Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/redsocks-0.5/socks5.c
Examining data/redsocks-0.5/libc-compat.h
Examining data/redsocks-0.5/debug.c
Examining data/redsocks-0.5/parser.c
Examining data/redsocks-0.5/md5.c
Examining data/redsocks-0.5/dnstc.h
Examining data/redsocks-0.5/tests/prlimit-nofile.c
Examining data/redsocks-0.5/http-auth.c
Examining data/redsocks-0.5/log.c
Examining data/redsocks-0.5/http-connect.c
Examining data/redsocks-0.5/reddns.c
Examining data/redsocks-0.5/base64.c
Examining data/redsocks-0.5/libevent-compat.h
Examining data/redsocks-0.5/base.c
Examining data/redsocks-0.5/redudp.c
Examining data/redsocks-0.5/base.h
Examining data/redsocks-0.5/socks5.h
Examining data/redsocks-0.5/base64.h
Examining data/redsocks-0.5/main.h
Examining data/redsocks-0.5/utils.h
Examining data/redsocks-0.5/dnstc.c
Examining data/redsocks-0.5/version.h
Examining data/redsocks-0.5/md5.h
Examining data/redsocks-0.5/parser.h
Examining data/redsocks-0.5/redsocks.h
Examining data/redsocks-0.5/socks4.c
Examining data/redsocks-0.5/http-relay.c
Examining data/redsocks-0.5/redsocks.c
Examining data/redsocks-0.5/http-auth.h
Examining data/redsocks-0.5/redudp.h
Examining data/redsocks-0.5/log.h
Examining data/redsocks-0.5/list.h
Examining data/redsocks-0.5/main.c
Examining data/redsocks-0.5/utils.c
FINAL RESULTS:
data/redsocks-0.5/http-auth.c:37:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pair, "%s:%s", user, passwd);
data/redsocks-0.5/http-auth.c:250:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(res, "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\"",
data/redsocks-0.5/http-auth.c:253:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(res, "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\", qop=%s, nc=%s, cnonce=\"%s\"",
data/redsocks-0.5/http-auth.c:260:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (p, opaque);
data/redsocks-0.5/http-relay.c:183:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(auth->last_auth_query, ptr);
data/redsocks-0.5/http-relay.c:422:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(httpr->firstline, nbuff.buff);
data/redsocks-0.5/http-relay.c:499:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(httpr->host, ptr);
data/redsocks-0.5/log.h:22:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ (( format (printf, 6, 7) ))
data/redsocks-0.5/parser.h:63:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ (( format (printf, 2, 3) ))
data/redsocks-0.5/redsocks.h:154:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ (( format (printf, 8, 9) ))
data/redsocks-0.5/utils.c:255:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, placeholder);
data/redsocks-0.5/base.c:57:8: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
char *chroot;
data/redsocks-0.5/base.c:304:63: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
{ .key = "chroot", .type = pt_pchar, .addr = &instance.chroot },
data/redsocks-0.5/base.c:449:15: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (instance.chroot) {
data/redsocks-0.5/base.c:450:7: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(instance.chroot) < 0) {
data/redsocks-0.5/base.c:450:23: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(instance.chroot) < 0) {
data/redsocks-0.5/base.c:451:46: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
log_errno(LOG_ERR, "chroot(%s)", instance.chroot);
data/redsocks-0.5/base.c:456:34: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (instance.daemon || instance.chroot) {
data/redsocks-0.5/base.c:522:16: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
free(instance.chroot);
data/redsocks-0.5/main.c:68:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "h?vtc:p:")) != -1) {
data/redsocks-0.5/base.c:82:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fname, flags);
data/redsocks-0.5/base.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientaddr_str[INET6_ADDRSTRLEN], bindaddr_str[INET6_ADDRSTRLEN];
data/redsocks-0.5/base.c:442:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
devnull = open("/dev/null", O_RDWR);
data/redsocks-0.5/debug.c:90:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen("/proc/vmstat", "r");
data/redsocks-0.5/debug.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/redsocks-0.5/debug.c:103:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen("/proc/self/statm", "r");
data/redsocks-0.5/dnstc.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[0xFFFF]; // UDP packet can't be larger then that
data/redsocks-0.5/http-auth.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pair[pair_len + 1];
data/redsocks-0.5/http-auth.c:56:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
buf += sprintf(buf, "%02x", hash[i]);
data/redsocks-0.5/http-auth.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nc[9];
data/redsocks-0.5/http-auth.c:143:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nc, "%08x", count);
data/redsocks-0.5/http-auth.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a1buf[MD5_HASHLEN * 2 + 1], a2buf[MD5_HASHLEN * 2 + 1];
data/redsocks-0.5/http-auth.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[MD5_HASHLEN * 2 + 1];
