Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rlinetd-0.9.1/port/port.h
Examining data/rlinetd-0.9.1/port/lstat.c
Examining data/rlinetd-0.9.1/port/malloc.c
Examining data/rlinetd-0.9.1/port/memcmp.c
Examining data/rlinetd-0.9.1/port/realloc.c
Examining data/rlinetd-0.9.1/port/snprintf.c
Examining data/rlinetd-0.9.1/port/stat.c
Examining data/rlinetd-0.9.1/port/strdup.c
Examining data/rlinetd-0.9.1/port/vsnprintf.c
Examining data/rlinetd-0.9.1/src/assemble.h
Examining data/rlinetd-0.9.1/src/buffer.h
Examining data/rlinetd-0.9.1/src/bytecode.h
Examining data/rlinetd-0.9.1/src/data.h
Examining data/rlinetd-0.9.1/src/db.h
Examining data/rlinetd-0.9.1/src/engine.h
Examining data/rlinetd-0.9.1/src/error.h
Examining data/rlinetd-0.9.1/src/grammar.h
Examining data/rlinetd-0.9.1/src/lex.h
Examining data/rlinetd-0.9.1/src/libdb.h
Examining data/rlinetd-0.9.1/src/parse.h
Examining data/rlinetd-0.9.1/src/rlinetd.h
Examining data/rlinetd-0.9.1/src/signals.h
Examining data/rlinetd-0.9.1/src/stack.h
Examining data/rlinetd-0.9.1/src/strings.h
Examining data/rlinetd-0.9.1/src/util.h
Examining data/rlinetd-0.9.1/src/gettext.h
Examining data/rlinetd-0.9.1/src/grammar.c
Examining data/rlinetd-0.9.1/src/lex.c
Examining data/rlinetd-0.9.1/src/assemble.c
Examining data/rlinetd-0.9.1/src/cleanups.c
Examining data/rlinetd-0.9.1/src/data.c
Examining data/rlinetd-0.9.1/src/libdb.c
Examining data/rlinetd-0.9.1/src/util.c
Examining data/rlinetd-0.9.1/src/bytecode.c
Examining data/rlinetd-0.9.1/src/connect.c
Examining data/rlinetd-0.9.1/src/db.c
Examining data/rlinetd-0.9.1/src/engine.c
Examining data/rlinetd-0.9.1/src/main.c
Examining data/rlinetd-0.9.1/src/stack.c
Examining data/rlinetd-0.9.1/src/strings.c
Examining data/rlinetd-0.9.1/src/signals.c
Examining data/rlinetd-0.9.1/src/buffer.c
Examining data/rlinetd-0.9.1/src/error.c
FINAL RESULTS:
data/rlinetd-0.9.1/port/port.h:12:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *, size_t, const char *, ...);
data/rlinetd-0.9.1/port/port.h:16:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf(char *, size_t, const char *, va_list);
data/rlinetd-0.9.1/port/snprintf.c:7:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *buf, size_t size, const char *format, ...) {
data/rlinetd-0.9.1/port/snprintf.c:11:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return vsprintf(buf, format, argp);
data/rlinetd-0.9.1/port/strdup.c:14:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, str);
data/rlinetd-0.9.1/port/vsnprintf.c:7:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf(char *buf, size_t size, const char *format, va_list ap) {
data/rlinetd-0.9.1/port/vsnprintf.c:8:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return vsprintf(buf, format, ap);
data/rlinetd-0.9.1/src/bytecode.c:101:8: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(execv(str, argv->argv)) {
data/rlinetd-0.9.1/src/bytecode.c:461:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf + strlen (buf), "%s%d", i ? ", " : "", *(op + i + 1));
data/rlinetd-0.9.1/src/db.c:87:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, #tab " get %d, %d\n", i, num##tab); \
data/rlinetd-0.9.1/src/db.c:88:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (i < 0 || i >= num##tab) { fprintf(stderr, #tab ", %d >= %d\n", i, num##tab); return 0; } \
data/rlinetd-0.9.1/src/db.c:89:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if (print) fprintf(stderr, #tab "[%d] = %s\n", i, tab[i]); \
data/rlinetd-0.9.1/src/error.c:78:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message + cur_len, max_len, fmt, argp);
data/rlinetd-0.9.1/src/grammar.c:1000:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/rlinetd-0.9.1/src/grammar.c:3699:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file, dir);
data/rlinetd-0.9.1/src/grammar.c:3701:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file, de->d_name);
data/rlinetd-0.9.1/src/bytecode.c:137:8: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if(chroot(argv->str))
data/rlinetd-0.9.1/src/main.c:68:6: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long
data/rlinetd-0.9.1/src/main.c:70:6: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt
data/rlinetd-0.9.1/src/assemble.c:169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp->elems, a->elems, sizeof(rl_opcode_t) * a->len);
data/rlinetd-0.9.1/src/assemble.c:317:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o->bytes, opm->bytes, sizeof(rl_opcode_t)*opm->len);
data/rlinetd-0.9.1/src/assemble.c:320:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (opm->fixup) memcpy(o->fixup, opm->fixup, sizeof(opmeta_fixup_ptr)*opm->len);
data/rlinetd-0.9.1/src/bytecode.c:214:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_ip[100];
data/rlinetd-0.9.1/src/bytecode.c:455:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/rlinetd-0.9.1/src/data.c:110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*to, from, sizeof(**to));
data/rlinetd-0.9.1/src/error.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/rlinetd-0.9.1/src/gettext.h:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/rlinetd-0.9.1/src/gettext.h:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rlinetd-0.9.1/src/gettext.h:211:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/rlinetd-0.9.1/src/gettext.h:213:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/rlinetd-0.9.1/src/gettext.h:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/rlinetd-0.9.1/src/gettext.h:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rlinetd-0.9.1/src/gettext.h:257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/rlinetd-0.9.1/src/gettext.h:259:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/rlinetd-0.9.1/src/grammar.c:1246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/rlinetd-0.9.1/src/grammar.c:1433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/rlinetd-0.9.1/src/grammar.c:1673:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((logcur->index = open(logcur->path, O_CREAT|O_APPEND|O_WRONLY, logcur->mode)) < 0) {
