Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openntpd-6.2p3/compat/progname.c
Examining data/openntpd-6.2p3/compat/adjfreq_linux.c
Examining data/openntpd-6.2p3/compat/bsd-setresuid.c
Examining data/openntpd-6.2p3/compat/strlcat.c
Examining data/openntpd-6.2p3/compat/explicit_bzero.c
Examining data/openntpd-6.2p3/compat/arc4random_linux.h
Examining data/openntpd-6.2p3/compat/recallocarray.c
Examining data/openntpd-6.2p3/compat/arc4random_netbsd.h
Examining data/openntpd-6.2p3/compat/socket.c
Examining data/openntpd-6.2p3/compat/closefrom.c
Examining data/openntpd-6.2p3/compat/getentropy_solaris.c
Examining data/openntpd-6.2p3/compat/chacha_private.h
Examining data/openntpd-6.2p3/compat/imsg-buffer.c
Examining data/openntpd-6.2p3/compat/daemon_solaris.c
Examining data/openntpd-6.2p3/compat/bsd-setresgid.c
Examining data/openntpd-6.2p3/compat/getentropy_linux.c
Examining data/openntpd-6.2p3/compat/arc4random.c
Examining data/openntpd-6.2p3/compat/strtonum.c
Examining data/openntpd-6.2p3/compat/getentropy_netbsd.c
Examining data/openntpd-6.2p3/compat/reallocarray.c
Examining data/openntpd-6.2p3/compat/adjfreq_osx.c
Examining data/openntpd-6.2p3/compat/arc4random_osx.h
Examining data/openntpd-6.2p3/compat/adjfreq_freebsd.c
Examining data/openntpd-6.2p3/compat/getentropy_freebsd.c
Examining data/openntpd-6.2p3/compat/imsg.c
Examining data/openntpd-6.2p3/compat/adjfreq_openbsd.c
Examining data/openntpd-6.2p3/compat/adjfreq_netbsd.c
Examining data/openntpd-6.2p3/compat/arc4random_solaris.h
Examining data/openntpd-6.2p3/compat/arc4random_win.h
Examining data/openntpd-6.2p3/compat/clock_getres.c
Examining data/openntpd-6.2p3/compat/arc4random_uniform.c
Examining data/openntpd-6.2p3/compat/setproctitle.c
Examining data/openntpd-6.2p3/compat/freezero.c
Examining data/openntpd-6.2p3/compat/clock_gettime_osx.c
Examining data/openntpd-6.2p3/compat/md5.c
Examining data/openntpd-6.2p3/compat/sha2.c
Examining data/openntpd-6.2p3/compat/bsd-asprintf.c
Examining data/openntpd-6.2p3/compat/adjfreq_solaris.c
Examining data/openntpd-6.2p3/compat/getifaddrs_solaris.c
Examining data/openntpd-6.2p3/compat/strlcpy.c
Examining data/openntpd-6.2p3/compat/getentropy_osx.c
Examining data/openntpd-6.2p3/compat/arc4random.h
Examining data/openntpd-6.2p3/compat/arc4random_freebsd.h
Examining data/openntpd-6.2p3/include/unistd.h
Examining data/openntpd-6.2p3/include/sha2.h
Examining data/openntpd-6.2p3/include/stdlib.h
Examining data/openntpd-6.2p3/include/machine/endian.h
Examining data/openntpd-6.2p3/include/tls.h
Examining data/openntpd-6.2p3/include/time.h
Examining data/openntpd-6.2p3/include/string.h
Examining data/openntpd-6.2p3/include/stdio.h
Examining data/openntpd-6.2p3/include/ifaddrs.h
Examining data/openntpd-6.2p3/include/err.h
Examining data/openntpd-6.2p3/include/sha2_openbsd.h
Examining data/openntpd-6.2p3/include/imsg.h
Examining data/openntpd-6.2p3/include/poll.h
Examining data/openntpd-6.2p3/include/paths.h
Examining data/openntpd-6.2p3/include/md5.h
Examining data/openntpd-6.2p3/include/signal.h
Examining data/openntpd-6.2p3/include/sys/wait.h
Examining data/openntpd-6.2p3/include/sys/socket.h
Examining data/openntpd-6.2p3/include/sys/time.h
Examining data/openntpd-6.2p3/include/sys/queue.h
Examining data/openntpd-6.2p3/include/sys/mman.h
Examining data/openntpd-6.2p3/include/sys/types.h
Examining data/openntpd-6.2p3/src/client.c
Examining data/openntpd-6.2p3/src/log.c
Examining data/openntpd-6.2p3/src/ntp_msg.c
Examining data/openntpd-6.2p3/src/sensors.c
Examining data/openntpd-6.2p3/src/constraint.c
Examining data/openntpd-6.2p3/src/ntp.h
Examining data/openntpd-6.2p3/src/util.c
Examining data/openntpd-6.2p3/src/config.c
Examining data/openntpd-6.2p3/src/fake-sensors.c
Examining data/openntpd-6.2p3/src/server.c
Examining data/openntpd-6.2p3/src/ntp.c
Examining data/openntpd-6.2p3/src/ntpd.h
Examining data/openntpd-6.2p3/src/constraint-disabled.c
Examining data/openntpd-6.2p3/src/control.c
Examining data/openntpd-6.2p3/src/ntpd.c
Examining data/openntpd-6.2p3/src/ntp_dns.c
Examining data/openntpd-6.2p3/src/parse.c
FINAL RESULTS:
data/openntpd-6.2p3/src/control.c:73:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(path, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP) == -1) {
data/openntpd-6.2p3/compat/bsd-asprintf.c:54:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
data/openntpd-6.2p3/compat/bsd-asprintf.c:68:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(newstr, len, fmt, ap2);
data/openntpd-6.2p3/compat/getentropy_linux.c:397:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
HF(printf); /* an addr in libc */
data/openntpd-6.2p3/compat/getentropy_osx.c:309:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
HF(printf); /* an addr in libc */
data/openntpd-6.2p3/compat/getentropy_solaris.c:316:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
HF(printf); /* an addr in libc */
data/openntpd-6.2p3/compat/getifaddrs_solaris.c:126:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(ifa->ifa_name = buf, lifrp->lifr_name);
