Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pidgin-mra-20100304/src/proto.h
Examining data/pidgin-mra-20100304/src/libmra.c
Examining data/pidgin-mra-20100304/src/libmra.h
Examining data/pidgin-mra-20100304/src/mra_net.c
Examining data/pidgin-mra-20100304/src/mra_net.h
FINAL RESULTS:
data/pidgin-mra-20100304/src/libmra.c:562:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "Dear %s.\nYou have %u unread mail(s) in your mailbox", mmp->acct->username, status);
data/pidgin-mra-20100304/src/mra_net.c:1571:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(who, "%s@%s", mai.username, mai.domain);
data/pidgin-mra-20100304/src/libmra.c:110:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(srv[1]);
data/pidgin-mra-20100304/src/libmra.c:549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/pidgin-mra-20100304/src/libmra.c:942:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
user_id = atol(buddy_user_id);
data/pidgin-mra-20100304/src/libmra.c:984:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
user_id = atol(buddy_user_id);
data/pidgin-mra-20100304/src/mra_net.c:50:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 2 * i + 8, "%02x", (unsigned char) data[i]);
data/pidgin-mra-20100304/src/mra_net.c:56:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%02x%02x%02x%02x-", LPS_DEBUG(data, 0)); // magic
data/pidgin-mra-20100304/src/mra_net.c:57:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 9, "%02x%02x%02x%02x-", LPS_DEBUG(data, 4)); // proto
data/pidgin-mra-20100304/src/mra_net.c:58:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 18, "%02x%02x%02x%02x-", LPS_DEBUG(data, 8)); // seq
data/pidgin-mra-20100304/src/mra_net.c:59:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 27, "%02x%02x%02x%02x-", LPS_DEBUG(data, 12)); // msg
data/pidgin-mra-20100304/src/mra_net.c:60:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 36, "%02x%02x%02x%02x-", LPS_DEBUG(data, 16)); // dlen
data/pidgin-mra-20100304/src/mra_net.c:61:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 45, "%02x%02x%02x%02x-", LPS_DEBUG(data, 20)); // from
data/pidgin-mra-20100304/src/mra_net.c:62:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 54, "%02x%02x%02x%02x ", LPS_DEBUG(data, 24)); // fromport
data/pidgin-mra-20100304/src/mra_net.c:64:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 2 * i + 63, "%02x", (unsigned char) data[44 + i]);
data/pidgin-mra-20100304/src/mra_net.c:77:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 2 * i, "%02x", (unsigned char) data[i]);
data/pidgin-mra-20100304/src/mra_net.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lps + sizeof(uint32_t), sz, strlen(sz));
data/pidgin-mra-20100304/src/mra_net.c:202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sz, lps + sizeof(uint32_t), len);
data/pidgin-mra-20100304/src/mra_net.c:233:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mmp->tx_buf + mmp->tx_len, data, len);
data/pidgin-mra-20100304/src/mra_net.c:918:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
user_info->weather_city = atol(val);
data/pidgin-mra-20100304/src/mra_net.c:920:41: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
user_info->messages_total = atol(val);
data/pidgin-mra-20100304/src/mra_net.c:922:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
user_info->messages_unread = atol(val);
data/pidgin-mra-20100304/src/mra_net.c:1285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uidl[8];
data/pidgin-mra-20100304/src/mra_net.c:1287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message_rtf[1] = " ";
data/pidgin-mra-20100304/src/mra_net.c:1303:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uidl, answer, 8);
data/pidgin-mra-20100304/src/mra_net.c:1321:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(boundary, "\n--");
data/pidgin-mra-20100304/src/mra_net.c:1323:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(boundary, "--");
data/pidgin-mra-20100304/src/mra_net.c:1532:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mai.sex = atoi(val);
data/pidgin-mra-20100304/src/mra_net.c:1538:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mai.city_id = atoi(val);
data/pidgin-mra-20100304/src/mra_net.c:1544:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mai.zodiak = atoi(val);
data/pidgin-mra-20100304/src/mra_net.c:1547:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mai.bmounth = atoi(val);
data/pidgin-mra-20100304/src/mra_net.c:1550:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mai.bday = atoi(val);
