Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pidgin-otr-4.0.2/otr-plugin.c
Examining data/pidgin-otr-4.0.2/dialogs.c
Examining data/pidgin-otr-4.0.2/otr-plugin.h
Examining data/pidgin-otr-4.0.2/gtk-ui.c
Examining data/pidgin-otr-4.0.2/dialogs.h
Examining data/pidgin-otr-4.0.2/ui.h
Examining data/pidgin-otr-4.0.2/ui.c
Examining data/pidgin-otr-4.0.2/gtk-dialog.c
Examining data/pidgin-otr-4.0.2/tooltipmenu.c
Examining data/pidgin-otr-4.0.2/gtk-dialog.h
Examining data/pidgin-otr-4.0.2/tooltipmenu.h
Examining data/pidgin-otr-4.0.2/otr-icons.h
Examining data/pidgin-otr-4.0.2/gtk-ui.h
FINAL RESULTS:
data/pidgin-otr-4.0.2/dialogs.c:132:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void otrg_dialog_unknown_fingerprint(OtrlUserState us, const char *accountname,
data/pidgin-otr-4.0.2/dialogs.c:133:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *protocol, const char *who, unsigned char fingerprint[20])
data/pidgin-otr-4.0.2/dialogs.c:133:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *protocol, const char *who, unsigned char fingerprint[20])
data/pidgin-otr-4.0.2/dialogs.c:133:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *protocol, const char *who, unsigned char fingerprint[20])
data/pidgin-otr-4.0.2/dialogs.h:60:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void (*unknown_fingerprint)(OtrlUserState us, const char *accountname,
data/pidgin-otr-4.0.2/dialogs.h:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *protocol, const char *who, unsigned char fingerprint[20]);
data/pidgin-otr-4.0.2/dialogs.h:61:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *protocol, const char *who, unsigned char fingerprint[20]);
data/pidgin-otr-4.0.2/dialogs.h:61:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *protocol, const char *who, unsigned char fingerprint[20]);
data/pidgin-otr-4.0.2/dialogs.h:139:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void otrg_dialog_unknown_fingerprint(OtrlUserState us, const char *accountname,
data/pidgin-otr-4.0.2/dialogs.h:140:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *protocol, const char *who, unsigned char fingerprint[20]);
data/pidgin-otr-4.0.2/dialogs.h:140:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *protocol, const char *who, unsigned char fingerprint[20]);
data/pidgin-otr-4.0.2/dialogs.h:140:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *protocol, const char *who, unsigned char fingerprint[20]);
data/pidgin-otr-4.0.2/gtk-dialog.c:647:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char our_hash[OTRL_PRIVKEY_FPRINT_HUMAN_LEN],
data/pidgin-otr-4.0.2/gtk-dialog.c:1117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *accountname, const char *protocol, const char *who,
data/pidgin-otr-4.0.2/gtk-dialog.c:1117:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *accountname, const char *protocol, const char *who,
data/pidgin-otr-4.0.2/gtk-dialog.c:1117:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *accountname, const char *protocol, const char *who,
data/pidgin-otr-4.0.2/gtk-dialog.c:1118:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fingerprint[20])
data/pidgin-otr-4.0.2/gtk-dialog.c:1273:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fingerprint[20];
data/pidgin-otr-4.0.2/gtk-dialog.c:1385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char our_hash[OTRL_PRIVKEY_FPRINT_HUMAN_LEN],
data/pidgin-otr-4.0.2/gtk-ui.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fingerprint_buf[OTRL_PRIVKEY_FPRINT_HUMAN_LEN];
data/pidgin-otr-4.0.2/gtk-ui.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[OTRL_PRIVKEY_FPRINT_HUMAN_LEN];
data/pidgin-otr-4.0.2/gtk-ui.c:800:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *titles[5];
data/pidgin-otr-4.0.2/otr-plugin.c:105:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define g_fopen fopen
data/pidgin-otr-4.0.2/otr-plugin.c:320:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *accountname, const char *protocol, const char *username,
data/pidgin-otr-4.0.2/otr-plugin.c:320:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *accountname, const char *protocol, const char *username,
data/pidgin-otr-4.0.2/otr-plugin.c:320:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *accountname, const char *protocol, const char *username,
data/pidgin-otr-4.0.2/otr-plugin.c:321:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fingerprint[20])
data/pidgin-otr-4.0.2/otr-plugin.c:1112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storeline[50];
data/pidgin-otr-4.0.2/otr-plugin.c:1141:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*mms_in_table = atoi(mms);
data/pidgin-otr-4.0.2/gtk-dialog.c:306:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secret_len = strlen(secret);
data/pidgin-otr-4.0.2/gtk-dialog.c:321:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (user_question == NULL || strlen(user_question) == 0) {
data/pidgin-otr-4.0.2/gtk-dialog.c:675:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(our_hash, _("[none]"), 44);
data/pidgin-otr-4.0.2/gtk-dialog.c:1403:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(our_hash, _("[none]"), 44);
data/pidgin-otr-4.0.2/otr-plugin.c:221:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask (0077);
data/pidgin-otr-4.0.2/otr-plugin.c:225:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask);
data/pidgin-otr-4.0.2/otr-plugin.c:1033:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask (0077);
data/pidgin-otr-4.0.2/otr-plugin.c:1037:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (mask);
ANALYSIS SUMMARY:
Hits = 37
Lines analyzed = 7685 in approximately 0.21 seconds (37444 lines/second)
Physical Source Lines of Code (SLOC) = 5487
Hits@level = [0] 8 [1] 8 [2] 29 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 45 [1+] 37 [2+] 29 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.2012 [1+] 6.74321 [2+] 5.28522 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.