Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-nss-1.0.0/src/py_ssl.c
Examining data/python-nss-1.0.0/src/py_shared_doc.h
Examining data/python-nss-1.0.0/src/py_nss.c
Examining data/python-nss-1.0.0/src/py_ssl.h
Examining data/python-nss-1.0.0/src/py_traceback.h
Examining data/python-nss-1.0.0/src/py_nspr_error.c
Examining data/python-nss-1.0.0/src/py_nspr_error.h
Examining data/python-nss-1.0.0/src/py_nspr_io.c
Examining data/python-nss-1.0.0/src/NSPRerrs.h
Examining data/python-nss-1.0.0/src/py_nspr_io.h
Examining data/python-nss-1.0.0/src/py_nspr_common.h
Examining data/python-nss-1.0.0/src/py_nss.h
Examining data/python-nss-1.0.0/src/SECerrs.h
Examining data/python-nss-1.0.0/src/SSLerrs.h
FINAL RESULTS:
data/python-nss-1.0.0/src/py_nspr_error.h:25:86: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
PyObject *(*set_nspr_error)(const char *format, ...) __attribute__ ((format (printf, 1, 2)));
data/python-nss-1.0.0/src/py_nspr_error.h:26:132: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
PyObject *(*set_cert_verify_error)(unsigned long usages, PyObject * log, const char *format, ...) __attribute__ ((format (printf, 3, 4)));
data/python-nss-1.0.0/src/py_nss.c:368:84: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
print_cert(CERTCertificate *cert, const char *format, ...) __attribute__ ((format (printf, 2, 3)));
data/python-nss-1.0.0/src/py_nss.c:385:9: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, va);
data/python-nss-1.0.0/src/py_nspr_io.c:84:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/python-nss-1.0.0/src/py_nspr_io.c:100:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/python-nss-1.0.0/src/py_nspr_io.c:118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/python-nss-1.0.0/src/py_nspr_io.c:149:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/python-nss-1.0.0/src/py_nspr_io.c:165:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/python-nss-1.0.0/src/py_nspr_io.c:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/python-nss-1.0.0/src/py_nspr_io.c:617:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/python-nss-1.0.0/src/py_nspr_io.c:3566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PR_NETDB_BUF_SIZE]; /* this is where data pointed to in PRProtoEnt is stored */
data/python-nss-1.0.0/src/py_nspr_io.c:3593:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PR_NETDB_BUF_SIZE]; /* this is where data pointed to in PRProtoEnt is stored */
data/python-nss-1.0.0/src/py_nspr_io.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PR_NETDB_BUF_SIZE]; /* this is where data pointed to in PRHostEnt is stored */
data/python-nss-1.0.0/src/py_nss.c:3493:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/python-nss-1.0.0/src/py_nss.c:3515:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/python-nss-1.0.0/src/py_nss.c:3532:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/python-nss-1.0.0/src/py_nss.c:3552:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/python-nss-1.0.0/src/py_nss.c:4270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_str[100];
data/python-nss-1.0.0/src/py_nss.c:4287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_str[100];
data/python-nss-1.0.0/src/py_nss.c:4322:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_str[100];
data/python-nss-1.0.0/src/py_nss.c:4802:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value_buf[1024];
data/python-nss-1.0.0/src/py_nss.c:4864:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value_buf[1024];
data/python-nss-1.0.0/src/py_nss.c:5058:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/python-nss-1.0.0/src/py_nss.c:5063:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.inet.ip, item->data, item->len);
data/python-nss-1.0.0/src/py_nss.c:5066:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.ipv6.ip.pr_s6_addr, item->data, item->len);
data/python-nss-1.0.0/src/py_nss.c:5070:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4);
data/python-nss-1.0.0/src/py_nspr_io.c:237:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(canonical_name),
data/python-nss-1.0.0/src/py_nspr_io.c:243:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((self->py_hostname = PyUnicode_Decode(addr_str, strlen(addr_str),