data/openntpd-6.2p3/compat/setproctitle.c:144:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
r = vsnprintf(buf + len, sizeof(buf) - len , fmt, ap);
data/openntpd-6.2p3/include/err.h:31:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/openntpd-6.2p3/src/log.c:36:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/log.c:38:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/log.c:40:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/log.c:42:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/log.c:44:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)));
data/openntpd-6.2p3/src/log.c:46:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 0)));
data/openntpd-6.2p3/src/log.c:48:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/log.c:50:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/log.c:105:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/openntpd-6.2p3/src/log.c:108:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, nfmt, ap);
data/openntpd-6.2p3/src/log.c:185:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)vsnprintf(s, sizeof(s), emsg, ap);
data/openntpd-6.2p3/src/ntpd.h:437:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/ntpd.h:439:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/ntpd.h:441:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/ntpd.h:443:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/ntpd.h:445:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 3)));
data/openntpd-6.2p3/src/ntpd.h:447:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 2, 0)));
data/openntpd-6.2p3/src/ntpd.h:449:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/ntpd.h:451:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)));
data/openntpd-6.2p3/src/parse.c:96:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__ (printf, 1, 2)))
data/openntpd-6.2p3/src/parse.c:687:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/openntpd-6.2p3/src/util.c:194:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], nargv);
data/openntpd-6.2p3/src/constraint.c:348:6: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(pw_dir) == -1)
data/openntpd-6.2p3/src/ntp.c:124:6: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(pw->pw_dir) == -1)
data/openntpd-6.2p3/src/ntpd.c:168:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "df:np:P:sSv")) != -1) {
data/openntpd-6.2p3/src/ntpd.c:626:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "s:")) != -1) {
data/openntpd-6.2p3/compat/arc4random.c:154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, keystream, m);
data/openntpd-6.2p3/compat/arc4random.c:174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, keystream, sizeof(*val));
data/openntpd-6.2p3/compat/chacha_private.h:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char sigma[16] = "expand 32-byte k";
data/openntpd-6.2p3/compat/chacha_private.h:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tau[16] = "expand 16-byte k";
data/openntpd-6.2p3/compat/daemon_solaris.c:56:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
data/openntpd-6.2p3/compat/getentropy_linux.c:232:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", flags, 0);
data/openntpd-6.2p3/compat/getentropy_linux.c:539:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)buf + i, results, min(sizeof(results), len - i));
data/openntpd-6.2p3/compat/getentropy_osx.c:178:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", flags, 0);
data/openntpd-6.2p3/compat/getentropy_osx.c:429:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)buf + i, results, min(sizeof(results), len - i));
data/openntpd-6.2p3/compat/getentropy_solaris.c:184:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, flags, 0);
data/openntpd-6.2p3/compat/getentropy_solaris.c:434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)buf + i, results, min(sizeof(results), len - i));
data/openntpd-6.2p3/compat/getifaddrs_solaris.c:112:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(buf, addr, len);
data/openntpd-6.2p3/compat/imsg-buffer.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->buf + buf->wpos, data, len);
data/openntpd-6.2p3/compat/imsg-buffer.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMSG_SPACE(sizeof(int))];
data/openntpd-6.2p3/compat/imsg.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMSG_SPACE(sizeof(int) * 1)];
data/openntpd-6.2p3/compat/imsg.c:155:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(imsg->data, ibuf->r.rptr, datalen);
data/openntpd-6.2p3/compat/md5.c:78:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + have, input, need);
data/openntpd-6.2p3/compat/md5.c:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + have, input, len);
data/openntpd-6.2p3/compat/md5.c:124:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
data/openntpd-6.2p3/compat/recallocarray.c:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newptr, ptr, oldsize);
