Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/discover-server.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/discover-server.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/user-event.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/kboot-parser.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/boot.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/event.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/pb-discover.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/event-parser.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/event.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/params.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/pb-discover.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/yaboot-parser.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/udev.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/udev.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/user-event.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/native-parser.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-utils.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/pxe-parser.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/boot.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-utils.h Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/grub2-parser.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c Examining data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.h Examining data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ps3.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/timer.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/discover-client.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/joystick.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ui-system.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ps3.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ui-system.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/timer.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/joystick.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/common/discover-client.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-cui.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-boot-editor.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/generic-main.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-menu.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-menu.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-cui.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-scr.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-scr.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-boot-editor.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/ps3-main.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-client.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-menu.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-client.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/main-generic.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/main-ps3.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-scr.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-scr.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-menu.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-main.h Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-main.c Examining data/petitboot-13.05.29.14.00-g4dc604b/ui/test/discover-test.c Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.h Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.h Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.c Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/waiter/waiter.h Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/waiter/waiter.c Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/types/types.h Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/url/url.h Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/url/url.c Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.h Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/list/list.c Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/list/list.h Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/log/log.h Examining data/petitboot-13.05.29.14.00-g4dc604b/lib/log/log.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/urls/parse-url.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/lib/list-test.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-grub2-ubuntu-13_04-x86.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/parser-test.h Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-null.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/handler.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-grub2-f18-ppc64.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-yaboot-single.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-kboot-single.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/main.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-grub2-multiple-resolve.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-yaboot-external.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-yaboot-rh8-ppc64.c Examining data/petitboot-13.05.29.14.00-g4dc604b/test/parser/test-grub2-single.c FINAL RESULTS: data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.c:257:3: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(pb_system_apps.umount, pb_system_apps.umount, data/petitboot-13.05.29.14.00-g4dc604b/discover/discover-server.c:318:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(addr.sun_path, PB_SOCKET_PATH); data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:27:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(full_path, a); data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:30:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(full_path, b); data/petitboot-13.05.29.14.00-g4dc604b/discover/udev.c:266:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(pb_log_get_stream(), format, args); data/petitboot-13.05.29.14.00-g4dc604b/discover/user-event.c:154:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(addr.sun_path, PBOOT_USER_EVENT_SOCKET); data/petitboot-13.05.29.14.00-g4dc604b/lib/log/log.c:17:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stream, fmt, ap); data/petitboot-13.05.29.14.00-g4dc604b/lib/log/log.h:6:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void __attribute__ ((format (printf, 1, 2))) pb_log(const char *fmt, ...); data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.c:67:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, dir); data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.c:155:3: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(cmd_argv[0], (char *const *)cmd_argv); data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:978:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(NULL, 0, fmt, ap2); data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:983:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(ret, len+1, fmt, ap2); data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:1031:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(NULL, 0, fmt, ap2); data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:1038:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(s+s_len, len+1, fmt, ap2); data/petitboot-13.05.29.14.00-g4dc604b/ui/common/discover-client.c:211:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(addr.sun_path, PB_SOCKET_PATH); data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:38:27: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DBG(_args...) do {fprintf(stderr, _args); fflush(stderr); } while (0) data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:40:43: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static inline int __attribute__ ((format (printf, 1, 2))) DBG( data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:93:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, err_max_size, max_len); data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:115:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, err_max_size, max_len); data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:136:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(addr.sun_path, PBOOT_USER_EVENT_SOCKET); data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:40:8: [3] (tmpfile) tempnam: Temporary file race condition (CWE-377). tmp = tempnam(NULL, "pb-"); data/petitboot-13.05.29.14.00-g4dc604b/discover/pb-discover.c:71:11: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long(argc, argv, short_options, long_options, data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/generic-main.c:90:11: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long(argc, argv, short_options, long_options, data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/ps3-main.c:99:11: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long(argc, argv, short_options, long_options, data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/pbt-main.c:69:11: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long(argc, argv, short_options, long_options, data/petitboot-13.05.29.14.00-g4dc604b/discover/boot.c:26:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[6]; data/petitboot-13.05.29.14.00-g4dc604b/discover/boot.c:70:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[4]; data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.c:202:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[6]; data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:204:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. while( (pos >= 0) && isspace(((unsigned char *)line)[pos]) ) data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:426:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. for( end = i; (end >= 0) && isspace(((unsigned char *) bufr)[end]); end-- ) data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:528:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). OpenedFile = fopen( FileName, "r" ); data/petitboot-13.05.29.14.00-g4dc604b/discover/parser.c:32:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY); data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:60:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[8]; data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:117:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[4]; data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:154:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[10]; data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:221:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[7]; data/petitboot-13.05.29.14.00-g4dc604b/discover/pb-discover.c:131:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *log = fopen(opts.log_file, "a"); data/petitboot-13.05.29.14.00-g4dc604b/discover/user-event.c:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PBOOT_USER_EVENT_SIZE]; data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:98:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos, str, len); data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:343:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(message, &m, sizeof(m)); data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:631:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ptr, tc, tc->size + sizeof(*tc)); data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:920:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, p, size); data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:954:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, p, len); data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[10]; data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c:49:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "__test%d", dev_idx++); data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c:116:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/petitboot-13.05.29.14.00-g4dc604b/test/urls/parse-url.c:19:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). null = fopen("/dev/null", "w"); data/petitboot-13.05.29.14.00-g4dc604b/ui/common/joystick.c:87:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pjs->fd = open(dev_name, O_RDONLY | O_NONBLOCK); data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ps3.c:77:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fc->dev = fopen(flash_dev, mode); data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ps3.c:218:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fb_dev, O_RDWR); data/petitboot-13.05.29.14.00-g4dc604b/ui/common/ui-system.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[2]; data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/generic-main.c:232:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *log = fopen(opts.log_file, "a"); data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/generic-main.c:235:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log = fopen("/dev/null", "a"); data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/ps3-main.c:619:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *log = fopen(opts.log_file, "a"); data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/main-generic.c:295:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *log = fopen(opts.log_file, "a"); data/petitboot-13.05.29.14.00-g4dc604b/ui/twin/main-ps3.c:394:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *log = fopen(opts.log_file, "a"); data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:97:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + total_len, arg, arg_len); data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PBOOT_USER_EVENT_SIZE]; data/petitboot-13.05.29.14.00-g4dc604b/discover/device-handler.c:128:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(name, "/dev/", strlen("/dev/"))) data/petitboot-13.05.29.14.00-g4dc604b/discover/discover-server.c:140:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dev_id) + sizeof(uint32_t); data/petitboot-13.05.29.14.00-g4dc604b/discover/event.c:113:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). device_len = strlen(device); data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:157:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for( c = getc( InFile ); isspace( c ) && ('\n' != c); c = getc( InFile ) ) data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:157:61: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for( c = getc( InFile ); isspace( c ) && ('\n' != c); c = getc( InFile ) ) data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:182:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for( c = getc( InFile ); ('\n'!=c) && (EOF!=c) && (c>0); c = getc( InFile ) ) data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:182:64: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for( c = getc( InFile ); ('\n'!=c) && (EOF!=c) && (c>0); c = getc( InFile ) ) data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:280:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc( InFile ); /* Continue with next line. */ data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:294:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc( InFile ); data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:373:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc( InFile ); /* Read past eoln. */ data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:393:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc( InFile ); data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:417:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc( InFile ); /* version called fgets_slash() which also */ data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:428:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc( InFile ); data/petitboot-13.05.29.14.00-g4dc604b/discover/params.c:436:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc( InFile ); data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.c:49:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(s)) data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.c:55:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e = s + strlen(s) - 1; data/petitboot-13.05.29.14.00-g4dc604b/discover/parser-conf.c:60:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(s) ? s : NULL; data/petitboot-13.05.29.14.00-g4dc604b/discover/parser.c:49:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, buf + i, len - i); data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:25:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). full_path = talloc_array(alloc_ctx, char, strlen(a) + strlen(b) + 2); data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:25:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). full_path = talloc_array(alloc_ctx, char, strlen(a) + strlen(b) + 2); data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:28:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (b[0] != '/' && a[strlen(a) - 1] != '/') data/petitboot-13.05.29.14.00-g4dc604b/discover/paths.c:29:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(full_path, "/"); data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.c:18:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return !strncasecmp(str, prefix, strlen(prefix)); data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.c:29:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return device_lookup_by_uuid(handler, devstr + strlen("uuid")); data/petitboot-13.05.29.14.00-g4dc604b/discover/resource.c:33:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). devstr + strlen("label=")); data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:93:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:159:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(str); data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:329:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, &m, sizeof(m)); data/petitboot-13.05.29.14.00-g4dc604b/lib/pb-protocol/pb-protocol.c:346:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, message->payload + len, m.payload_len - len); data/petitboot-13.05.29.14.00-g4dc604b/lib/system/system.c:81:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(base, dir, strlen(base))) data/petitboot-13.05.29.14.00-g4dc604b/lib/talloc/talloc.c:935:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = talloc_memdup(t, p, strlen(p) + 1); data/petitboot-13.05.29.14.00-g4dc604b/lib/url/url.c:115:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). url_len = strlen(url); data/petitboot-13.05.29.14.00-g4dc604b/lib/url/url.c:178:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = url_str + si->str_len + strlen("://"); data/petitboot-13.05.29.14.00-g4dc604b/test/parser/utils.c:127:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, test->conf.buf, test->conf.size); data/petitboot-13.05.29.14.00-g4dc604b/ui/common/joystick.c:48:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = read(pjs->fd, &e, sizeof(e)); data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-boot-editor.c:155:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *const s_end = s + strlen(s); data/petitboot-13.05.29.14.00-g4dc604b/ui/ncurses/nc-boot-editor.c:302:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f = new_field(1, strlen(str), y, x, 0, 0); data/petitboot-13.05.29.14.00-g4dc604b/utils/pb-event.c:90:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arg_len = strlen(arg); ANALYSIS SUMMARY: Hits = 96 Lines analyzed = 15928 in approximately 0.35 seconds (46013 lines/second) Physical Source Lines of Code (SLOC) = 10568 Hits@level = [0] 109 [1] 38 [2] 33 [3] 5 [4] 20 [5] 0 Hits@level+ = [0+] 205 [1+] 96 [2+] 58 [3+] 25 [4+] 20 [5+] 0 Hits/KSLOC@level+ = [0+] 19.3982 [1+] 9.08403 [2+] 5.48827 [3+] 2.36563 [4+] 1.89251 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.