data/redsocks-0.5/http-auth.c:259:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (p, ", opaque=\"");
data/redsocks-0.5/http-connect.c:114:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth->last_auth_query, ptr, last_auth_query_len);
data/redsocks-0.5/http-connect.c:233:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[128];
data/redsocks-0.5/http-connect.c:237:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cnounce[17];
data/redsocks-0.5/http-connect.c:269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientip[INET_ADDRSTRLEN];
data/redsocks-0.5/http-relay.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buff, buff->buff, buff->len);
data/redsocks-0.5/http-relay.c:92:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buff + buff->len, data, len);
data/redsocks-0.5/http-relay.c:293:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(method, httpr->firstline, ptr - httpr->firstline);
data/redsocks-0.5/http-relay.c:310:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uri, ptr, ptr2 - ptr);
data/redsocks-0.5/http-relay.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cnounce[17];
data/redsocks-0.5/http-relay.c:511:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[32]; // "Host: 123.456.789.012:34567"
data/redsocks-0.5/log.c:144:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((logfile = fopen(filename, "a")) == NULL) {
data/redsocks-0.5/main.c:106:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(confname, "r");
data/redsocks-0.5/main.c:143:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(pidfile, "w");
data/redsocks-0.5/md5.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf, data, 64);
data/redsocks-0.5/md5.c:340:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf + offset, p, copy);
data/redsocks-0.5/md5.c:354:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf, p, left);
data/redsocks-0.5/parser.c:231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, *iter, len);
data/redsocks-0.5/parser.c:355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &ia, sizeof(ia));
data/redsocks-0.5/parser.c:380:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &resolved_addr->sin_addr, sizeof(ia));
data/redsocks-0.5/parser.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &ia, sizeof(ia));
data/redsocks-0.5/parser.c:425:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pinmask , &ia, sizeof(ia));
data/redsocks-0.5/redsocks.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientaddr_str[RED_INET_ADDRSTRLEN], destaddr_str[RED_INET_ADDRSTRLEN];
data/redsocks-0.5/redsocks.c:1218:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&client->clientaddr, &clientaddr, sizeof(clientaddr));
data/redsocks-0.5/redsocks.c:1219:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&client->destaddr, &destaddr, sizeof(destaddr));
data/redsocks-0.5/redsocks.c:1284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bindaddr_str[RED_INET_ADDRSTRLEN];
data/redsocks-0.5/redudp.c:303:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->data, buf, pktlen);
data/redsocks-0.5/redudp.c:473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relayaddr_str[RED_INET_ADDRSTRLEN];
data/redsocks-0.5/redudp.c:524:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&client->clientaddr, clientaddr, sizeof(*clientaddr));
data/redsocks-0.5/redudp.c:557:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0xFFFF];
data/redsocks-0.5/redudp.c:570:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RED_INET_ADDRSTRLEN];
data/redsocks-0.5/redudp.c:592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RED_INET_ADDRSTRLEN];
data/redsocks-0.5/redudp.c:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0xFFFF]; // UDP packet can't be larger then that
data/redsocks-0.5/redudp.c:762:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RED_INET_ADDRSTRLEN];
data/redsocks-0.5/redudp.c:776:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[RED_INET_ADDRSTRLEN], buf2[RED_INET_ADDRSTRLEN];
data/redsocks-0.5/redudp.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/redsocks-0.5/socks4.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char login[1]; // we need at least zero-byte
data/redsocks-0.5/socks4.c:112:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->login, username, username_len + 1);
data/redsocks-0.5/socks5.c:144:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req[2], login, ulen);
data/redsocks-0.5/socks5.c:146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req[3+ulen], password, plen);
data/redsocks-0.5/tests/prlimit-nofile.c:13:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid_t pid = atoi(argv[1]);
data/redsocks-0.5/tests/prlimit-nofile.c:14:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rlim_t soft = atoi(argv[2]);
data/redsocks-0.5/utils.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[1024];
data/redsocks-0.5/utils.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RED_INET_ADDRSTRLEN];
data/redsocks-0.5/utils.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(toaddr, cmsgaddr, sizeof(*toaddr));
