Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c
Examining data/php-ssh2-1.2+0.13/ssh2-0.13/php_ssh2.h
Examining data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c
Examining data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_sftp.c
Examining data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_fopen_wrappers.c
Examining data/php-ssh2-1.2+0.13/ssh2-1.2/php_ssh2.h
Examining data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c
Examining data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_sftp.c
FINAL RESULTS:
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:691:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newpath, pws->pw_dir);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:692:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newpath, pubkey+1);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:698:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newpath, pws->pw_dir);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:699:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newpath, privkey+1);
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:677:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newpath, pws->pw_dir);
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:678:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newpath, pubkey+1);
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:684:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newpath, pws->pw_dir);
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:685:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newpath, privkey+1);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:1062:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:1134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:1259:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(colon);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:1370:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream_data, data, sizeof(php_ssh2_channel_data));
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_sftp.c:299:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ent->d_name, basename, bytesread);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_sftp.c:836:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targ[8192];
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_sftp.c:861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targ[8192];
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:1141:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
add_assoc_stringl(&key, "name", (char *) keys[i].name, keys[i].name_len);
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:1142:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
add_assoc_stringl(&key, "blob", (char *) keys[i].blob, keys[i].blob_len);
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_fopen_wrappers.c:1083:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_fopen_wrappers.c:1155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_fopen_wrappers.c:1282:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(colon);
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_fopen_wrappers.c:1393:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream_data, data, sizeof(php_ssh2_channel_data));
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_sftp.c:285:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ent->d_name, basename->val, bytesread);
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_sftp.c:819:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targ[8192];
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_sftp.c:846:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targ[8192];
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:594:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)) {
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:615:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
responses[0].length = strlen(password_for_kbd_callback);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:690:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = emalloc(strlen(pws->pw_dir) + strlen(pubkey));
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:690:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = emalloc(strlen(pws->pw_dir) + strlen(pubkey));
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:697:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = emalloc(strlen(pws->pw_dir) + strlen(privkey));
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2.c:697:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = emalloc(strlen(pws->pw_dir) + strlen(privkey));
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:238:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (is_numeric_string(s, strlen(s), &resource_id, NULL, 0) == IS_LONG) {
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:372:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(resource->user);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:381:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(resource->pass);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:609:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = s ? s + strlen(s) : NULL;
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:629:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(path + 1))) {
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_fopen_wrappers.c:1263:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((port <= 0) || (port > 65535) || !host || (strlen(host) == 0)) {
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_sftp.c:287:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basename_len = strlen(basename);
data/php-ssh2-1.2+0.13/ssh2-0.13/ssh2_sftp.c:395:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (libssh2_sftp_stat_ex(sftp, resource->path, strlen(resource->path),
data/php-ssh2-1.2+0.13/ssh2-1.2/php_ssh2.h:169:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SSH2_URL_LEN(a) strlen(a)
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:581:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)) {
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:602:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
responses[0].length = strlen(password_for_kbd_callback);
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:676:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = emalloc(strlen(pws->pw_dir) + strlen(pubkey));
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:676:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = emalloc(strlen(pws->pw_dir) + strlen(pubkey));
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:683:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = emalloc(strlen(pws->pw_dir) + strlen(privkey));
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2.c:683:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = emalloc(strlen(pws->pw_dir) + strlen(privkey));
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_fopen_wrappers.c:219:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp + (h-path), h + sizeof("Resource id #")-1, strlen(tmp)-sizeof("Resource id #"));
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_fopen_wrappers.c:219:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tmp + (h-path), h + sizeof("Resource id #")-1, strlen(tmp)-sizeof("Resource id #"));
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_fopen_wrappers.c:657:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(path + 1))) {
data/php-ssh2-1.2+0.13/ssh2-1.2/ssh2_fopen_wrappers.c:1286:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((port <= 0) || (port > 65535) || !host || (strlen(host) == 0)) {
ANALYSIS SUMMARY:
Hits = 49
Lines analyzed = 8222 in approximately 0.18 seconds (44798 lines/second)
Physical Source Lines of Code (SLOC) = 5853
Hits@level = [0] 2 [1] 25 [2] 16 [3] 0 [4] 8 [5] 0
Hits@level+ = [0+] 51 [1+] 49 [2+] 24 [3+] 8 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 8.71348 [1+] 8.37178 [2+] 4.10046 [3+] 1.36682 [4+] 1.36682 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.