Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/scsitools-0.12/scsidev/scsidev.c
Examining data/scsitools-0.12/scsifmt/scsifmt.c
Examining data/scsitools-0.12/scsiinfo/tworands.c
Examining data/scsitools-0.12/scsiinfo/scsiinfo.c
Examining data/scsitools-0.12/scsiinfo/scsiformat.c
Examining data/scsitools-0.12/scsistop/scsistop-0.3.3.c
Examining data/scsitools-0.12/sraw/srawread.c
Examining data/scsitools-0.12/debian/scsi-spin.c
FINAL RESULTS:
data/scsitools-0.12/scsidev/scsidev.c:710:2: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown (nm, st->st_uid, st->st_gid);
data/scsitools-0.12/scsidev/scsidev.c:711:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (nm, st->st_mode | fmode);
data/scsitools-0.12/scsidev/scsidev.c:873:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
int n = readlink (nm, realnm, 63);
data/scsitools-0.12/scsidev/scsidev.c:2008:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ln = readlink (nm, buf, 128);
data/scsitools-0.12/scsidev/scsidev.c:2018:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ln = readlink (nm, buf, 128);
data/scsitools-0.12/scsidev/scsidev.c:542:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (nm, DEVSCSI); strcat (nm, "/");
data/scsitools-0.12/scsidev/scsidev.c:574:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (nm, dnm);
data/scsitools-0.12/scsidev/scsidev.c:585:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (genpart, app);
data/scsitools-0.12/scsidev/scsidev.c:732:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, SHADOW);
data/scsitools-0.12/scsidev/scsidev.c:733:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, ++ptr);
data/scsitools-0.12/scsidev/scsidev.c:922:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (linkto, spnt->oldname);
data/scsitools-0.12/scsidev/scsidev.c:972:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, DEVSCSI); strcat (filename, "/");
data/scsitools-0.12/scsidev/scsidev.c:973:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (filename, de->d_name);
data/scsitools-0.12/scsidev/scsidev.c:1015:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, DEVSCSI); strcat (filename, "/");
data/scsitools-0.12/scsidev/scsidev.c:1016:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (filename, de->d_name);
data/scsitools-0.12/scsidev/scsidev.c:1476:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (nm2, nm);
data/scsitools-0.12/scsidev/scsidev.c:1779:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (phost, sde->d_name);
data/scsitools-0.12/scsidev/scsidev.c:1780:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (phost, num);
data/scsitools-0.12/scsidev/scsidev.c:1802:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (nm2, nm);
data/scsitools-0.12/scsidev/scsidev.c:1812:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (lnbuf, " %x-%x : %s", &io1, &io2, name);
data/scsitools-0.12/scsidev/scsidev.c:1897:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "open %s %03x:%05x",
data/scsitools-0.12/scsidev/scsidev.c:2011:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sysfsdevptr->nm, ptr+1);
data/scsitools-0.12/scsidev/scsidev.c:2021:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sysfsdevptr->nm, ptr+1);
data/scsitools-0.12/scsidev/scsidev.c:2033:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nm, basenm);
data/scsitools-0.12/scsidev/scsidev.c:2034:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nm, dent->d_name);
data/scsitools-0.12/scsidev/scsidev.c:2047:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nm, basenm);
data/scsitools-0.12/scsidev/scsidev.c:2048:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nm, suffix);
data/scsitools-0.12/scsidev/scsidev.c:2335:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, DEVSCSI " either does not exist, or is not a directory\n");
data/scsitools-0.12/scsidev/scsidev.c:2860:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (scsidev, DEVSCSI "/%s", name);
data/scsitools-0.12/scsidev/scsidev.c:2871:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (nm2, ptr? ptr+1: match->name);
data/scsitools-0.12/scsidev/scsidev.c:2872:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (scsidev, DEVSCSI "/n%s", name);
data/scsitools-0.12/scsidev/scsidev.c:2901:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(scsidev, DEVSCSI "/%s-p%d", name,
data/scsitools-0.12/scsiinfo/scsiformat.c:153:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, params);
data/scsitools-0.12/scsiinfo/scsiformat.c:568:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, params);
data/scsitools-0.12/scsiinfo/scsiformat.c:689:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, tmpfname);
data/scsitools-0.12/scsiinfo/scsiformat.c:699:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, dptr->d_name);