data/openntpd-6.2p3/compat/recallocarray.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newptr, ptr, newsize);
data/openntpd-6.2p3/compat/setproctitle.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openntpd-6.2p3/compat/sha2.c:307:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st32, sha224_initial_hash_value,
data/openntpd-6.2p3/compat/sha2.c:329:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH);
data/openntpd-6.2p3/compat/sha2.c:339:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st32, sha256_initial_hash_value,
data/openntpd-6.2p3/compat/sha2.c:519:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, freespace);
data/openntpd-6.2p3/compat/sha2.c:526:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, len);
data/openntpd-6.2p3/compat/sha2.c:542:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->buffer, data, len);
data/openntpd-6.2p3/compat/sha2.c:604:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
data/openntpd-6.2p3/compat/sha2.c:614:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st64, sha512_initial_hash_value,
data/openntpd-6.2p3/compat/sha2.c:795:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, freespace);
data/openntpd-6.2p3/compat/sha2.c:802:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[usedspace], data, len);
data/openntpd-6.2p3/compat/sha2.c:818:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->buffer, data, len);
data/openntpd-6.2p3/compat/sha2.c:880:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
data/openntpd-6.2p3/compat/sha2.c:891:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st64, sha384_initial_hash_value,
data/openntpd-6.2p3/compat/sha2.c:913:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
data/openntpd-6.2p3/compat/sha2.c:923:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->state.st64, sha512_256_initial_hash_value,
data/openntpd-6.2p3/compat/sha2.c:945:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, context->state.st64, SHA512_256_DIGEST_LENGTH);
data/openntpd-6.2p3/src/client.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NTP_MSGSIZE];
data/openntpd-6.2p3/src/client.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMSG_SPACE(sizeof(tv))];
data/openntpd-6.2p3/src/client.c:298:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/openntpd-6.2p3/src/client.c:389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&p->reply[p->shift].status.send_refid, digest,
data/openntpd-6.2p3/src/config.c:173:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sa_in6->sin6_addr, &((struct sockaddr_in6 *)
data/openntpd-6.2p3/src/constraint.c:240:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h, &am.a, sizeof(*h));
data/openntpd-6.2p3/src/constraint.c:300:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(am, imsg.data, sizeof(*am));
data/openntpd-6.2p3/src/constraint.c:309:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h, &am->a, sizeof(*h));
data/openntpd-6.2p3/src/constraint.c:317:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*data, dptr + sizeof(*am), mlen - sizeof(*am));
data/openntpd-6.2p3/src/constraint.c:327:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char addr[NI_MAXHOST];
data/openntpd-6.2p3/src/constraint.c:657:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tv, data, len);
data/openntpd-6.2p3/src/constraint.c:689:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fail, data, len);
data/openntpd-6.2p3/src/log.c:181:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[BUFSIZ];
data/openntpd-6.2p3/src/ntp.c:114:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((nullfd = open("/dev/null", O_RDWR, 0)) == -1)
data/openntpd-6.2p3/src/ntp_dns.c:69:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((nullfd = open("/dev/null", O_RDWR, 0)) == -1)
data/openntpd-6.2p3/src/ntp_msg.c:37:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, p, sizeof(*msg));
data/openntpd-6.2p3/src/ntpd.c:95:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(lconf->pid_file, "w");
data/openntpd-6.2p3/src/ntpd.c:529:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/openntpd-6.2p3/src/ntpd.c:560:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(DRIFTFILE, O_RDWR);
data/openntpd-6.2p3/src/ntpd.c:566:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
freqfp = fopen(DRIFTFILE, "w");
data/openntpd-6.2p3/src/ntpd.c:839:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stratum[3];
data/openntpd-6.2p3/src/ntpd.h:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer_desc[MAX_DISPLAY_WIDTH];
data/openntpd-6.2p3/src/ntpd.h:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensor_desc[MAX_DISPLAY_WIDTH];
data/openntpd-6.2p3/src/parse.c:933:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/openntpd-6.2p3/src/parse.c:1120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/openntpd-6.2p3/src/parse.c:1346:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&la->sa, &h->ss,
data/openntpd-6.2p3/src/parse.c:1374:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&query_addr4, &sin4, sizeof(struct sockaddr_in));
