Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/otpw-1.5/demologin.c
Examining data/otpw-1.5/md.c
Examining data/otpw-1.5/md.h
Examining data/otpw-1.5/otpw-gen.c
Examining data/otpw-1.5/otpw-l.c
Examining data/otpw-1.5/otpw.h
Examining data/otpw-1.5/pam_otpw.c
Examining data/otpw-1.5/rmd160.c
Examining data/otpw-1.5/rmd160.h
Examining data/otpw-1.5/otpw.c
FINAL RESULTS:
data/otpw-1.5/otpw.c:421:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
i = readlink(ch->lockfilename, lock, sizeof(lock)-1);
data/otpw-1.5/demologin.c:132:25: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (!user || strcmp(crypt(password, user->pwd.pw_passwd),
data/otpw-1.5/otpw-gen.c:279:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(command, "r");
data/otpw-1.5/otpw-gen.c:758:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnout, pseudouser->pwd.pw_dir);
data/otpw-1.5/otpw-gen.c:760:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fnout, user->pwd.pw_name);
data/otpw-1.5/otpw-gen.c:766:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnout, user->pwd.pw_dir);
data/otpw-1.5/otpw-gen.c:768:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fnout, otpw_file);
data/otpw-1.5/otpw-gen.c:966:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(header, sizeof(header), regenerate ?
data/otpw-1.5/otpw-gen.c:995:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(normal_masterkey, masterkey);
data/otpw-1.5/otpw-gen.c:1044:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NL);
data/otpw-1.5/otpw-gen.c:1047:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NL NL "%*s", (cols*(challen + 1 + pwlen + 2) - 2)/2 + 50/2,
data/otpw-1.5/otpw-gen.c:1051:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(FF);
data/otpw-1.5/otpw-gen.c:1053:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NL);
data/otpw-1.5/otpw-gen.c:1076:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fntmp, fnout);
data/otpw-1.5/otpw-gen.c:1077:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fntmp, tmpsuffix);
data/otpw-1.5/otpw-gen.c:1120:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fntmp, fnout);
data/otpw-1.5/otpw-gen.c:1121:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fntmp, otpw_locksuffix);
data/otpw-1.5/otpw.c:24:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(stderr, __VA_ARGS__); fputc('\n', stderr); }
data/otpw-1.5/otpw.c:278:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ch->filename, otpw_pseudouser->pwd.pw_dir);
data/otpw-1.5/otpw.c:280:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ch->filename, user->pw_name);
data/otpw-1.5/otpw.c:289:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ch->filename, user->pw_dir);
data/otpw-1.5/otpw.c:291:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ch->filename, otpw_file);
data/otpw-1.5/otpw.c:302:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ch->lockfilename, ch->filename);
data/otpw-1.5/otpw.c:303:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ch->lockfilename, otpw_locksuffix);
data/otpw-1.5/otpw.c:457:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ch->challenge + strlen(ch->challenge), "%s%.*s",
data/otpw-1.5/pam_otpw.c:177:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, sizeof(message), format, args);
data/otpw-1.5/demologin.c:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[81] = "", password[81];
data/otpw-1.5/md.c:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(md->buf + remaining, src, chunk);
data/otpw-1.5/md.c:69:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(md->buf, src, len);
data/otpw-1.5/md.c:89:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[MD_LEN];
data/otpw-1.5/md.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pattern[8] = {
data/otpw-1.5/md.c:104:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md_result[9][MD_LEN] = {
data/otpw-1.5/md.c:126:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md_result[9][MD_LEN] = {
data/otpw-1.5/md.h:20:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[MD_LEN]; /* internal status of hash function */
data/otpw-1.5/md.h:21:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MD_BUFLEN]; /* buffer for stream-like interface */
data/otpw-1.5/otpw-gen.c:59:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[2048][4] = {
data/otpw-1.5/otpw-gen.c:275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/otpw-1.5/otpw-gen.c:362:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[MD_LEN];
