Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/openntpd-6.2p3/compat/progname.c Examining data/openntpd-6.2p3/compat/adjfreq_linux.c Examining data/openntpd-6.2p3/compat/bsd-setresuid.c Examining data/openntpd-6.2p3/compat/strlcat.c Examining data/openntpd-6.2p3/compat/explicit_bzero.c Examining data/openntpd-6.2p3/compat/arc4random_linux.h Examining data/openntpd-6.2p3/compat/recallocarray.c Examining data/openntpd-6.2p3/compat/arc4random_netbsd.h Examining data/openntpd-6.2p3/compat/socket.c Examining data/openntpd-6.2p3/compat/closefrom.c Examining data/openntpd-6.2p3/compat/getentropy_solaris.c Examining data/openntpd-6.2p3/compat/chacha_private.h Examining data/openntpd-6.2p3/compat/imsg-buffer.c Examining data/openntpd-6.2p3/compat/daemon_solaris.c Examining data/openntpd-6.2p3/compat/bsd-setresgid.c Examining data/openntpd-6.2p3/compat/getentropy_linux.c Examining data/openntpd-6.2p3/compat/arc4random.c Examining data/openntpd-6.2p3/compat/strtonum.c Examining data/openntpd-6.2p3/compat/getentropy_netbsd.c Examining data/openntpd-6.2p3/compat/reallocarray.c Examining data/openntpd-6.2p3/compat/adjfreq_osx.c Examining data/openntpd-6.2p3/compat/arc4random_osx.h Examining data/openntpd-6.2p3/compat/adjfreq_freebsd.c Examining data/openntpd-6.2p3/compat/getentropy_freebsd.c Examining data/openntpd-6.2p3/compat/imsg.c Examining data/openntpd-6.2p3/compat/adjfreq_openbsd.c Examining data/openntpd-6.2p3/compat/adjfreq_netbsd.c Examining data/openntpd-6.2p3/compat/arc4random_solaris.h Examining data/openntpd-6.2p3/compat/arc4random_win.h Examining data/openntpd-6.2p3/compat/clock_getres.c Examining data/openntpd-6.2p3/compat/arc4random_uniform.c Examining data/openntpd-6.2p3/compat/setproctitle.c Examining data/openntpd-6.2p3/compat/freezero.c Examining data/openntpd-6.2p3/compat/clock_gettime_osx.c Examining data/openntpd-6.2p3/compat/md5.c Examining data/openntpd-6.2p3/compat/sha2.c Examining data/openntpd-6.2p3/compat/bsd-asprintf.c Examining data/openntpd-6.2p3/compat/adjfreq_solaris.c Examining data/openntpd-6.2p3/compat/getifaddrs_solaris.c Examining data/openntpd-6.2p3/compat/strlcpy.c Examining data/openntpd-6.2p3/compat/getentropy_osx.c Examining data/openntpd-6.2p3/compat/arc4random.h Examining data/openntpd-6.2p3/compat/arc4random_freebsd.h Examining data/openntpd-6.2p3/include/unistd.h Examining data/openntpd-6.2p3/include/sha2.h Examining data/openntpd-6.2p3/include/stdlib.h Examining data/openntpd-6.2p3/include/machine/endian.h Examining data/openntpd-6.2p3/include/tls.h Examining data/openntpd-6.2p3/include/time.h Examining data/openntpd-6.2p3/include/string.h Examining data/openntpd-6.2p3/include/stdio.h Examining data/openntpd-6.2p3/include/ifaddrs.h Examining data/openntpd-6.2p3/include/err.h Examining data/openntpd-6.2p3/include/sha2_openbsd.h Examining data/openntpd-6.2p3/include/imsg.h Examining data/openntpd-6.2p3/include/poll.h Examining data/openntpd-6.2p3/include/paths.h Examining data/openntpd-6.2p3/include/md5.h Examining data/openntpd-6.2p3/include/signal.h Examining data/openntpd-6.2p3/include/sys/wait.h Examining data/openntpd-6.2p3/include/sys/socket.h Examining data/openntpd-6.2p3/include/sys/time.h Examining data/openntpd-6.2p3/include/sys/queue.h Examining data/openntpd-6.2p3/include/sys/mman.h Examining data/openntpd-6.2p3/include/sys/types.h Examining data/openntpd-6.2p3/src/client.c Examining data/openntpd-6.2p3/src/log.c Examining data/openntpd-6.2p3/src/ntp_msg.c Examining data/openntpd-6.2p3/src/sensors.c Examining data/openntpd-6.2p3/src/constraint.c Examining data/openntpd-6.2p3/src/ntp.h Examining data/openntpd-6.2p3/src/util.c Examining data/openntpd-6.2p3/src/config.c Examining data/openntpd-6.2p3/src/fake-sensors.c Examining data/openntpd-6.2p3/src/server.c Examining data/openntpd-6.2p3/src/ntp.c Examining data/openntpd-6.2p3/src/ntpd.h Examining data/openntpd-6.2p3/src/constraint-disabled.c Examining data/openntpd-6.2p3/src/control.c Examining data/openntpd-6.2p3/src/ntpd.c Examining data/openntpd-6.2p3/src/ntp_dns.c Examining data/openntpd-6.2p3/src/parse.c FINAL RESULTS: data/openntpd-6.2p3/src/control.c:73:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP) == -1) { data/openntpd-6.2p3/compat/bsd-asprintf.c:54:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(string, INIT_SZ, fmt, ap2); data/openntpd-6.2p3/compat/bsd-asprintf.c:68:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(newstr, len, fmt, ap2); data/openntpd-6.2p3/compat/getentropy_linux.c:397:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. HF(printf); /* an addr in libc */ data/openntpd-6.2p3/compat/getentropy_osx.c:309:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. HF(printf); /* an addr in libc */ data/openntpd-6.2p3/compat/getentropy_solaris.c:316:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. HF(printf); /* an addr in libc */ data/openntpd-6.2p3/compat/getifaddrs_solaris.c:126:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(ifa->ifa_name = buf, lifrp->lifr_name); data/openntpd-6.2p3/compat/setproctitle.c:144:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. r = vsnprintf(buf + len, sizeof(buf) - len , fmt, ap); data/openntpd-6.2p3/include/err.h:31:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, args); data/openntpd-6.2p3/src/log.c:36:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/log.c:38:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/log.c:40:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/log.c:42:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/log.c:44:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 2, 3))); data/openntpd-6.2p3/src/log.c:46:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 2, 0))); data/openntpd-6.2p3/src/log.c:48:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/log.c:50:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/log.c:105:4: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/openntpd-6.2p3/src/log.c:108:4: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, nfmt, ap); data/openntpd-6.2p3/src/log.c:185:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void)vsnprintf(s, sizeof(s), emsg, ap); data/openntpd-6.2p3/src/ntpd.h:437:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/ntpd.h:439:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/ntpd.h:441:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/ntpd.h:443:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/ntpd.h:445:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 2, 3))); data/openntpd-6.2p3/src/ntpd.h:447:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 2, 0))); data/openntpd-6.2p3/src/ntpd.h:449:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/ntpd.h:451:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/openntpd-6.2p3/src/parse.c:96:32: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))) data/openntpd-6.2p3/src/parse.c:687:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/openntpd-6.2p3/src/util.c:194:3: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(argv[0], nargv); data/openntpd-6.2p3/src/constraint.c:348:6: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chroot(pw_dir) == -1) data/openntpd-6.2p3/src/ntp.c:124:6: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chroot(pw->pw_dir) == -1) data/openntpd-6.2p3/src/ntpd.c:168:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "df:np:P:sSv")) != -1) { data/openntpd-6.2p3/src/ntpd.c:626:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "s:")) != -1) { data/openntpd-6.2p3/compat/arc4random.c:154:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, keystream, m); data/openntpd-6.2p3/compat/arc4random.c:174:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, keystream, sizeof(*val)); data/openntpd-6.2p3/compat/chacha_private.h:51:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char sigma[16] = "expand 32-byte k"; data/openntpd-6.2p3/compat/chacha_private.h:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char tau[16] = "expand 16-byte k"; data/openntpd-6.2p3/compat/daemon_solaris.c:56:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { data/openntpd-6.2p3/compat/getentropy_linux.c:232:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/urandom", flags, 0); data/openntpd-6.2p3/compat/getentropy_linux.c:539:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)buf + i, results, min(sizeof(results), len - i)); data/openntpd-6.2p3/compat/getentropy_osx.c:178:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/urandom", flags, 0); data/openntpd-6.2p3/compat/getentropy_osx.c:429:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)buf + i, results, min(sizeof(results), len - i)); data/openntpd-6.2p3/compat/getentropy_solaris.c:184:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, flags, 0); data/openntpd-6.2p3/compat/getentropy_solaris.c:434:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)buf + i, results, min(sizeof(results), len - i)); data/openntpd-6.2p3/compat/getifaddrs_solaris.c:112:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(buf, addr, len); data/openntpd-6.2p3/compat/imsg-buffer.c:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->buf + buf->wpos, data, len); data/openntpd-6.2p3/compat/imsg-buffer.c:235:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(int))]; data/openntpd-6.2p3/compat/imsg.c:53:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(int) * 1)]; data/openntpd-6.2p3/compat/imsg.c:155:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(imsg->data, ibuf->r.rptr, datalen); data/openntpd-6.2p3/compat/md5.c:78:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer + have, input, need); data/openntpd-6.2p3/compat/md5.c:95:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer + have, input, len); data/openntpd-6.2p3/compat/md5.c:124:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx) data/openntpd-6.2p3/compat/recallocarray.c:71:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newptr, ptr, oldsize); data/openntpd-6.2p3/compat/recallocarray.c:74:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newptr, ptr, newsize); data/openntpd-6.2p3/compat/setproctitle.c:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/openntpd-6.2p3/compat/sha2.c:307:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st32, sha224_initial_hash_value, data/openntpd-6.2p3/compat/sha2.c:329:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH); data/openntpd-6.2p3/compat/sha2.c:339:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st32, sha256_initial_hash_value, data/openntpd-6.2p3/compat/sha2.c:519:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, freespace); data/openntpd-6.2p3/compat/sha2.c:526:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, len); data/openntpd-6.2p3/compat/sha2.c:542:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->buffer, data, len); data/openntpd-6.2p3/compat/sha2.c:604:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH); data/openntpd-6.2p3/compat/sha2.c:614:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st64, sha512_initial_hash_value, data/openntpd-6.2p3/compat/sha2.c:795:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, freespace); data/openntpd-6.2p3/compat/sha2.c:802:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, len); data/openntpd-6.2p3/compat/sha2.c:818:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->buffer, data, len); data/openntpd-6.2p3/compat/sha2.c:880:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH); data/openntpd-6.2p3/compat/sha2.c:891:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st64, sha384_initial_hash_value, data/openntpd-6.2p3/compat/sha2.c:913:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH); data/openntpd-6.2p3/compat/sha2.c:923:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st64, sha512_256_initial_hash_value, data/openntpd-6.2p3/compat/sha2.c:945:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st64, SHA512_256_DIGEST_LENGTH); data/openntpd-6.2p3/src/client.c:225:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NTP_MSGSIZE]; data/openntpd-6.2p3/src/client.c:228:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(tv))]; data/openntpd-6.2p3/src/client.c:298:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[16]; data/openntpd-6.2p3/src/client.c:389:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)&p->reply[p->shift].status.send_refid, digest, data/openntpd-6.2p3/src/config.c:173:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa_in6->sin6_addr, &((struct sockaddr_in6 *) data/openntpd-6.2p3/src/constraint.c:240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, &am.a, sizeof(*h)); data/openntpd-6.2p3/src/constraint.c:300:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(am, imsg.data, sizeof(*am)); data/openntpd-6.2p3/src/constraint.c:309:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, &am->a, sizeof(*h)); data/openntpd-6.2p3/src/constraint.c:317:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*data, dptr + sizeof(*am), mlen - sizeof(*am)); data/openntpd-6.2p3/src/constraint.c:327:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char addr[NI_MAXHOST]; data/openntpd-6.2p3/src/constraint.c:657:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tv, data, len); data/openntpd-6.2p3/src/constraint.c:689:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fail, data, len); data/openntpd-6.2p3/src/log.c:181:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[BUFSIZ]; data/openntpd-6.2p3/src/ntp.c:114:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((nullfd = open("/dev/null", O_RDWR, 0)) == -1) data/openntpd-6.2p3/src/ntp_dns.c:69:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((nullfd = open("/dev/null", O_RDWR, 0)) == -1) data/openntpd-6.2p3/src/ntp_msg.c:37:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, p, sizeof(*msg)); data/openntpd-6.2p3/src/ntpd.c:95:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(lconf->pid_file, "w"); data/openntpd-6.2p3/src/ntpd.c:529:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/openntpd-6.2p3/src/ntpd.c:560:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(DRIFTFILE, O_RDWR); data/openntpd-6.2p3/src/ntpd.c:566:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). freqfp = fopen(DRIFTFILE, "w"); data/openntpd-6.2p3/src/ntpd.c:839:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stratum[3]; data/openntpd-6.2p3/src/ntpd.h:273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer_desc[MAX_DISPLAY_WIDTH]; data/openntpd-6.2p3/src/ntpd.h:286:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sensor_desc[MAX_DISPLAY_WIDTH]; data/openntpd-6.2p3/src/parse.c:933:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/openntpd-6.2p3/src/parse.c:1120:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/openntpd-6.2p3/src/parse.c:1346:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&la->sa, &h->ss, data/openntpd-6.2p3/src/parse.c:1374:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&query_addr4, &sin4, sizeof(struct sockaddr_in)); data/openntpd-6.2p3/src/parse.c:1376:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&query_addr6, &sin6, sizeof(struct sockaddr_in6)); data/openntpd-6.2p3/src/parse.c:2270:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((nfile->stream = fopen(nfile->name, "r")) == NULL) { data/openntpd-6.2p3/src/sensors.