data/pidgin-mra-20100304/src/mra_net.c:1553:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mai.country_id = atoi(val);
data/pidgin-mra-20100304/src/libmra.c:47:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(eml[0]) > 32) {
data/pidgin-mra-20100304/src/libmra.c:597:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
serv_got_im(mmp->gc, from, purple_markup_escape_text(message, strlen(message)), 0, time);
data/pidgin-mra-20100304/src/mra_net.c:115:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize br = strlen(text);
data/pidgin-mra-20100304/src/mra_net.c:123:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conv = g_malloc0(strlen(text) + 1);
data/pidgin-mra-20100304/src/mra_net.c:127:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = g_convert(conv, strlen(conv), "UTF-8", "WINDOWS-1251", &br, &bw, &err);
data/pidgin-mra-20100304/src/mra_net.c:142:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize br = strlen(text);
data/pidgin-mra-20100304/src/mra_net.c:147:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conv = g_convert(text, strlen(text), "WINDOWS-1251", "UTF-8", &br, &bw, &err);
data/pidgin-mra-20100304/src/mra_net.c:169:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = (gchar *) g_malloc0(strlen(text) + n + 1);
data/pidgin-mra-20100304/src/mra_net.c:185:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *lps = LPSALLOC(strlen(sz));
data/pidgin-mra-20100304/src/mra_net.c:187:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sz);
data/pidgin-mra-20100304/src/mra_net.c:189:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(lps + sizeof(uint32_t), sz, strlen(sz));
data/pidgin-mra-20100304/src/mra_net.c:581:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain_len = strlen(who) - user_len - 1;
data/pidgin-mra-20100304/src/mra_net.c:586:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(user, who, user_len);
data/pidgin-mra-20100304/src/mra_net.c:587:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(domain, who + user_len + 1, domain_len);
data/pidgin-mra-20100304/src/mra_net.c:638:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(mmp->fd, buf, MRA_BUF_LEN);
data/pidgin-mra-20100304/src/mra_net.c:995:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(contact_mask, known_contact_mask, strlen(known_contact_mask)) || strncmp(group_mask, known_group_mask, strlen(known_group_mask))) {
data/pidgin-mra-20100304/src/mra_net.c:995:120: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(contact_mask, known_contact_mask, strlen(known_contact_mask)) || strncmp(group_mask, known_group_mask, strlen(known_group_mask))) {
data/pidgin-mra-20100304/src/mra_net.c:1014:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(known_group_mask);
data/pidgin-mra-20100304/src/mra_net.c:1015:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (j < strlen(group_mask))
data/pidgin-mra-20100304/src/mra_net.c:1068:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(known_contact_mask);
data/pidgin-mra-20100304/src/mra_net.c:1069:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (j < strlen(contact_mask))
data/pidgin-mra-20100304/src/mra_net.c:1309:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(from, p + 6, strchr(p, '\n') - p - 6);
data/pidgin-mra-20100304/src/mra_net.c:1313:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(date, p + 6, strchr(p, '\n') - p - 6);
data/pidgin-mra-20100304/src/mra_net.c:1317:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sflags, p + 14, strchr(p, '\n') - p - 14);
data/pidgin-mra-20100304/src/mra_net.c:1322:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(boundary + 3, p + 10, strchr(p, '\n') - p - 10);
data/pidgin-mra-20100304/src/mra_net.c:1570:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *who = (char *) malloc(strlen(mai.username) + strlen(mai.domain) + 2);
data/pidgin-mra-20100304/src/mra_net.c:1570:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *who = (char *) malloc(strlen(mai.username) + strlen(mai.domain) + 2);
ANALYSIS SUMMARY:
Hits = 60
Lines analyzed = 3713 in approximately 0.11 seconds (32490 lines/second)
Physical Source Lines of Code (SLOC) = 2445
Hits@level = [0] 1 [1] 27 [2] 31 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 61 [1+] 60 [2+] 33 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 24.9489 [1+] 24.5399 [2+] 13.4969 [3+] 0.817996 [4+] 0.817996 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.