data/otpw-1.5/otpw-gen.c:568:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + i * 5, word[k], 4);
data/otpw-1.5/otpw-gen.c:585:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[MD_LEN], h[MD_LEN];
data/otpw-1.5/otpw-gen.c:590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[81], hostname[81], challenge[81];
data/otpw-1.5/otpw-gen.c:591:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password1[1024], password2[1024];
data/otpw-1.5/otpw-gen.c:595:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[LINE_MAX];
data/otpw-1.5/otpw-gen.c:624:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi(argv[i]);
data/otpw-1.5/otpw-gen.c:629:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(argv[i]);
data/otpw-1.5/otpw-gen.c:634:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pages = atoi(argv[i]);
data/otpw-1.5/otpw-gen.c:642:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (++i >= argc || (entropy = atoi(argv[i])) < 1)
data/otpw-1.5/otpw-gen.c:647:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (++i >= argc || (key_entropy = atoi(argv[i])) < 1)
data/otpw-1.5/otpw-gen.c:661:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(argv[i]);
data/otpw-1.5/otpw-gen.c:669:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key_type = atoi(argv[i]);
data/otpw-1.5/otpw-gen.c:905:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fnout, "r");
data/otpw-1.5/otpw-gen.c:963:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostname, "???");
data/otpw-1.5/otpw-gen.c:1039:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hbuf + k * hbuflen, "%0*d", challen, k);
data/otpw-1.5/otpw-gen.c:1078:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fntmp, "w");
data/otpw-1.5/otpw-gen.c:1101:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hbuf + i*hbuflen, hbuf + k*hbuflen, hbuflen);
data/otpw-1.5/otpw.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbs[MD_LEN];
data/otpw-1.5/otpw.c:155:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
devrandom = open("/dev/urandom", O_RDONLY);
data/otpw-1.5/otpw.c:237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/otpw-1.5/otpw.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock[81];
data/otpw-1.5/otpw.c:239:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[MD_LEN];
data/otpw-1.5/otpw.c:314:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(ch->filename, "r"))) {
data/otpw-1.5/otpw.c:357:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hbuf + i*hbuflen, line, hbuflen);
data/otpw-1.5/otpw.c:500:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/otpw-1.5/otpw.c:501:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[MD_LEN];
data/otpw-1.5/otpw.c:603:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(ch->filename, "r+"))) {
data/otpw-1.5/otpw.h:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char challenge[81]; /* print this string before "Password:" */
data/otpw-1.5/otpw.h:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0]; /* actual size is buflen if allocated by otpw_malloc_pwdbuf() */
data/otpw-1.5/pam_otpw.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logname[80];
data/otpw-1.5/pam_otpw.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[81];
data/otpw-1.5/pam_otpw.c:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/otpw-1.5/demologin.c:51:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(username, argv[i], sizeof(username));
data/otpw-1.5/demologin.c:62:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
username[strlen(username) - 1] = 0;
data/otpw-1.5/demologin.c:66:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
use_otpw = username[strlen(username) - 1] == '/';
data/otpw-1.5/demologin.c:69:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
username[strlen(username) - 1] = 0;
data/otpw-1.5/demologin.c:107:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
password[strlen(password) - 1] = 0;
data/otpw-1.5/md.c:162:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md_add(&md, pattern[i/2], strlen(pattern[i/2]));
data/otpw-1.5/otpw-gen.c:577:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert((int) strlen(buf) == pwlen);
data/otpw-1.5/otpw-gen.c:652:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]+j) == 2 &&
data/otpw-1.5/otpw-gen.c:755:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnout = (char *) malloc(strlen(pseudouser->pwd.pw_dir) + 1 +
data/otpw-1.5/otpw-gen.c:756:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(user->pwd.pw_name) + 1);
