Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/oddjob-0.34.6/python/oddjobmodule.c
Examining data/oddjob-0.34.6/src/oddjobd.c
Examining data/oddjob-0.34.6/src/oddjob_request.c
Examining data/oddjob-0.34.6/src/mkhomedir.c
Examining data/oddjob-0.34.6/src/handlers.h
Examining data/oddjob-0.34.6/src/pam_oddjob_mkhomedir.c
Examining data/oddjob-0.34.6/src/selinux.c
Examining data/oddjob-0.34.6/src/selinux.h
Examining data/oddjob-0.34.6/src/mainloop.h
Examining data/oddjob-0.34.6/src/mainloop.c
Examining data/oddjob-0.34.6/src/oddjob_dbus.h
Examining data/oddjob-0.34.6/src/oddjob_dbus.c
Examining data/oddjob-0.34.6/src/common.h
Examining data/oddjob-0.34.6/src/util.h
Examining data/oddjob-0.34.6/src/util.c
Examining data/oddjob-0.34.6/src/buffer.h
Examining data/oddjob-0.34.6/src/buffer.c
Examining data/oddjob-0.34.6/src/oddjob.h
Examining data/oddjob-0.34.6/tests/cmdparse/cmdparse.c
FINAL RESULTS:
data/oddjob-0.34.6/src/mkhomedir.c:84:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if (readlink(source, target, sizeof(target) - 1)) {
data/oddjob-0.34.6/src/mkhomedir.c:241:12: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
res = chown(pwd->pw_dir, pwd->pw_uid, pwd->pw_gid);
data/oddjob-0.34.6/src/selinux.c:182:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(path, uid, gid) != 0) {
data/oddjob-0.34.6/src/oddjob_dbus.c:1375:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*output_length = sprintf(*output, "%s: %s",
data/oddjob-0.34.6/src/oddjob_dbus.c:1383:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*error_length = sprintf(*error, "%s: %s",
data/oddjob-0.34.6/src/oddjob_dbus.c:1438:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*output_length = sprintf(*output, "%s: %s",
data/oddjob-0.34.6/src/oddjob_dbus.c:1446:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*error_length = sprintf(*error, "%s: %s",
data/oddjob-0.34.6/src/oddjob_request.c:122:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(interface, method);
data/oddjob-0.34.6/src/oddjobd.c:1991:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(method->argv[0], task->argv);
data/oddjob-0.34.6/src/oddjobd.c:2146:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(t, fmt,
data/oddjob-0.34.6/src/oddjobd.c:2159:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, result);
data/oddjob-0.34.6/src/oddjobd.c:2161:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(t + strlen(t), fmt,
data/oddjob-0.34.6/src/oddjobd.c:2303:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(t, ODDJOB_INTROSPECTION_NODE, p);
data/oddjob-0.34.6/src/oddjobd.c:2308:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, nodelist);
data/oddjob-0.34.6/src/oddjobd.c:2309:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(t + strlen(t), ODDJOB_INTROSPECTION_NODE, p);
data/oddjob-0.34.6/src/oddjobd.c:2333:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(t, ODDJOB_INTROSPECTION_METHOD_START, method->name);
data/oddjob-0.34.6/src/oddjobd.c:2337:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, ODDJOB_INTROSPECTION_METHOD_ARGUMENT);
data/oddjob-0.34.6/src/oddjobd.c:2340:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, ODDJOB_INTROSPECTION_DBUS_METHOD_END);
data/oddjob-0.34.6/src/oddjobd.c:2342:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, ODDJOB_INTROSPECTION_ODDJOB_METHOD_END);
data/oddjob-0.34.6/src/oddjobd.c:2353:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, memberlist);
data/oddjob-0.34.6/src/oddjobd.c:2354:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(t + strlen(t), ODDJOB_INTROSPECTION_METHOD_START, method->name);
data/oddjob-0.34.6/src/oddjobd.c:2358:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, ODDJOB_INTROSPECTION_METHOD_ARGUMENT);
data/oddjob-0.34.6/src/oddjobd.c:2361:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, ODDJOB_INTROSPECTION_DBUS_METHOD_END);
data/oddjob-0.34.6/src/oddjobd.c:2363:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, ODDJOB_INTROSPECTION_ODDJOB_METHOD_END);
data/oddjob-0.34.6/src/oddjobd.c:2378:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(t, ODDJOB_INTROSPECTION_INTERFACE_START, interface->name);
data/oddjob-0.34.6/src/oddjobd.c:2379:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, memberlist);
data/oddjob-0.34.6/src/oddjobd.c:2380:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, ODDJOB_INTROSPECTION_INTERFACE_END);
data/oddjob-0.34.6/src/oddjobd.c:2390:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, interfacelist);
data/oddjob-0.34.6/src/oddjobd.c:2391:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(t + strlen(t), ODDJOB_INTROSPECTION_INTERFACE_START, interface->name);
data/oddjob-0.34.6/src/oddjobd.c:2392:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, memberlist);
data/oddjob-0.34.6/src/oddjobd.c:2393:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, ODDJOB_INTROSPECTION_INTERFACE_END);