data/redsocks-0.5/utils.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RED_INET_ADDRSTRLEN];
data/redsocks-0.5/base.c:206:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(clientaddr_str, "???", sizeof(clientaddr_str));
data/redsocks-0.5/base.c:208:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(bindaddr_str, "???", sizeof(bindaddr_str));
data/redsocks-0.5/debug.c:94:7: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (fscanf(fd, "%63s %zu", buf, &pages) == 2 && strncmp(buf, "nr_", 3) == 0) {
data/redsocks-0.5/debug.c:97:46: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (int c = 0; c != EOF && c != '\n'; c = fgetc(fd))
data/redsocks-0.5/http-auth.c:34:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pair_len = strlen(user) + 1 + strlen(passwd);
data/redsocks-0.5/http-auth.c:34:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pair_len = strlen(user) + 1 + strlen(passwd);
data/redsocks-0.5/http-auth.c:153:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(realm = calloc(valuelen + 1, 1), value.b, valuelen);
data/redsocks-0.5/http-auth.c:157:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opaque = calloc(valuelen + 1, 1), value.b, valuelen);
data/redsocks-0.5/http-auth.c:161:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nonce = calloc(valuelen + 1, 1), value.b, valuelen);
data/redsocks-0.5/http-auth.c:165:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qop = calloc(valuelen + 1, 1), value.b, valuelen);
data/redsocks-0.5/http-auth.c:195:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)user, strlen(user));
data/redsocks-0.5/http-auth.c:197:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)realm, strlen(realm));
data/redsocks-0.5/http-auth.c:199:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)passwd, strlen(passwd));
data/redsocks-0.5/http-auth.c:205:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)method, strlen(method));
data/redsocks-0.5/http-auth.c:207:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)path, strlen(path));
data/redsocks-0.5/http-auth.c:214:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)a1buf, strlen(a1buf));
data/redsocks-0.5/http-auth.c:216:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)nonce, strlen(nonce));
data/redsocks-0.5/http-auth.c:219:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)nc, strlen(nc));
data/redsocks-0.5/http-auth.c:221:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)cnonce, strlen(cnonce));
data/redsocks-0.5/http-auth.c:223:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)qop, strlen(qop));
data/redsocks-0.5/http-auth.c:226:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&ctx, (md5_byte_t*)a2buf, strlen(a2buf));
data/redsocks-0.5/http-auth.c:232:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(user);
data/redsocks-0.5/http-auth.c:233:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(realm);
data/redsocks-0.5/http-auth.c:234:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(nonce);
data/redsocks-0.5/http-auth.c:235:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(path);
data/redsocks-0.5/http-auth.c:236:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(response);
data/redsocks-0.5/http-auth.c:239:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(qop);
data/redsocks-0.5/http-auth.c:240:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(nc);
data/redsocks-0.5/http-auth.c:241:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(cnonce);
data/redsocks-0.5/http-auth.c:245:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(opaque);
data/redsocks-0.5/http-auth.c:258:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = res + strlen(res);
data/redsocks-0.5/http-auth.c:261:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (p, "\"");
data/redsocks-0.5/http-auth.c:280:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (evbuffer_add(tee, line, strlen(line)) != 0 ||
data/redsocks-0.5/http-auth.c:293:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(line, auth_request_header, strlen(auth_request_header)) == 0)
data/redsocks-0.5/http-connect.c:108:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(auth_request_header);
data/redsocks-0.5/http-connect.c:112:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t last_auth_query_len = strlen(ptr) + 1;
data/redsocks-0.5/http-connect.c:146:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bufferevent_write(client->client, line, strlen(line)) != 0 ||
data/redsocks-0.5/http-connect.c:193:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0) {
data/redsocks-0.5/http-relay.c:151:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpr_buffer_append(&httpr->relay_buffer, line, strlen(line));
data/redsocks-0.5/http-relay.c:178:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(auth_request_header);
data/redsocks-0.5/http-relay.c:182:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auth->last_auth_query = calloc(strlen(ptr) + 1, 1);
data/redsocks-0.5/http-relay.c:233:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpr_buffer_append(&httpr->relay_buffer, line, strlen(line));
