Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/discover-server.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/discover-server.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/user-event.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/kboot-parser.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/boot.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/event.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/pb-discover.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/event-parser.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/event.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/params.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/pb-discover.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/yaboot-parser.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/udev.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/udev.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/user-event.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/native-parser.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-utils.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/pxe-parser.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/boot.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-utils.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/grub2-parser.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ps3.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/timer.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/discover-client.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/joystick.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ui-system.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ps3.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ui-system.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/timer.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/joystick.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/discover-client.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-cui.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-boot-editor.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/generic-main.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-menu.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-menu.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-cui.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-scr.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-scr.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-boot-editor.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/ps3-main.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-client.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-menu.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-client.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/main-generic.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/main-ps3.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-scr.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-scr.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-menu.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-main.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-main.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/test/discover-test.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/waiter/waiter.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/waiter/waiter.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/types/types.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/url/url.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/url/url.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/list/list.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/list/list.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/log/log.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/log/log.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/urls/parse-url.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/lib/list-test.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-grub2-ubuntu-13_04-x86.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/parser-test.h
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-null.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/handler.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-grub2-f18-ppc64.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-yaboot-single.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-kboot-single.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/main.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-grub2-multiple-resolve.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-yaboot-external.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-yaboot-rh8-ppc64.c
Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-grub2-single.c
FINAL RESULTS:
data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.c:257:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(pb_system_apps.umount, pb_system_apps.umount,
data/petitboot-13.05.29.14.00-g4dc604b/discover/discover-server.c:318:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, PB_SOCKET_PATH);
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:27:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_path, a);
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:30:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_path, b);
data/petitboot-13.05.29.14.00-g4dc604b/discover/udev.c:266:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(pb_log_get_stream(), format, args);
data/petitboot-13.05.29.14.00-g4dc604b/discover/user-event.c:154:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, PBOOT_USER_EVENT_SOCKET);
data/petitboot-13.05.29.14.00-g4dc604b/lib/log/log.c:17:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stream, fmt, ap);
data/petitboot-13.05.29.14.00-g4dc604b/lib/log/log.h:6:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void __attribute__ ((format (printf, 1, 2))) pb_log(const char *fmt, ...);
data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.c:67:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, dir);
data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.c:155:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd_argv[0], (char *const *)cmd_argv);
data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:978:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(NULL, 0, fmt, ap2);
data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:983:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(ret, len+1, fmt, ap2);
data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:1031:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(NULL, 0, fmt, ap2);
data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:1038:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(s+s_len, len+1, fmt, ap2);
data/petitboot-13.05.29.14.00-g4dc604b/ui/common/discover-client.c:211:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, PB_SOCKET_PATH);
data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:38:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(_args...) do {fprintf(stderr, _args); fflush(stderr); } while (0)
data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:40:43: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static inline int __attribute__ ((format (printf, 1, 2))) DBG(
data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:93:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, err_max_size, max_len);
data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:115:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, err_max_size, max_len);
data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:136:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, PBOOT_USER_EVENT_SOCKET);
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:40:8: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
tmp = tempnam(NULL, "pb-");
data/petitboot-13.05.29.14.00-g4dc604b/discover/pb-discover.c:71:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, short_options, long_options,
data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/generic-main.c:90:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, short_options, long_options,
data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/ps3-main.c:99:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, short_options, long_options,
data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-main.c:69:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, short_options, long_options,
data/petitboot-13.05.29.14.00-g4dc604b/discover/boot.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[6];
data/petitboot-13.05.29.14.00-g4dc604b/discover/boot.c:70:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[4];
data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.c:202:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[6];
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:204:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
while( (pos >= 0) && isspace(((unsigned char *)line)[pos]) )
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:426:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for( end = i; (end >= 0) && isspace(((unsigned char *) bufr)[end]); end-- )
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:528:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OpenedFile = fopen( FileName, "r" );