data/oddjob-0.34.6/src/oddjobd.c:2416:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text, ODDJOB_INTROSPECTION_HEADER);
data/oddjob-0.34.6/src/oddjobd.c:2418:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, nodelist);
data/oddjob-0.34.6/src/oddjobd.c:2421:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, interfacelist);
data/oddjob-0.34.6/src/oddjobd.c:2423:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, ODDJOB_INTROSPECTION_FOOTER);
data/oddjob-0.34.6/src/oddjobd.c:2594:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, object->name);
data/oddjob-0.34.6/src/oddjobd.c:2957:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(usage, basename);
data/oddjob-0.34.6/src/oddjobd.c:2962:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(usage, basename);
data/oddjob-0.34.6/src/oddjobd.c:2968:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(usage, basename);
data/oddjob-0.34.6/src/selinux.c:131:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, newpath);
data/oddjob-0.34.6/src/util.c:111:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r, s);
data/oddjob-0.34.6/src/util.c:122:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
i = vsnprintf(buf, 1, s, va);
data/oddjob-0.34.6/src/util.c:126:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(r, i + 1, s, va);
data/oddjob-0.34.6/src/util.c:191:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, thisline);
data/oddjob-0.34.6/src/mkhomedir.c:315:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "nqs:u:")) != -1) {
data/oddjob-0.34.6/src/oddjob_request.c:64:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "i:o:s:SIt:")) != -1) {
data/oddjob-0.34.6/src/oddjobd.c:2937:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "dnp:c:St:")) != -1) {
data/oddjob-0.34.6/python/oddjobmodule.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[64 * 1024], errors[64 * 1024];
data/oddjob-0.34.6/src/buffer.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, buf->data, buf->spare + buf->used);
data/oddjob-0.34.6/src/buffer.c:96:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data + buf->spare - length, bytes, length);
data/oddjob-0.34.6/src/buffer.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data + buf->spare, bytes, length);
data/oddjob-0.34.6/src/mkhomedir.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[PATH_MAX + 1], newpath[PATH_MAX + 1];
data/oddjob-0.34.6/src/mkhomedir.c:70:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUFSIZ];
data/oddjob-0.34.6/src/mkhomedir.c:108:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sfd = open(source, O_RDONLY);
data/oddjob-0.34.6/src/mkhomedir.c:113:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfd = open(newpath, O_WRONLY | O_CREAT | O_EXCL,
data/oddjob-0.34.6/src/mkhomedir.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], *p, *end;
data/oddjob-0.34.6/src/mkhomedir.c:274:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/etc/login.defs", "r");
data/oddjob-0.34.6/src/oddjob_dbus.c:642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n_args[LINE_MAX];
data/oddjob-0.34.6/src/oddjob_dbus.c:1421:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*output, msg->args[0], i + 1);
data/oddjob-0.34.6/src/oddjob_dbus.c:1429:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*error, msg->args[1], i + 1);
data/oddjob-0.34.6/src/oddjobd.c:1470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[LINE_MAX];
data/oddjob-0.34.6/src/oddjobd.c:1525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_MAX];
data/oddjob-0.34.6/src/oddjobd.c:1620:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/oddjob-0.34.6/src/oddjobd.c:1651:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
null[n] = open("/dev/null", O_RDWR);
data/oddjob-0.34.6/src/oddjobd.c:3020:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfd = open(options.pidfile, O_CREAT | O_WRONLY | O_TRUNC,
data/oddjob-0.34.6/src/selinux.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1], tmp[PATH_MAX + 1];
data/oddjob-0.34.6/src/util.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *r, buf[1];
data/oddjob-0.34.6/src/util.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/oddjob-0.34.6/tests/cmdparse/cmdparse.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_MAX], **args;
data/oddjob-0.34.6/src/buffer.c:93:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen((const char *)bytes);
data/oddjob-0.34.6/src/buffer.c:112:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen((const char *)bytes);
data/oddjob-0.34.6/src/mkhomedir.c:74:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source + strlen(skel)) > (int) sizeof(newpath)) {
data/oddjob-0.34.6/src/mkhomedir.c:77:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwd->pw_dir, source + strlen(skel));