data/otpw-1.5/otpw-gen.c:759:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fnout, "/");
data/otpw-1.5/otpw-gen.c:763:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnout = (char *) malloc(strlen(user->pwd.pw_dir) + 1 +
data/otpw-1.5/otpw-gen.c:764:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(otpw_file) + 1);
data/otpw-1.5/otpw-gen.c:767:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fnout, "/");
data/otpw-1.5/otpw-gen.c:935:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
password1[strlen(password1)-1] = 0; /* remove last character = LF */
data/otpw-1.5/otpw-gen.c:939:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md_add(&md, normal_masterkey, strlen(normal_masterkey));
data/otpw-1.5/otpw-gen.c:951:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
password1[strlen(password1)-1] = 0; /* remove last character = LF */
data/otpw-1.5/otpw-gen.c:998:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md_add(&md, normal_masterkey, strlen(normal_masterkey));
data/otpw-1.5/otpw-gen.c:1018:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md_add(&md, normal_masterkey, strlen(normal_masterkey));
data/otpw-1.5/otpw-gen.c:1019:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md_add(&md, challenge, strlen(challenge));
data/otpw-1.5/otpw-gen.c:1035:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md_add(&md, password1, strlen(password1));
data/otpw-1.5/otpw-gen.c:1074:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fntmp = (char *) malloc(strlen(fnout)+strlen(tmpsuffix)+1);
data/otpw-1.5/otpw-gen.c:1074:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fntmp = (char *) malloc(strlen(fnout)+strlen(tmpsuffix)+1);
data/otpw-1.5/otpw-gen.c:1118:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fntmp = (char *) malloc(strlen(fnout)+strlen(otpw_locksuffix)+1);
data/otpw-1.5/otpw-gen.c:1118:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fntmp = (char *) malloc(strlen(fnout)+strlen(otpw_locksuffix)+1);
data/otpw-1.5/otpw.c:157:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(devrandom, rbs, sizeof(rbs));
data/otpw-1.5/otpw.c:272:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch->filename = (char *) malloc(strlen(otpw_pseudouser->pwd.pw_dir) + 1 +
data/otpw-1.5/otpw.c:273:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(user->pw_name) + 1);
data/otpw-1.5/otpw.c:279:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ch->filename, "/");
data/otpw-1.5/otpw.c:284:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch->filename = (char *) malloc(strlen(user->pw_dir)+1+strlen(otpw_file)+1);
data/otpw-1.5/otpw.c:284:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch->filename = (char *) malloc(strlen(user->pw_dir)+1+strlen(otpw_file)+1);
data/otpw-1.5/otpw.c:290:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ch->filename, "/");
data/otpw-1.5/otpw.c:296:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch->lockfilename = (char *) malloc(strlen(ch->filename) +
data/otpw-1.5/otpw.c:297:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(otpw_locksuffix) + 1);
data/otpw-1.5/otpw.c:353:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(line) != hbuflen + 1) {
data/otpw-1.5/otpw.c:368:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ch->challenge, hbuf + j*hbuflen, ch->challen);
data/otpw-1.5/otpw.c:376:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ch->hash[0], hbuf + j*hbuflen + ch->challen, ch->hlen);
data/otpw-1.5/otpw.c:424:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(lock) != ch->challen) {
data/otpw-1.5/otpw.c:442:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ch->challenge) < sizeof(ch->challenge) - ch->challen - 2) {
data/otpw-1.5/otpw.c:457:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(ch->challenge + strlen(ch->challenge), "%s%.*s",
data/otpw-1.5/otpw.c:466:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ch->hash[ch->passwords], hbuf + j*hbuflen + ch->challen, ch->hlen);
data/otpw-1.5/otpw.c:535:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(password) - 1;
ANALYSIS SUMMARY:
Hits = 112
Lines analyzed = 3077 in approximately 0.19 seconds (16393 lines/second)
Physical Source Lines of Code (SLOC) = 2333
Hits@level = [0] 68 [1] 42 [2] 44 [3] 0 [4] 25 [5] 1
Hits@level+ = [0+] 180 [1+] 112 [2+] 70 [3+] 26 [4+] 26 [5+] 1
Hits/KSLOC@level+ = [0+] 77.1539 [1+] 48.0069 [2+] 30.0043 [3+] 11.1444 [4+] 11.1444 [5+] 0.428633
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.