data/openntpd-6.2p3/src/parse.c:1376:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&query_addr6, &sin6, sizeof(struct sockaddr_in6));
data/openntpd-6.2p3/src/parse.c:2270:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((nfile->stream = fopen(nfile->name, "r")) == NULL) {
data/openntpd-6.2p3/src/sensors.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[MAXDEVNAMLEN];
data/openntpd-6.2p3/src/sensors.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxname[MAXDEVNAMLEN];
data/openntpd-6.2p3/src/server.c:92:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&la->sa, sa, SA_LEN(sa));
data/openntpd-6.2p3/src/server.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NTP_MSGSIZE];
data/openntpd-6.2p3/src/util.c:137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b[11];
data/openntpd-6.2p3/src/util.c:149:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NI_MAXHOST];
data/openntpd-6.2p3/compat/getentropy_linux.c:253:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(fd, (char *)buf + i, wanted);
data/openntpd-6.2p3/compat/getentropy_osx.c:195:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(fd, (char *)buf + i, wanted);
data/openntpd-6.2p3/compat/getentropy_solaris.c:202:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(fd, (char *)buf + i, wanted);
data/openntpd-6.2p3/compat/getifaddrs_solaris.c:95:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(lifrp->lifr_name) + 1;
data/openntpd-6.2p3/compat/getifaddrs_solaris.c:127:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(lifrp->lifr_name) + 1;
data/openntpd-6.2p3/compat/setproctitle.c:97:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastargv = argv[i] + strlen(argv[i]);
data/openntpd-6.2p3/compat/setproctitle.c:101:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastargv = envp[i] + strlen(envp[i]);
data/openntpd-6.2p3/compat/setproctitle.c:152:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstat(PSTAT_SETCMD, pst, strlen(buf), 0, 0);
data/openntpd-6.2p3/compat/sha2.c:90:32: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
data/openntpd-6.2p3/compat/strlcat.c:44:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(dlen + strlen(src));
data/openntpd-6.2p3/src/constraint.c:196:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
am.namelen = strlen(cstr->addr_head.name) + 1;
data/openntpd-6.2p3/src/constraint.c:201:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
am.pathlen = strlen(cstr->addr_head.path) + 1;
data/openntpd-6.2p3/src/constraint.c:936:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(httpsdate->tls_request);
data/openntpd-6.2p3/src/control.c:64:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH|S_IXOTH);
data/openntpd-6.2p3/src/control.c:68:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/openntpd-6.2p3/src/control.c:71:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/openntpd-6.2p3/src/ntp.c:737:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(name) + 1;
data/openntpd-6.2p3/src/ntp_dns.c:161:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name) != len)
data/openntpd-6.2p3/src/ntpd.c:776:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(cmd, *list, strlen(cmd))) {
data/openntpd-6.2p3/src/ntpd.c:856:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cpeer->peer_desc) > MAX_DISPLAY_WIDTH - 1)
data/openntpd-6.2p3/src/ntpd.c:906:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(csensor->sensor_desc) > MAX_DISPLAY_WIDTH - 1)
data/openntpd-6.2p3/src/parse.c:833:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/openntpd-6.2p3/src/parse.c:1597:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("https://")) != 0) {
data/openntpd-6.2p3/src/parse.c:1601:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hname = (yyvsp[0].v.string) + strlen("https://");
data/openntpd-6.2p3/src/parse.c:1690:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen((yyvsp[0].v.string));
data/openntpd-6.2p3/src/parse.c:2067:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(file->stream)) == EOF) {
data/openntpd-6.2p3/src/parse.c:2077:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(file->stream)) == '\\') {
data/openntpd-6.2p3/src/parse.c:2078:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
next = getc(file->stream);
data/openntpd-6.2p3/src/parse.c:2090:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(file->stream);
data/openntpd-6.2p3/src/sensors.c:145:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)&s->refid, cs->refstr, sizeof(s->refid));
ANALYSIS SUMMARY:
Hits = 138
Lines analyzed = 15684 in approximately 0.42 seconds (36941 lines/second)
Physical Source Lines of Code (SLOC) = 11121
Hits@level = [0] 42 [1] 30 [2] 73 [3] 4 [4] 30 [5] 1
Hits@level+ = [0+] 180 [1+] 138 [2+] 108 [3+] 35 [4+] 31 [5+] 1
Hits/KSLOC@level+ = [0+] 16.1856 [1+] 12.409 [2+] 9.71136 [3+] 3.1472 [4+] 2.78752 [5+] 0.08992
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.