data/oddjob-0.34.6/src/mkhomedir.c:116:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((i = read(sfd, buf, sizeof(buf))) > 0) {
data/oddjob-0.34.6/src/mkhomedir.c:220:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(pwd->pw_dir) == 0) || (pwd->pw_dir[0] != '/')) {
data/oddjob-0.34.6/src/mkhomedir.c:271:16: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t mask = umask(0777);
data/oddjob-0.34.6/src/mkhomedir.c:312:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(override_umask);
data/oddjob-0.34.6/src/mkhomedir.c:352:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(override_umask);
data/oddjob-0.34.6/src/mkhomedir.c:354:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(args[i]) > 0) {
data/oddjob-0.34.6/src/oddjob_dbus.c:1372:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(err.name) + 2 + strlen(err.message) + 1;
data/oddjob-0.34.6/src/oddjob_dbus.c:1372:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(err.name) + 2 + strlen(err.message) + 1;
data/oddjob-0.34.6/src/oddjob_dbus.c:1380:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(err.name) + 2 + strlen(err.message) + 1;
data/oddjob-0.34.6/src/oddjob_dbus.c:1380:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(err.name) + 2 + strlen(err.message) + 1;
data/oddjob-0.34.6/src/oddjob_dbus.c:1418:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(msg->args[0]);
data/oddjob-0.34.6/src/oddjob_dbus.c:1426:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(msg->args[1]);
data/oddjob-0.34.6/src/oddjob_dbus.c:1435:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(err.name) + 2 + strlen(err.message) + 1;
data/oddjob-0.34.6/src/oddjob_dbus.c:1435:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(err.name) + 2 + strlen(err.message) + 1;
data/oddjob-0.34.6/src/oddjob_dbus.c:1443:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(err.name) + 2 + strlen(err.message) + 1;
data/oddjob-0.34.6/src/oddjob_dbus.c:1443:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(err.name) + 2 + strlen(err.message) + 1;
data/oddjob-0.34.6/src/oddjob_request.c:120:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
interface = malloc(strlen(method) + 1);
data/oddjob-0.34.6/src/oddjobd.c:1549:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(*fdp, buf, sizeof(buf));
data/oddjob-0.34.6/src/oddjobd.c:2020:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((i = (read(exec_status[0], &exec_errno, 1))) == -1) {
data/oddjob-0.34.6/src/oddjobd.c:2141:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = oddjob_malloc0(strlen(fmt) + 2 +
data/oddjob-0.34.6/src/oddjobd.c:2142:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(service->name) + 1 +
data/oddjob-0.34.6/src/oddjobd.c:2143:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(object->name) + 1 +
data/oddjob-0.34.6/src/oddjobd.c:2144:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(interface->name) + 1 +
data/oddjob-0.34.6/src/oddjobd.c:2145:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(method->name) + 1);
data/oddjob-0.34.6/src/oddjobd.c:2153:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = oddjob_malloc0(strlen(result) + 1 +
data/oddjob-0.34.6/src/oddjobd.c:2154:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fmt) + 2 +
data/oddjob-0.34.6/src/oddjobd.c:2155:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(service->name) + 1 +
data/oddjob-0.34.6/src/oddjobd.c:2156:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(object->name) + 1 +
data/oddjob-0.34.6/src/oddjobd.c:2157:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(interface->name) + 1 +
data/oddjob-0.34.6/src/oddjobd.c:2158:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(method->name) + 1);
data/oddjob-0.34.6/src/oddjobd.c:2160:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(t, ",");
data/oddjob-0.34.6/src/oddjobd.c:2161:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(t + strlen(t), fmt,
data/oddjob-0.34.6/src/oddjobd.c:2284:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(object->name);
data/oddjob-0.34.6/src/oddjobd.c:2287:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(service->objects[i].name);
data/oddjob-0.34.6/src/oddjobd.c:2299:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) == (strcspn(p, "/"))) {
data/oddjob-0.34.6/src/oddjobd.c:2302:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = oddjob_malloc0(strlen(ODDJOB_INTROSPECTION_NODE) + k + 1);
data/oddjob-0.34.6/src/oddjobd.c:2306:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = oddjob_malloc0(strlen(nodelist) +
data/oddjob-0.34.6/src/oddjobd.c:2307:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_NODE) + k + 1);
data/oddjob-0.34.6/src/oddjobd.c:2309:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(t + strlen(t), ODDJOB_INTROSPECTION_NODE, p);