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d[MAXDEVNAMLEN]; data/openntpd-6.2p3/src/sensors.c:166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dxname[MAXDEVNAMLEN]; data/openntpd-6.2p3/src/server.c:92:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&la->sa, sa, SA_LEN(sa)); data/openntpd-6.2p3/src/server.c:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NTP_MSGSIZE]; data/openntpd-6.2p3/src/util.c:137:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char b[11]; data/openntpd-6.2p3/src/util.c:149:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[NI_MAXHOST]; data/openntpd-6.2p3/compat/getentropy_linux.c:253:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t ret = read(fd, (char *)buf + i, wanted); data/openntpd-6.2p3/compat/getentropy_osx.c:195:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t ret = read(fd, (char *)buf + i, wanted); data/openntpd-6.2p3/compat/getentropy_solaris.c:202:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t ret = read(fd, (char *)buf + i, wanted); data/openntpd-6.2p3/compat/getifaddrs_solaris.c:95:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(lifrp->lifr_name) + 1; data/openntpd-6.2p3/compat/getifaddrs_solaris.c:127:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(lifrp->lifr_name) + 1; data/openntpd-6.2p3/compat/setproctitle.c:97:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lastargv = argv[i] + strlen(argv[i]); data/openntpd-6.2p3/compat/setproctitle.c:101:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lastargv = envp[i] + strlen(envp[i]); data/openntpd-6.2p3/compat/setproctitle.c:152:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstat(PSTAT_SETCMD, pst, strlen(buf), 0, 0); data/openntpd-6.2p3/compat/sha2.c:90:32: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN data/openntpd-6.2p3/compat/strlcat.c:44:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(dlen + strlen(src)); data/openntpd-6.2p3/src/constraint.c:196:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). am.namelen = strlen(cstr->addr_head.name) + 1; data/openntpd-6.2p3/src/constraint.c:201:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). am.pathlen = strlen(cstr->addr_head.path) + 1; data/openntpd-6.2p3/src/constraint.c:936:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(httpsdate->tls_request); data/openntpd-6.2p3/src/control.c:64:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH|S_IXOTH); data/openntpd-6.2p3/src/control.c:68:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/openntpd-6.2p3/src/control.c:71:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/openntpd-6.2p3/src/ntp.c:737:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen = strlen(name) + 1; data/openntpd-6.2p3/src/ntp_dns.c:161:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name) != len) data/openntpd-6.2p3/src/ntpd.c:776:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(cmd, *list, strlen(cmd))) { data/openntpd-6.2p3/src/ntpd.c:856:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cpeer->peer_desc) > MAX_DISPLAY_WIDTH - 1) data/openntpd-6.2p3/src/ntpd.c:906:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(csensor->sensor_desc) > MAX_DISPLAY_WIDTH - 1) data/openntpd-6.2p3/src/parse.c:833:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/openntpd-6.2p3/src/parse.c:1597:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("https://")) != 0) { data/openntpd-6.2p3/src/parse.c:1601:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hname = (yyvsp[0].v.string) + strlen("https://"); data/openntpd-6.2p3/src/parse.c:1690:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l = strlen((yyvsp[0].v.string)); data/openntpd-6.2p3/src/parse.c:2067:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = getc(file->stream)) == EOF) { data/openntpd-6.2p3/src/parse.c:2077:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(file->stream)) == '\\') { data/openntpd-6.2p3/src/parse.c:2078:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). next = getc(file->stream); data/openntpd-6.2p3/src/parse.c:2090:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(file->stream); data/openntpd-6.2p3/src/sensors.c:145:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)&s->refid, cs->refstr, sizeof(s->refid)); ANALYSIS SUMMARY: Hits = 138 Lines analyzed = 15684 in approximately 0.42 seconds (36941 lines/second) Physical Source Lines of Code (SLOC) = 11121 Hits@level = [0] 42 [1] 30 [2] 73 [3] 4 [4] 30 [5] 1 Hits@level+ = [0+] 180 [1+] 138 [2+] 108 [3+] 35 [4+] 31 [5+] 1 Hits/KSLOC@level+ = [0+] 16.1856 [1+] 12.409 [2+] 9.71136 [3+] 3.1472 [4+] 2.78752 [5+] 0.08992 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.