data/petitboot-13.05.29.14.00-g4dc604b/discover/parser.c:32:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[8];
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[4];
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:154:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[10];
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:221:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[7];
data/petitboot-13.05.29.14.00-g4dc604b/discover/pb-discover.c:131:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *log = fopen(opts.log_file, "a");
data/petitboot-13.05.29.14.00-g4dc604b/discover/user-event.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PBOOT_USER_EVENT_SIZE];
data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:98:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, str, len);
data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:343:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, &m, sizeof(m));
data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:631:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ptr, tc, tc->size + sizeof(*tc));
data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:920:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newp, p, size);
data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:954:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, p, len);
data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c:49:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "__test%d", dev_idx++);
data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c:116:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/petitboot-13.05.29.14.00-g4dc604b/test/urls/parse-url.c:19:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
null = fopen("/dev/null", "w");
data/petitboot-13.05.29.14.00-g4dc604b/ui/common/joystick.c:87:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pjs->fd = open(dev_name, O_RDONLY | O_NONBLOCK);
data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ps3.c:77:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fc->dev = fopen(flash_dev, mode);
data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ps3.c:218:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fb_dev, O_RDWR);
data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ui-system.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[2];
data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/generic-main.c:232:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *log = fopen(opts.log_file, "a");
data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/generic-main.c:235:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log = fopen("/dev/null", "a");
data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/ps3-main.c:619:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *log = fopen(opts.log_file, "a");
data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/main-generic.c:295:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *log = fopen(opts.log_file, "a");
data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/main-ps3.c:394:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *log = fopen(opts.log_file, "a");
data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:97:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + total_len, arg, arg_len);
data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PBOOT_USER_EVENT_SIZE];
data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.c:128:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name, "/dev/", strlen("/dev/")))
data/petitboot-13.05.29.14.00-g4dc604b/discover/discover-server.c:140:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dev_id) + sizeof(uint32_t);
data/petitboot-13.05.29.14.00-g4dc604b/discover/event.c:113:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
device_len = strlen(device);
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:157:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for( c = getc( InFile ); isspace( c ) && ('\n' != c); c = getc( InFile ) )
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:157:61: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for( c = getc( InFile ); isspace( c ) && ('\n' != c); c = getc( InFile ) )
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:182:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for( c = getc( InFile ); ('\n'!=c) && (EOF!=c) && (c>0); c = getc( InFile ) )
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:182:64: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for( c = getc( InFile ); ('\n'!=c) && (EOF!=c) && (c>0); c = getc( InFile ) )
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:280:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( InFile ); /* Continue with next line. */
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:294:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( InFile );
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:373:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( InFile ); /* Read past eoln. */
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:393:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( InFile );
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:417:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( InFile ); /* version called fgets_slash() which also */
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:428:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( InFile );
data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:436:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( InFile );
data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.c:49:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(s))
data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.c:55:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = s + strlen(s) - 1;
data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.c:60:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(s) ? s : NULL;
data/petitboot-13.05.29.14.00-g4dc604b/discover/parser.c:49:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, buf + i, len - i);
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:25:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_path = talloc_array(alloc_ctx, char, strlen(a) + strlen(b) + 2);
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:25:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_path = talloc_array(alloc_ctx, char, strlen(a) + strlen(b) + 2);
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:28:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (b[0] != '/' && a[strlen(a) - 1] != '/')
data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:29:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(full_path, "/");
data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.c:18:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncasecmp(str, prefix, strlen(prefix));
data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.c:29:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return device_lookup_by_uuid(handler, devstr + strlen("uuid"));
data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.c:33:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
devstr + strlen("label="));
data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:93:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:159:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(str);
data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:329:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, &m, sizeof(m));
data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:346:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, message->payload + len, m.payload_len - len);
data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.c:81:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(base, dir, strlen(base)))
data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:935:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = talloc_memdup(t, p, strlen(p) + 1);
data/petitboot-13.05.29.14.00-g4dc604b/lib/url/url.c:115:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_len = strlen(url);
data/petitboot-13.05.29.14.00-g4dc604b/lib/url/url.c:178:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = url_str + si->str_len + strlen("://");
data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c:127:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, test->conf.buf, test->conf.size);
data/petitboot-13.05.29.14.00-g4dc604b/ui/common/joystick.c:48:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(pjs->fd, &e, sizeof(e));
data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-boot-editor.c:155:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *const s_end = s + strlen(s);
data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-boot-editor.c:302:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f = new_field(1, strlen(str), y, x, 0, 0);
data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:90:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg_len = strlen(arg);
ANALYSIS SUMMARY:
Hits = 96
Lines analyzed = 15928 in approximately 0.35 seconds (46013 lines/second)
Physical Source Lines of Code (SLOC) = 10568
Hits@level = [0] 109 [1] 38 [2] 33 [3] 5 [4] 20 [5] 0
Hits@level+ = [0+] 205 [1+] 96 [2+] 58 [3+] 25 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 19.3982 [1+] 9.08403 [2+] 5.48827 [3+] 2.36563 [4+] 1.89251 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.