data/oddjob-0.34.6/src/oddjobd.c:2328:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = oddjob_malloc0(strlen(ODDJOB_INTROSPECTION_METHOD_START) +
data/oddjob-0.34.6/src/oddjobd.c:2329:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(method->name) +
data/oddjob-0.34.6/src/oddjobd.c:2330:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_METHOD_ARGUMENT) * method->n_arguments +
data/oddjob-0.34.6/src/oddjobd.c:2331:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_ODDJOB_METHOD_END) +
data/oddjob-0.34.6/src/oddjobd.c:2347:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = oddjob_malloc0(strlen(memberlist) +
data/oddjob-0.34.6/src/oddjobd.c:2348:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_METHOD_START) +
data/oddjob-0.34.6/src/oddjobd.c:2349:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(method->name) +
data/oddjob-0.34.6/src/oddjobd.c:2350:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_METHOD_ARGUMENT) * method->n_arguments +
data/oddjob-0.34.6/src/oddjobd.c:2351:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_ODDJOB_METHOD_END) +
data/oddjob-0.34.6/src/oddjobd.c:2354:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(t + strlen(t), ODDJOB_INTROSPECTION_METHOD_START, method->name);
data/oddjob-0.34.6/src/oddjobd.c:2373:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = oddjob_malloc0(strlen(ODDJOB_INTROSPECTION_INTERFACE_START) +
data/oddjob-0.34.6/src/oddjobd.c:2374:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(interface->name) +
data/oddjob-0.34.6/src/oddjobd.c:2375:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(memberlist) +
data/oddjob-0.34.6/src/oddjobd.c:2376:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_INTERFACE_END) +
data/oddjob-0.34.6/src/oddjobd.c:2384:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = oddjob_malloc0(strlen(interfacelist) +
data/oddjob-0.34.6/src/oddjobd.c:2385:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_INTERFACE_START) +
data/oddjob-0.34.6/src/oddjobd.c:2386:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(interface->name) +
data/oddjob-0.34.6/src/oddjobd.c:2387:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(memberlist) +
data/oddjob-0.34.6/src/oddjobd.c:2388:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_INTERFACE_END) +
data/oddjob-0.34.6/src/oddjobd.c:2391:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(t + strlen(t), ODDJOB_INTROSPECTION_INTERFACE_START, interface->name);
data/oddjob-0.34.6/src/oddjobd.c:2411:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = oddjob_malloc0(strlen(ODDJOB_INTROSPECTION_HEADER) +
data/oddjob-0.34.6/src/oddjobd.c:2412:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(nodelist ? strlen(nodelist) : 0) +
data/oddjob-0.34.6/src/oddjobd.c:2413:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(interfacelist) +
data/oddjob-0.34.6/src/oddjobd.c:2414:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ODDJOB_INTROSPECTION_FOOTER) +
data/oddjob-0.34.6/src/oddjobd.c:2593:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = oddjob_malloc0(strlen(object->name) + 1);
data/oddjob-0.34.6/src/oddjobd.c:2595:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (q = p + strlen(p); q >= p; q--) {
data/oddjob-0.34.6/src/pam_oddjob_mkhomedir.c:89:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(user) > 0)) {
data/oddjob-0.34.6/src/selinux.c:130:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newpath) < sizeof(tmp)) {
data/oddjob-0.34.6/src/selinux.c:135:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(q, q + 1, strlen(q));
data/oddjob-0.34.6/src/selinux.c:140:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newpath) < sizeof(path)) {
data/oddjob-0.34.6/src/selinux.c:161:20: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
stored_umask = umask(~perms);
data/oddjob-0.34.6/src/selinux.c:163:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(stored_umask);
data/oddjob-0.34.6/src/util.c:110:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = oddjob_malloc0(strlen(s) + 1);
data/oddjob-0.34.6/src/util.c:187:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = thisline ? strlen(thisline) : 0;
data/oddjob-0.34.6/src/util.c:188:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen(buf);
data/oddjob-0.34.6/src/util.c:243:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffersize = strlen(cmdline) * 3;
data/oddjob-0.34.6/tests/cmdparse/cmdparse.c:15:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0) {
ANALYSIS SUMMARY:
Hits = 149
Lines analyzed = 7277 in approximately 0.23 seconds (31885 lines/second)
Physical Source Lines of Code (SLOC) = 5999
Hits@level = [0] 165 [1] 80 [2] 22 [3] 3 [4] 41 [5] 3
Hits@level+ = [0+] 314 [1+] 149 [2+] 69 [3+] 47 [4+] 44 [5+] 3
Hits/KSLOC@level+ = [0+] 52.3421 [1+] 24.8375 [2+] 11.5019 [3+] 7.83464 [4+] 7.33456 [5+] 0.500083
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.