Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/popa3d-1.0.3/pop_trans.c
Examining data/popa3d-1.0.3/mailbox.c
Examining data/popa3d-1.0.3/database.c
Examining data/popa3d-1.0.3/auth_passwd.c
Examining data/popa3d-1.0.3/md5/md5.h
Examining data/popa3d-1.0.3/md5/md5.c
Examining data/popa3d-1.0.3/standalone.c
Examining data/popa3d-1.0.3/protocol.h
Examining data/popa3d-1.0.3/pop_trans.h
Examining data/popa3d-1.0.3/pop_auth.h
Examining data/popa3d-1.0.3/virtual.c
Examining data/popa3d-1.0.3/auth_shadow.c
Examining data/popa3d-1.0.3/startup.c
Examining data/popa3d-1.0.3/database.h
Examining data/popa3d-1.0.3/misc.h
Examining data/popa3d-1.0.3/version.c
Examining data/popa3d-1.0.3/auth_pam.c
Examining data/popa3d-1.0.3/virtual.h
Examining data/popa3d-1.0.3/misc.c
Examining data/popa3d-1.0.3/protocol.c
Examining data/popa3d-1.0.3/pop_auth.c
Examining data/popa3d-1.0.3/pop_root.c
Examining data/popa3d-1.0.3/mailbox.h
Examining data/popa3d-1.0.3/params.h
FINAL RESULTS:
data/popa3d-1.0.3/auth_pam.c:92:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output, userpass->user);
data/popa3d-1.0.3/auth_passwd.c:28:3: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt(pass, AUTH_DUMMY_SALT);
data/popa3d-1.0.3/auth_passwd.c:30:16: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *hash = crypt(pass, pw->pw_passwd);
data/popa3d-1.0.3/auth_shadow.c:54:4: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt(pass, AUTH_DUMMY_SALT);
data/popa3d-1.0.3/auth_shadow.c:56:17: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *hash = crypt(pass, spw->sp_pwdp);
data/popa3d-1.0.3/protocol.c:190:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, format, args);
data/popa3d-1.0.3/protocol.h:78:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/popa3d-1.0.3/virtual.c:179:25: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *computed_hash = crypt(pass, passwd);
data/popa3d-1.0.3/pop_root.c:72:6: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(POP_CHROOT)) return log_error("chroot");
data/popa3d-1.0.3/startup.c:53:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "DV")) != -1) {
data/popa3d-1.0.3/auth_pam.c:94:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, userpass->pass, strlen(userpass->pass));
data/popa3d-1.0.3/database.c:35:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry, msg, sizeof(struct db_message));
data/popa3d-1.0.3/database.h:32:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[16]; /* MD5 hash, to be used for UIDL */
data/popa3d-1.0.3/mailbox.c:149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line_buffer[saved], current, extra);
data/popa3d-1.0.3/mailbox.c:171:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line_buffer[saved], current, extra);
data/popa3d-1.0.3/mailbox.c:360:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mailbox_fd = open(pathname, O_RDWR | O_NOCTTY | O_NONBLOCK);
data/popa3d-1.0.3/md5/md5.c:227:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/popa3d-1.0.3/md5/md5.c:231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, available);
data/popa3d-1.0.3/md5/md5.c:242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/popa3d-1.0.3/md5/md5.h:37:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/popa3d-1.0.3/misc.c:111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p = result, s1, n);
data/popa3d-1.0.3/misc.c:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s, l);
data/popa3d-1.0.3/pop_root.c:108:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char auth[AUTH_BUFFER_SIZE + 2];
data/popa3d-1.0.3/protocol.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[POP_BUFFER_SIZE];
data/popa3d-1.0.3/protocol.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[POP_BUFFER_SIZE];
data/popa3d-1.0.3/virtual.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth[VIRTUAL_AUTH_SIZE];
data/popa3d-1.0.3/virtual.c:128:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(pathname, O_RDONLY)) < 0 && errno != ENOENT) {
data/popa3d-1.0.3/auth_pam.c:89:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(userpass->user) + 1 + strlen(userpass->pass));
data/popa3d-1.0.3/auth_pam.c:89:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(userpass->user) + 1 + strlen(userpass->pass));
data/popa3d-1.0.3/auth_pam.c:93:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output += strlen(output) + 1;
data/popa3d-1.0.3/auth_pam.c:94:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(output, userpass->pass, strlen(userpass->pass));
data/popa3d-1.0.3/auth_pam.c:136:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset((*resp)[i].resp, 0, strlen((*resp)[i].resp));
data/popa3d-1.0.3/auth_pam.c:157:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
data/popa3d-1.0.3/auth_pam.c:211:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
data/popa3d-1.0.3/auth_passwd.c:36:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
data/popa3d-1.0.3/auth_shadow.c:36:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
data/popa3d-1.0.3/auth_shadow.c:67:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(channel[0], &result, 1) != 1) pw = NULL;
data/popa3d-1.0.3/mailbox.c:192:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
block = read(mailbox_fd, file_buffer, block);
data/popa3d-1.0.3/mailbox.c:444:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
block = read(mailbox_fd, buffer, size);
data/popa3d-1.0.3/mailbox.c:459:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
block = read(mailbox_fd, buffer, FILE_BUFFER_SIZE);
data/popa3d-1.0.3/misc.c:99:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = n = strlen(s1);
data/popa3d-1.0.3/misc.c:102:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/popa3d-1.0.3/misc.c:115:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/popa3d-1.0.3/pop_auth.c:60:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_loop(channel, pop_user, strlen(pop_user) + 1);
data/popa3d-1.0.3/pop_auth.c:61:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_loop(channel, pop_pass, strlen(pop_pass) + 1);
data/popa3d-1.0.3/pop_root.c:88:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
block = read(fd, &buffer[offset], count);
data/popa3d-1.0.3/pop_root.c:131:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass = &user[strlen(user) + 1];
data/popa3d-1.0.3/pop_root.c:136:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pass, 0, strlen(pass));
data/popa3d-1.0.3/pop_root.c:142:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pass, 0, strlen(pass));
data/popa3d-1.0.3/pop_root.c:147:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pass, 0, strlen(pass));
data/popa3d-1.0.3/pop_root.c:152:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pass, 0, strlen(pass));
data/popa3d-1.0.3/pop_root.c:190:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077);
data/popa3d-1.0.3/pop_root.c:201:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
data/popa3d-1.0.3/protocol.c:53:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(0, pop_buffer.data, sizeof(pop_buffer.data));
data/popa3d-1.0.3/protocol.c:157:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(current) > 40) current = NULL;
data/popa3d-1.0.3/protocol.c:237:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in_block = read(fd, in_buffer, RETR_BUFFER_SIZE);
data/popa3d-1.0.3/protocol.c:239:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in_block = read(fd, in_buffer, size);
data/popa3d-1.0.3/virtual.c:146:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((size = read(fd, auth, sizeof(auth))) < 0) {
data/popa3d-1.0.3/virtual.c:174:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
ANALYSIS SUMMARY:
Hits = 59
Lines analyzed = 3413 in approximately 0.09 seconds (35928 lines/second)
Physical Source Lines of Code (SLOC) = 2242
Hits@level = [0] 19 [1] 32 [2] 17 [3] 2 [4] 8 [5] 0
Hits@level+ = [0+] 78 [1+] 59 [2+] 27 [3+] 10 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 34.7904 [1+] 26.3158 [2+] 12.0428 [3+] 4.4603 [4+] 3.56824 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.