvramops.c:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode_str[10];
data/nvram-wakeup-1.1/nvramops.c:42:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case O_RDONLY: sprintf(mode_str, "O_RDONLY"); break;
data/nvram-wakeup-1.1/nvramops.c:43:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case O_WRONLY: sprintf(mode_str, "O_WRONLY"); break;
data/nvram-wakeup-1.1/nvramops.c:44:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: sprintf(mode_str, "%d", mode); break;
data/nvram-wakeup-1.1/nvramops.c:48:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_nvram = open(NVRAM_DEV, mode);
data/nvram-wakeup-1.1/readconf.c:140:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd_conf = fopen(filename, "r")) == NULL) {
data/nvram-wakeup-1.1/rtc.c:52:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/rtc", O_RDONLY);
data/nvram-wakeup-1.1/tools.c:167:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_line[50];
data/nvram-wakeup-1.1/tools.c:170:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out_line, "%06X0: %02X%02X %02X%02X %02X%02X %02X%02X %02X%02X %02X%02X %02X%02X %02X%02X\n", i,
data/nvram-wakeup-1.1/bios.c:76:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen((char *)bp) + 1;
data/nvram-wakeup-1.1/bios.c:109:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( read(fd_mem, buf, 16) != 16) {
data/nvram-wakeup-1.1/bios.c:130:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd_mem, entry, size) != size) {
data/nvram-wakeup-1.1/guess.c:229:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = read(fd[i], &byte[i][addr], 1);
data/nvram-wakeup-1.1/nvram-wakeup.c:902:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(opt->name);
data/nvram-wakeup-1.1/nvram-wakeup.c:936:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(optarg) > strspn(optarg, "0123456789") ) {
data/nvram-wakeup-1.1/nvram-wakeup.c:1003:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(optarg) > strspn(optarg, "0123456789") ) {
data/nvram-wakeup-1.1/nvramops.c:86:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nvramSize = read(fd_nvram, bytes, MAXNVRAMSIZE);
data/nvram-wakeup-1.1/readconf.c:163:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (comment && comment[strlen(comment)-1] == '\n')
data/nvram-wakeup-1.1/readconf.c:164:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comment[strlen(comment)-1] = 0;
data/nvram-wakeup-1.1/tools.c:160:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(isspace(res[strlen(res)-1]))
data/nvram-wakeup-1.1/tools.c:161:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res[strlen(res)-1]=0;
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 3031 in approximately 0.12 seconds (24686 lines/second)
Physical Source Lines of Code (SLOC) = 1943
Hits@level = [0] 55 [1] 12 [2] 22 [3] 1 [4] 6 [5] 0
Hits@level+ = [0+] 96 [1+] 41 [2+] 29 [3+] 7 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 49.4081 [1+] 21.1014 [2+] 14.9254 [3+] 3.60268 [4+] 3.08801 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.