Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/rzip-2.1/acconfig.h Examining data/rzip-2.1/crc32.c Examining data/rzip-2.1/mkrandom.c Examining data/rzip-2.1/runzip.c Examining data/rzip-2.1/rzip.c Examining data/rzip-2.1/find_stream_match.c Examining data/rzip-2.1/util.c Examining data/rzip-2.1/md4.c Examining data/rzip-2.1/md4.h Examining data/rzip-2.1/main.c Examining data/rzip-2.1/rzip.h Examining data/rzip-2.1/stream.c FINAL RESULTS: data/rzip-2.1/find_stream_match.c:64:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, arglist); data/rzip-2.1/main.c:228:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(control->outfile, control->infile); data/rzip-2.1/main.c:229:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(control->outfile, control->suffix); data/rzip-2.1/util.c:38:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, ap); data/rzip-2.1/util.c:48:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, ap); data/rzip-2.1/find_stream_match.c:331:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. hash_index[i] = ((random()<<16) ^ random()); data/rzip-2.1/find_stream_match.c:331:37: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. hash_index[i] = ((random()<<16) ^ random()); data/rzip-2.1/main.c:303:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "h0123456789dS:tVvkfPo:L:", options, data/rzip-2.1/mkrandom.c:18:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. data[i] = random(); data/rzip-2.1/rzip.c:524:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. st->hash_index[i] = ((random()<<16) ^ random()); data/rzip-2.1/rzip.c:524:41: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. st->hash_index[i] = ((random()<<16) ^ random()); data/rzip-2.1/find_stream_match.c:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char olddata[len], newdata[len]; data/rzip-2.1/find_stream_match.c:215:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[BUFFER_SIZE]; data/rzip-2.1/find_stream_match.c:343:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(argv[i], O_RDONLY); data/rzip-2.1/main.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[24]; data/rzip-2.1/main.c:55:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(magic, "RZIP"); data/rzip-2.1/main.c:65:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&magic[6], &v, 4); data/rzip-2.1/main.c:67:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&magic[10], &v, 4); data/rzip-2.1/main.c:70:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&magic[6], &v, 4); data/rzip-2.1/main.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[24]; data/rzip-2.1/main.c:94:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, &magic[6], 4); data/rzip-2.1/main.c:96:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, &magic[10], 4); data/rzip-2.1/main.c:99:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, &magic[6], 4); data/rzip-2.1/main.c:151:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_in = open(control->infile,O_RDONLY); data/rzip-2.1/main.c:160:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_out = open(control->outfile,O_WRONLY|O_CREAT|O_TRUNC,0666); data/rzip-2.1/main.c:162:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_out = open(control->outfile,O_WRONLY|O_CREAT|O_EXCL,0666); data/rzip-2.1/main.c:171:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_hist = open(control->outfile,O_RDONLY); data/rzip-2.1/main.c:234:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_in = open(control->infile,O_RDONLY); data/rzip-2.1/main.c:240:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_out = open(control->outfile,O_WRONLY|O_CREAT|O_TRUNC,0666); data/rzip-2.1/main.c:242:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_out = open(control->outfile,O_WRONLY|O_CREAT|O_EXCL,0666); data/rzip-2.1/main.c:312:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). control.compression_level = atoi(optarg); data/rzip-2.1/md4.c:159:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)mctx->block + (sizeof(mctx->block) - avail), data/rzip-2.1/md4.c:164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)mctx->block + (sizeof(mctx->block) - avail), data/rzip-2.1/md4.c:178:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mctx->block, data, len); data/rzip-2.1/md4.c:202:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, mctx->hash, sizeof(mctx->hash)); data/rzip-2.1/mkrandom.c:53:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atol(argv[1]) * 1024 * 1024 / (atol(argv[3]) + 1); data/rzip-2.1/mkrandom.c:53:40: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atol(argv[1]) * 1024 * 1024 / (atol(argv[3]) + 1); data/rzip-2.1/mkrandom.c:54:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). repsize = atoi(argv[2]); data/rzip-2.1/mkrandom.c:61:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). for (i = 0; i <= atol(argv[3]); i++) { data/rzip-2.1/stream.c:430:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sinfo->s[stream].buf+sinfo->s[stream].buflen, p, n); data/rzip-2.1/stream.c:455:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, sinfo->s[stream].buf+sinfo->s[stream].bufp, n); data/rzip-2.1/find_stream_match.c:191:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd_in, olddata, len); data/rzip-2.1/find_stream_match.c:193:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd_in, newdata, len); data/rzip-2.1/find_stream_match.c:222:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd_in, data, BUFFER_SIZE); data/rzip-2.1/find_stream_match.c:259:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd_in, data+keep, BUFFER_SIZE-keep); data/rzip-2.1/main.c:83:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd_in, magic, sizeof(magic)) != sizeof(magic)) { data/rzip-2.1/main.c:138:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(control->suffix) >= strlen(control->infile) || data/rzip-2.1/main.c:138:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(control->suffix) >= strlen(control->infile) || data/rzip-2.1/main.c:141:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(control->infile) - strlen(control->suffix)) != 0) { data/rzip-2.1/main.c:141:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(control->infile) - strlen(control->suffix)) != 0) { data/rzip-2.1/main.c:146:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). control->outfile[strlen(control->infile) - strlen(control->suffix)] = 0; data/rzip-2.1/main.c:146:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). control->outfile[strlen(control->infile) - strlen(control->suffix)] = 0; data/rzip-2.1/main.c:214:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(control->suffix) <= strlen(control->infile) && data/rzip-2.1/main.c:214:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(control->suffix) <= strlen(control->infile) && data/rzip-2.1/main.c:215:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcmp(control->suffix, control->infile + strlen(control->infile) - strlen(control->suffix)) == 0) { data/rzip-2.1/main.c:215:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcmp(control->suffix, control->infile + strlen(control->infile) - strlen(control->suffix)) == 0) { data/rzip-2.1/main.c:223:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). control->outfile = malloc(strlen(control->infile) + data/rzip-2.1/main.c:224:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(control->suffix) + 1); data/rzip-2.1/runzip.c:107:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd_hist, buf, n) != n) { data/rzip-2.1/stream.c:153:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(f, p, len); ANALYSIS SUMMARY: Hits = 60 Lines analyzed = 2603 in approximately 0.13 seconds (20230 lines/second) Physical Source Lines of Code (SLOC) = 1920 Hits@level = [0] 41 [1] 19 [2] 30 [3] 6 [4] 5 [5] 0 Hits@level+ = [0+] 101 [1+] 60 [2+] 41 [3+] 11 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 52.6042 [1+] 31.25 [2+] 21.3542 [3+] 5.72917 [4+] 2.60417 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.