Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pamtester-0.1.2/src/pamtester.c
Examining data/pamtester-0.1.2/src/app.h
Examining data/pamtester-0.1.2/src/compat.c
Examining data/pamtester-0.1.2/src/compat.h
Examining data/pamtester-0.1.2/src/expr_parser.c
Examining data/pamtester-0.1.2/src/expr_parser.h
Examining data/pamtester-0.1.2/src/util.c
Examining data/pamtester-0.1.2/src/util.h
Examining data/pamtester-0.1.2/src/parse_opts.c
Examining data/pamtester-0.1.2/src/parse_opts.h
Examining data/pamtester-0.1.2/src/app.c
FINAL RESULTS:
data/pamtester-0.1.2/src/app.c:224:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(err_msg, "Unknown item type \"%s\"", item->name);
data/pamtester-0.1.2/src/app.c:447:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(err_msg, "Unsupported operation \"%s\"", op->name);
data/pamtester-0.1.2/src/parse_opts.c:85:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*err_msg, "Option \"%s\" may not be specified twice or more", opt->long_name);
data/pamtester-0.1.2/src/parse_opts.c:117:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*err_msg, "Option \"%s\" may not be specified twice or more", opt->short_name);
data/pamtester-0.1.2/src/parse_opts.c:141:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*err_msg, "Option \"%s\" may not be specified twice or more", arg);
data/pamtester-0.1.2/src/parse_opts.c:161:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*err_msg, "Unknown option \"%s\"", arg);
data/pamtester-0.1.2/src/parse_opts.c:184:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*err_msg, "Option \"%s\" must be specified", opt->short_name);
data/pamtester-0.1.2/src/expr_parser.c:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&retval[offset], msg, msg_len);
data/pamtester-0.1.2/src/expr_parser.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&retval[offset], token, token_val_len);
data/pamtester-0.1.2/src/pamtester.c:184:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *op_spec = (char *)argv[op_idx];
data/pamtester-0.1.2/src/util.c:109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, str, len + 1);
data/pamtester-0.1.2/src/util.c:123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, str, len);
data/pamtester-0.1.2/src/app.c:223:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err_msg = xmalloc(sizeof("Unknown item type \"\"") + strlen(item->name));
data/pamtester-0.1.2/src/app.c:446:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err_msg = xmalloc(sizeof("Unsupported operation \"\"") + strlen(op->name));
data/pamtester-0.1.2/src/compat.c:89:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes_read = strlen(p);
data/pamtester-0.1.2/src/compat.c:113:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(msg, sizeof(msg[0]), strlen(msg), fp);
data/pamtester-0.1.2/src/expr_parser.c:59:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msg_len = strlen(msg);
data/pamtester-0.1.2/src/pamtester.c:195:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| *(op_param_end = op_param + strlen(op_param) - 1) != ')') {
data/pamtester-0.1.2/src/parse_opts.c:84:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*err_msg = xmalloc(sizeof("Option \"\" may not be specified twice or more") + strlen(opt->long_name));
data/pamtester-0.1.2/src/parse_opts.c:116:90: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*err_msg = xmalloc(sizeof("Option \"\" may not be specified twice or more") + strlen(opt->short_name));
data/pamtester-0.1.2/src/parse_opts.c:140:90: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*err_msg = xmalloc(sizeof("Option \"\" may not be specified twice or more") + strlen(arg));
data/pamtester-0.1.2/src/parse_opts.c:160:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*err_msg = xmalloc(sizeof("Unknown option \"\"") + strlen(arg));
data/pamtester-0.1.2/src/parse_opts.c:183:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*err_msg = xmalloc(sizeof("Option \"\" must be specified") + strlen(opt->short_name));
data/pamtester-0.1.2/src/util.c:59:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = path + strlen(path); p > path;) {
data/pamtester-0.1.2/src/util.c:107:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/pamtester-0.1.2/src/util.c:115:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t actual_len = strlen(str);
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 1883 in approximately 0.07 seconds (27231 lines/second)
Physical Source Lines of Code (SLOC) = 1200
Hits@level = [0] 17 [1] 14 [2] 5 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 43 [1+] 26 [2+] 12 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 35.8333 [1+] 21.6667 [2+] 10 [3+] 5.83333 [4+] 5.83333 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.