data/rlinetd-0.9.1/src/grammar.c:2528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[20];
data/rlinetd-0.9.1/src/grammar.c:3029:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((yyin = fopen(files[curfile], "r"))) {
data/rlinetd-0.9.1/src/grammar.c:3487:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, from, sizeof(*to));
data/rlinetd-0.9.1/src/grammar.c:3504:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to->filter, from->filter, from->filterlen);
data/rlinetd-0.9.1/src/grammar.c:3578:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(yyin = fopen(rl_config, "r"))) {
data/rlinetd-0.9.1/src/grammar.c:3668:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[128];
data/rlinetd-0.9.1/src/lex.c:1407:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yylval.cp, yytext + 1, yyleng - 2);
data/rlinetd-0.9.1/src/libdb.c:382:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufs[idx].addr, buf, len);
data/rlinetd-0.9.1/src/libdb.c:426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to->ops_list, from->ops_list, len);
data/rlinetd-0.9.1/src/libdb.c:493:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdsets + numfdsets - 1, fds, sizeof(*fds));
data/rlinetd-0.9.1/src/signals.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->inst->rusage, &rusage, sizeof(rusage));
data/rlinetd-0.9.1/src/strings.c:96:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(l->arg, "<unknown>");
data/rlinetd-0.9.1/src/strings.c:116:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(l->arg, "<unknown>");
data/rlinetd-0.9.1/src/strings.c:233:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l->arg, &tt, sizeof(tt)); /* ugh */
data/rlinetd-0.9.1/src/util.c:18:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(path, O_RDONLY)) < 0) {
data/rlinetd-0.9.1/port/strdup.c:11:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = malloc(strlen(str) + 1);
data/rlinetd-0.9.1/src/buffer.c:14:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(sock, buf, len);
data/rlinetd-0.9.1/src/bytecode.c:461:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (buf + strlen (buf), "%s%d", i ? ", " : "", *(op + i + 1));
data/rlinetd-0.9.1/src/error.c:74:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen(message);
data/rlinetd-0.9.1/src/gettext.h:197:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/rlinetd-0.9.1/src/gettext.h:198:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/rlinetd-0.9.1/src/gettext.h:243:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/rlinetd-0.9.1/src/gettext.h:244:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/rlinetd-0.9.1/src/grammar.c:100:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define NAMLEN(dirent) strlen((dirent)->d_name)
data/rlinetd-0.9.1/src/grammar.c:1146:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/rlinetd-0.9.1/src/grammar.c:3695:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file = malloc(strlen(dir) + NAMLEN(de) + 2);
data/rlinetd-0.9.1/src/grammar.c:3700:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(file, "/");
data/rlinetd-0.9.1/src/grammar.c:3735:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cb = buftab_addbuf(b, strlen(b));
data/rlinetd-0.9.1/src/lex.c:899:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/rlinetd-0.9.1/src/lex.c:2172:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,(int) strlen(yystr) );
data/rlinetd-0.9.1/src/libdb.c:58:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(arg);
data/rlinetd-0.9.1/src/libdb.c:64:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loglist_append(idx, LOG_TEXT, start, strlen(start));
data/rlinetd-0.9.1/src/libdb.c:75:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loglist_append(idx, LOG_TEXT, start, strlen(start));
data/rlinetd-0.9.1/src/libdb.c:82:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loglist_append(idx, LOG_TEXT, start, strlen(start));
data/rlinetd-0.9.1/src/libdb.c:114:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(argvs[idx].ents[i].arg, arg, len);
data/rlinetd-0.9.1/src/libdb.c:207:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(arg);
data/rlinetd-0.9.1/src/libdb.c:214:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loglist_append(idx, LOG_TEXT, start, strlen(start));
data/rlinetd-0.9.1/src/libdb.c:224:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loglist_append(idx, LOG_TEXT, start, strlen(start));
data/rlinetd-0.9.1/src/libdb.c:232:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loglist_append(idx, LOG_TEXT, start, strlen(start));
data/rlinetd-0.9.1/src/libdb.c:247:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loglist_append(idx, LOG_TEXT, start, strlen(start));
data/rlinetd-0.9.1/src/strings.c:44:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(a->str, a->ents[i].arg, a->ents[i].len);
data/rlinetd-0.9.1/src/strings.c:97:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->len = strlen(l->arg);
data/rlinetd-0.9.1/src/strings.c:110:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(l->arg, inet_ntoa(((struct sockaddr_in *)inst->sin)->sin_addr), 80);
data/rlinetd-0.9.1/src/strings.c:112:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->len = strlen(l->arg);
data/rlinetd-0.9.1/src/strings.c:117:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->len = strlen(l->arg);
data/rlinetd-0.9.1/src/util.c:30:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, tmp, st.st_size) < 0) {
ANALYSIS SUMMARY:
Hits = 83
Lines analyzed = 10202 in approximately 0.27 seconds (37904 lines/second)
Physical Source Lines of Code (SLOC) = 8072
Hits@level = [0] 46 [1] 31 [2] 33 [3] 3 [4] 16 [5] 0
Hits@level+ = [0+] 129 [1+] 83 [2+] 52 [3+] 19 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 15.9812 [1+] 10.2825 [2+] 6.44202 [3+] 2.35382 [4+] 1.98216 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.