data/python-nss-1.0.0/src/py_nspr_io.c:307:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_Decode(buf, strlen(buf), "idna", NULL);
data/python-nss-1.0.0/src/py_nspr_io.c:629:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unicode_addr = PyUnicode_Decode(buf, strlen(buf), "idna", NULL)) == NULL) {
data/python-nss-1.0.0/src/py_nspr_io.c:861:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((self->py_hostname = PyUnicode_Decode(hostname, strlen(hostname),
data/python-nss-1.0.0/src/py_nspr_io.c:900:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(canonical_name),
data/python-nss-1.0.0/src/py_nspr_io.c:1066:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_Decode(self->entry.h_name, strlen(self->entry.h_name),
data/python-nss-1.0.0/src/py_nspr_io.c:1321:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(self->entry.h_aliases[i]),
data/python-nss-1.0.0/src/py_nss.c:1757:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
der_end = p + strlen(p);
data/python-nss-1.0.0/src/py_nss.c:1778:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (base64_to_SECItem(&der, text, strlen(text)) != SECSuccess) {
data/python-nss-1.0.0/src/py_nss.c:1803:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64_len = strlen(base64);
data/python-nss-1.0.0/src/py_nss.c:3165:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prefix_len = strlen(prefix);
data/python-nss-1.0.0/src/py_nss.c:3167:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > prefix_len &&
data/python-nss-1.0.0/src/py_nss.c:3654:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
separator_len = strlen(separator);
data/python-nss-1.0.0/src/py_nss.c:3822:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_len = strlen(input);
data/python-nss-1.0.0/src/py_nss.c:3825:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
separators_len = strlen(separators);
data/python-nss-1.0.0/src/py_nss.c:12612:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ascii_name) == 0) goto empty_name;
data/python-nss-1.0.0/src/py_nss.c:18279:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_DecodeUTF8(self->params.manufactureID, strlen(self->params.manufactureID), NULL);
data/python-nss-1.0.0/src/py_nss.c:18327:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_DecodeUTF8(self->params.libraryDescription, strlen(self->params.libraryDescription), NULL);
data/python-nss-1.0.0/src/py_nss.c:18377:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_DecodeUTF8(self->params.cryptoTokenDescription, strlen(self->params.cryptoTokenDescription), NULL);
data/python-nss-1.0.0/src/py_nss.c:18427:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_DecodeUTF8(self->params.dbTokenDescription, strlen(self->params.dbTokenDescription), NULL);
data/python-nss-1.0.0/src/py_nss.c:18475:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_DecodeUTF8(self->params.FIPSTokenDescription, strlen(self->params.FIPSTokenDescription), NULL);
data/python-nss-1.0.0/src/py_nss.c:18523:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_DecodeUTF8(self->params.cryptoSlotDescription, strlen(self->params.cryptoSlotDescription), NULL);
data/python-nss-1.0.0/src/py_nss.c:18571:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_DecodeUTF8(self->params.dbSlotDescription, strlen(self->params.dbSlotDescription), NULL);
data/python-nss-1.0.0/src/py_nss.c:18619:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_DecodeUTF8(self->params.FIPSSlotDescription, strlen(self->params.FIPSSlotDescription), NULL);
data/python-nss-1.0.0/src/py_nss.c:20057:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8_password_len = strlen(utf8_password) + 1;
data/python-nss-1.0.0/src/py_ssl.c:1623:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
py_hostname = PyUnicode_Decode(url, strlen(url), "idna", NULL);
ANALYSIS SUMMARY:
Hits = 54
Lines analyzed = 38688 in approximately 0.87 seconds (44485 lines/second)
Physical Source Lines of Code (SLOC) = 26081
Hits@level = [0] 23 [1] 27 [2] 23 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 77 [1+] 54 [2+] 27 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 2.95234 [1+] 2.07047 [2+] 1.03524 [3+] 0.153368 [4+] 0.153368 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.