Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pam-pgsql-0.7.3.2/tests/chpass.c
Examining data/pam-pgsql-0.7.3.2/tests/authenticate.c
Examining data/pam-pgsql-0.7.3.2/src/pam_pgsql.c
Examining data/pam-pgsql-0.7.3.2/src/backend_pgsql.c
Examining data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.h
Examining data/pam-pgsql-0.7.3.2/src/pam_pgsql.h
Examining data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c
Examining data/pam-pgsql-0.7.3.2/src/pam_get_pass.c
Examining data/pam-pgsql-0.7.3.2/src/backend_pgsql.h
Examining data/pam-pgsql-0.7.3.2/src/pam_get_service.c
FINAL RESULTS:
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:282:16: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
s = strdup(crypt(pass, crypt_makesalt(options->pw_type)));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:284:16: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
s = strdup(crypt(pass, salt));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:313:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(unencoded, "%s%s", pass, user);
data/pam-pgsql-0.7.3.2/src/pam_pgsql.h:30:27: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(LOG_DEBUG, ##x); \
data/pam-pgsql-0.7.3.2/src/pam_pgsql.h:35:27: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(LOG_INFO, ##x); \
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:251:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(modopt->query_auth, "select %s from %s where %s = %%u", modopt->column_pwd, modopt->table, modopt->column_user);
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:264:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(modopt->query_acct, "select (%s = 'y' OR %s = '1'), (%s = 'y' OR %s = '1'), (%s IS NULL OR %s = '') from %s where %s = %%u", modopt->column_expired, modopt->column_expired, modopt->column_newpwd, modopt->column_newpwd, modopt->column_pwd, modopt->column_pwd, modopt->table, modopt->column_user);
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:270:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(modopt->query_acct, "select false, (%s = 'y' OR %s = '1'), (%s IS NULL OR %s = '') from %s where %s = %%u", modopt->column_newpwd, modopt->column_newpwd, modopt->column_pwd, modopt->column_pwd, modopt->table, modopt->column_user);
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:276:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(modopt->query_acct, "select (%s = 'y' OR %s = '1'), false, (%s IS NULL OR %s = '') from %s where %s = %%u", modopt->column_newpwd, modopt->column_newpwd, modopt->column_pwd, modopt->column_pwd, modopt->table, modopt->column_user);
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:287:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(modopt->query_pwd, "update %s set %s = %%p where %s = %%u", modopt->table, modopt->column_pwd, modopt->column_user);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:357:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(now.tv_sec*10000+now.tv_usec/100+clock());
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:358:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
while(pos<len)result[pos++]=i64c(random()&63);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:135:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(q, "$%i", ++nparm);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:142:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(q, "$%i", ++nparm);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:149:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(q, "$%i", ++nparm);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:156:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(q, "$%i", ++nparm);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:163:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(q, "$%i", ++nparm);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:196:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *values[128];
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:288:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[16] = { 0, }; /* 16 is the md5 block size */
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:295:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&s[i * 2], "%.2x", hash[i]);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:303:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[16] = { 0, }; /* 16 is the md5 block size */
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:317:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&s[(i * 2) + 3], "%.2x", hash[i]);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:324:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20] = { 0, }; /* 20 is the sha1 block size */
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:331:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&s[i * 2], "%.2x", hash[i]);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:344:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[12];
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:352:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(result,"$1$");
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:29:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(options->fileconf, "r");
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:133:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[16];
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:213:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modopt->debug = atoi(value);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:49:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(str, "dbname=", strlen("dbname="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:49:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, "dbname=", strlen("dbname="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:50:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str, options->db, strlen(options->db));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:50:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, options->db, strlen(options->db));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:54:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(str, " host=", strlen(" host="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:54:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, " host=", strlen(" host="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:55:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str, options->host, strlen(options->host));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:55:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, options->host, strlen(options->host));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:58:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(str, " port=", strlen(" port="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:58:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, " port=", strlen(" port="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:59:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str, options->port, strlen(options->port));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:59:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, options->port, strlen(options->port));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:62:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(str, " connect_timeout=", strlen(" connect_timeout="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:62:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, " connect_timeout=", strlen(" connect_timeout="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:63:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str, options->timeout, strlen(options->timeout));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:63:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, options->timeout, strlen(options->timeout));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:66:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(str, " user=", strlen(" user="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:66:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, " user=", strlen(" user="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:67:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str, options->user, strlen(options->user));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:67:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, options->user, strlen(options->user));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:70:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(str, " password=", strlen(" password="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:70:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, " password=", strlen(" password="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:71:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str, options->passwd, strlen(options->passwd));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:71:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, options->passwd, strlen(options->passwd));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:74:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(str, " sslmode=", strlen(" sslmode="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:74:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, " sslmode=", strlen(" sslmode="));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:75:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str, options->sslmode, strlen(options->sslmode));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:75:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(str, options->sslmode, strlen(options->sslmode));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:137:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen (q);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:144:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen (q);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:151:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen (q);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:158:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen (q);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:165:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen (q);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:292:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcry_md_hash_buffer(GCRY_MD_MD5, hash, pass, strlen(pass));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:306:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s, "md5", 3);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:311:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unencoded_length = strlen(pass)+strlen(user);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:311:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unencoded_length = strlen(pass)+strlen(user);
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:315:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcry_md_hash_buffer(GCRY_MD_MD5, hash, unencoded, strlen(unencoded));
data/pam-pgsql-0.7.3.2/src/backend_pgsql.c:328:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcry_md_hash_buffer(GCRY_MD_SHA1, hash, pass, strlen(pass));
data/pam-pgsql-0.7.3.2/src/pam_get_pass.c:68:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(resp[0].resp, 0, strlen(resp[0].resp));
data/pam-pgsql-0.7.3.2/src/pam_get_pass.c:150:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(resp[0].resp, 0, strlen(resp[0].resp));
data/pam-pgsql-0.7.3.2/src/pam_get_pass.c:151:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(resp[1].resp, 0, strlen(resp[1].resp));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:250:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_auth = (char *) malloc(32+strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:250:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_auth = (char *) malloc(32+strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:250:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_auth = (char *) malloc(32+strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:263:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_expired)+2*strlen(modopt->column_newpwd));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:263:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_expired)+2*strlen(modopt->column_newpwd));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:263:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_expired)+2*strlen(modopt->column_newpwd));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:263:134: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_expired)+2*strlen(modopt->column_newpwd));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:263:167: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_expired)+2*strlen(modopt->column_newpwd));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:269:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_newpwd));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:269:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_newpwd));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:269:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_newpwd));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:269:134: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_newpwd));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:275:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_expired));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:275:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_expired));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:275:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_expired));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:275:134: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_acct = (char *) malloc(96+2*strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user)+2*strlen(modopt->column_expired));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:286:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_pwd = (char *) malloc(40+strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:286:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_pwd = (char *) malloc(40+strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user));
data/pam-pgsql-0.7.3.2/src/pam_pgsql_options.c:286:101: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modopt->query_pwd = (char *) malloc(40+strlen(modopt->column_pwd)+strlen(modopt->table)+strlen(modopt->column_user));
ANALYSIS SUMMARY:
Hits = 91
Lines analyzed = 1433 in approximately 0.06 seconds (25028 lines/second)
Physical Source Lines of Code (SLOC) = 1082
Hits@level = [0] 13 [1] 61 [2] 18 [3] 2 [4] 10 [5] 0
Hits@level+ = [0+] 104 [1+] 91 [2+] 30 [3+] 12 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 96.1183 [1+] 84.1035 [2+] 27.7264 [3+] 11.0906 [4+] 9.24214 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.