data/redsocks-0.5/http-relay.c:235:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0) {
data/redsocks-0.5/http-relay.c:268:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = bufferevent_write(client->relay, httpr->firstline, strlen(httpr->firstline));
data/redsocks-0.5/http-relay.c:329:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len |= bufferevent_write(client->relay, auth_response_header, strlen(auth_response_header));
data/redsocks-0.5/http-relay.c:331:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len |= bufferevent_write(client->relay, auth_scheme, strlen(auth_scheme));
data/redsocks-0.5/http-relay.c:333:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len |= bufferevent_write(client->relay, auth_string, strlen(auth_string));
data/redsocks-0.5/http-relay.c:363:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (httpr_buffer_append(&httpr->client_buffer, line, strlen(line)) != 0)
data/redsocks-0.5/http-relay.c:412:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (httpr_buffer_append(&nbuff, host, strlen(host)) != 0)
data/redsocks-0.5/http-relay.c:414:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (httpr_buffer_append(&nbuff, uri, strlen(uri)) != 0)
data/redsocks-0.5/http-relay.c:488:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > 0) {
data/redsocks-0.5/http-relay.c:498:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpr->host = calloc(strlen(ptr) + 1, 1);
data/redsocks-0.5/log.c:103:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(dst, syslog_prefix, strlen(syslog_prefix)) == 0) {
data/redsocks-0.5/log.c:104:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *facility_name = dst + strlen(syslog_prefix);
data/redsocks-0.5/log.c:142:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(dst, file_prefix, strlen(file_prefix)) == 0) {
data/redsocks-0.5/log.c:143:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *filename = dst + strlen(file_prefix);
data/redsocks-0.5/parser.c:503:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sbegin);
data/redsocks-0.5/redsocks.c:438:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const ssize_t sent = splice(c->pisrc->read, NULL, out, NULL, avail, SPLICE_F_MOVE|SPLICE_F_NONBLOCK);
data/redsocks-0.5/redsocks.c:468:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
redsocks_close(c->pisrc->read);
data/redsocks-0.5/redsocks.c:625:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
error = pipe2(&pump->request.read, O_NONBLOCK);
data/redsocks-0.5/redsocks.c:627:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
error = pipe2(&pump->reply.read, O_NONBLOCK);
data/redsocks-0.5/redsocks.c:704:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (pump->request.read != -1)
data/redsocks-0.5/redsocks.c:705:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
redsocks_close(pump->request.read);
data/redsocks-0.5/redsocks.c:708:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (pump->reply.read != -1)
data/redsocks-0.5/redsocks.c:709:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
redsocks_close(pump->reply.read);
data/redsocks-0.5/redsocks.c:859:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
UNUSED(read);
data/redsocks-0.5/redsocks.c:1316:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pump->request.read,
data/redsocks-0.5/redsocks.c:1327:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pump->reply.read,
data/redsocks-0.5/redsocks.h:66:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/redsocks-0.5/redudp.c:331:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != sizeof(reply)) {
data/redsocks-0.5/redudp.c:333:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, sizeof(reply));
data/redsocks-0.5/redudp.c:396:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != sizeof(reply)) {
data/redsocks-0.5/redudp.c:398:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, sizeof(reply));
data/redsocks-0.5/redudp.c:432:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != sizeof(reply)) {
data/redsocks-0.5/redudp.c:434:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, sizeof(reply));
data/redsocks-0.5/socks4.c:104:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t username_len = strlen(username);
data/redsocks-0.5/socks5.c:68:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(login) > 255) {
data/redsocks-0.5/socks5.c:72:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(password) > 255) {
data/redsocks-0.5/socks5.c:137:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ulen = strlen(login);
data/redsocks-0.5/socks5.c:138:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen(password);
data/redsocks-0.5/utils.c:251:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(retval);
ANALYSIS SUMMARY:
Hits = 160
Lines analyzed = 8195 in approximately 0.24 seconds (33977 lines/second)
Physical Source Lines of Code (SLOC) = 6186
Hits@level = [0] 22 [1] 81 [2] 59 [3] 9 [4] 11 [5] 0
Hits@level+ = [0+] 182 [1+] 160 [2+] 79 [3+] 20 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 29.4213 [1+] 25.8649 [2+] 12.7708 [3+] 3.23311 [4+] 1.77821 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.