Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rzip-2.1/acconfig.h
Examining data/rzip-2.1/crc32.c
Examining data/rzip-2.1/mkrandom.c
Examining data/rzip-2.1/runzip.c
Examining data/rzip-2.1/rzip.c
Examining data/rzip-2.1/find_stream_match.c
Examining data/rzip-2.1/util.c
Examining data/rzip-2.1/md4.c
Examining data/rzip-2.1/md4.h
Examining data/rzip-2.1/main.c
Examining data/rzip-2.1/rzip.h
Examining data/rzip-2.1/stream.c
FINAL RESULTS:
data/rzip-2.1/find_stream_match.c:64:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, arglist);
data/rzip-2.1/main.c:228:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(control->outfile, control->infile);
data/rzip-2.1/main.c:229:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(control->outfile, control->suffix);
data/rzip-2.1/util.c:38:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/rzip-2.1/util.c:48:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/rzip-2.1/find_stream_match.c:331:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
hash_index[i] = ((random()<<16) ^ random());
data/rzip-2.1/find_stream_match.c:331:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
hash_index[i] = ((random()<<16) ^ random());
data/rzip-2.1/main.c:303:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "h0123456789dS:tVvkfPo:L:", options,
data/rzip-2.1/mkrandom.c:18:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i] = random();
data/rzip-2.1/rzip.c:524:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
st->hash_index[i] = ((random()<<16) ^ random());
data/rzip-2.1/rzip.c:524:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
st->hash_index[i] = ((random()<<16) ^ random());
data/rzip-2.1/find_stream_match.c:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char olddata[len], newdata[len];
data/rzip-2.1/find_stream_match.c:215:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[BUFFER_SIZE];
data/rzip-2.1/find_stream_match.c:343:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(argv[i], O_RDONLY);
data/rzip-2.1/main.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[24];
data/rzip-2.1/main.c:55:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(magic, "RZIP");
data/rzip-2.1/main.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&magic[6], &v, 4);
data/rzip-2.1/main.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&magic[10], &v, 4);
data/rzip-2.1/main.c:70:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&magic[6], &v, 4);
data/rzip-2.1/main.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[24];
data/rzip-2.1/main.c:94:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &magic[6], 4);
data/rzip-2.1/main.c:96:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &magic[10], 4);
data/rzip-2.1/main.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, &magic[6], 4);
data/rzip-2.1/main.c:151:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_in = open(control->infile,O_RDONLY);
data/rzip-2.1/main.c:160:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_out = open(control->outfile,O_WRONLY|O_CREAT|O_TRUNC,0666);
data/rzip-2.1/main.c:162:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_out = open(control->outfile,O_WRONLY|O_CREAT|O_EXCL,0666);
data/rzip-2.1/main.c:171:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_hist = open(control->outfile,O_RDONLY);
data/rzip-2.1/main.c:234:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_in = open(control->infile,O_RDONLY);
data/rzip-2.1/main.c:240:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_out = open(control->outfile,O_WRONLY|O_CREAT|O_TRUNC,0666);
data/rzip-2.1/main.c:242:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_out = open(control->outfile,O_WRONLY|O_CREAT|O_EXCL,0666);
data/rzip-2.1/main.c:312:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
control.compression_level = atoi(optarg);
data/rzip-2.1/md4.c:159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
data/rzip-2.1/md4.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)mctx->block + (sizeof(mctx->block) - avail),
data/rzip-2.1/md4.c:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mctx->block, data, len);
data/rzip-2.1/md4.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, mctx->hash, sizeof(mctx->hash));
data/rzip-2.1/mkrandom.c:53:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atol(argv[1]) * 1024 * 1024 / (atol(argv[3]) + 1);
data/rzip-2.1/mkrandom.c:53:40: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atol(argv[1]) * 1024 * 1024 / (atol(argv[3]) + 1);
data/rzip-2.1/mkrandom.c:54:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
repsize = atoi(argv[2]);
data/rzip-2.1/mkrandom.c:61:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (i = 0; i <= atol(argv[3]); i++) {
data/rzip-2.1/stream.c:430:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sinfo->s[stream].buf+sinfo->s[stream].buflen, p, n);
data/rzip-2.1/stream.c:455:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, sinfo->s[stream].buf+sinfo->s[stream].bufp, n);
data/rzip-2.1/find_stream_match.c:191:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd_in, olddata, len);
data/rzip-2.1/find_stream_match.c:193:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd_in, newdata, len);
data/rzip-2.1/find_stream_match.c:222:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd_in, data, BUFFER_SIZE);
data/rzip-2.1/find_stream_match.c:259:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd_in, data+keep, BUFFER_SIZE-keep);
data/rzip-2.1/main.c:83:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd_in, magic, sizeof(magic)) != sizeof(magic)) {
data/rzip-2.1/main.c:138:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(control->suffix) >= strlen(control->infile) ||
data/rzip-2.1/main.c:138:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(control->suffix) >= strlen(control->infile) ||
data/rzip-2.1/main.c:141:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(control->infile) - strlen(control->suffix)) != 0) {
data/rzip-2.1/main.c:141:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(control->infile) - strlen(control->suffix)) != 0) {
data/rzip-2.1/main.c:146:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
control->outfile[strlen(control->infile) - strlen(control->suffix)] = 0;
data/rzip-2.1/main.c:146:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
control->outfile[strlen(control->infile) - strlen(control->suffix)] = 0;
data/rzip-2.1/main.c:214:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(control->suffix) <= strlen(control->infile) &&
data/rzip-2.1/main.c:214:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(control->suffix) <= strlen(control->infile) &&
data/rzip-2.1/main.c:215:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(control->suffix, control->infile + strlen(control->infile) - strlen(control->suffix)) == 0) {
data/rzip-2.1/main.c:215:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(control->suffix, control->infile + strlen(control->infile) - strlen(control->suffix)) == 0) {
data/rzip-2.1/main.c:223:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
control->outfile = malloc(strlen(control->infile) +
data/rzip-2.1/main.c:224:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(control->suffix) + 1);
data/rzip-2.1/runzip.c:107:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd_hist, buf, n) != n) {
data/rzip-2.1/stream.c:153:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(f, p, len);
ANALYSIS SUMMARY:
Hits = 60
Lines analyzed = 2603 in approximately 0.13 seconds (20230 lines/second)
Physical Source Lines of Code (SLOC) = 1920
Hits@level = [0] 41 [1] 19 [2] 30 [3] 6 [4] 5 [5] 0
Hits@level+ = [0+] 101 [1+] 60 [2+] 41 [3+] 11 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 52.6042 [1+] 31.25 [2+] 21.3542 [3+] 5.72917 [4+] 2.60417 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.