data/scsitools-0.12/scsiinfo/scsiformat.c:709:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpfname, buff);
data/scsitools-0.12/scsiinfo/scsiformat.c:1217:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(partdev, devicename);
data/scsitools-0.12/scsiinfo/scsiformat.c:1444:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VERSION "\n");
data/scsitools-0.12/scsistop/scsistop-0.3.3.c:255:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ( buffer, argv[1] );
data/scsitools-0.12/scsistop/scsistop-0.3.3.c:257:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( system( buffer ) != 0 )
data/scsitools-0.12/debian/scsi-spin.c:323:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt_long(argc, argv, "vudewlLfnp", cmd_line_opts, NULL)) != EOF) {
data/scsitools-0.12/scsidev/scsidev.c:2338:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "ypflLvqshnderoMm:c:A:")) != -1) {
data/scsitools-0.12/scsiinfo/scsiformat.c:1371:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned) time(NULL));
data/scsitools-0.12/scsiinfo/scsiformat.c:1404:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "b:t:I:i:vVXTeopicsSd:D:B:PLHF:M:y:f:G:")) != EOF) {
data/scsitools-0.12/scsiinfo/scsiinfo.c:1382:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "agdcfisDeCXmMSRvlnLpVIF:")) != EOF) {
data/scsitools-0.12/scsiinfo/tworands.c:18:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)(tv.tv_sec + tv.tv_usec));
data/scsitools-0.12/scsiinfo/tworands.c:19:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)rand());
data/scsitools-0.12/scsiinfo/tworands.c:20:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)rand());
data/scsitools-0.12/debian/scsi-spin.c:86:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sense[16];
data/scsitools-0.12/debian/scsi-spin.c:139:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmdblk [6] =
data/scsitools-0.12/debian/scsi-spin.c:168:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmdblk [6] =
data/scsitools-0.12/debian/scsi-spin.c:214:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open( device, O_RDONLY );
data/scsitools-0.12/debian/scsi-spin.c:241:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open( mdev, O_RDONLY );
data/scsitools-0.12/debian/scsi-spin.c:391:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device, O_RDWR);
data/scsitools-0.12/debian/scsi-spin.c:394:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device, O_RDONLY);
data/scsitools-0.12/scsidev/scsidev.c:448:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (spnt1, spnt, sizeof (sname));
data/scsitools-0.12/scsidev/scsidev.c:536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[64]; char *genpart;
data/scsitools-0.12/scsidev/scsidev.c:537:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char app[8];
data/scsitools-0.12/scsidev/scsidev.c:564:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (app, "p%d", spnt->minor & 0x0f);
data/scsitools-0.12/scsidev/scsidev.c:577:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "c%db%dt%du%d",
data/scsitools-0.12/scsidev/scsidev.c:581:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "h%d-%xc%di%dl%d",
data/scsitools-0.12/scsidev/scsidev.c:636:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "sd%c", 'a' + disknum);
data/scsitools-0.12/scsidev/scsidev.c:640:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "sd%c%c", 'a' + min1, 'a' + min2);
data/scsitools-0.12/scsidev/scsidev.c:645:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "sd%c%c%c", 'a' + min1, 'a' + min2, 'a' + min3);
data/scsitools-0.12/scsidev/scsidev.c:653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char genpart[64];
data/scsitools-0.12/scsidev/scsidev.c:659:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "sg%d", spnt->minor); break;
data/scsitools-0.12/scsidev/scsidev.c:662:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "scd%d", spnt->minor);
data/scsitools-0.12/scsidev/scsidev.c:664:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "sr%d", spnt->minor);
data/scsitools-0.12/scsidev/scsidev.c:668:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "nst%d", spnt->minor & 0x7f);
data/scsitools-0.12/scsidev/scsidev.c:670:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "st%d", spnt->minor & 0x7f);
data/scsitools-0.12/scsidev/scsidev.c:674:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "nosst%d", spnt->minor & 0x7f);
data/scsitools-0.12/scsidev/scsidev.c:676:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "osst%d", spnt->minor & 0x7f);
data/scsitools-0.12/scsidev/scsidev.c:679:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart, "sch%d", spnt->minor);
data/scsitools-0.12/scsidev/scsidev.c:685:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (genpart+strlen(genpart), "%d", (spnt->minor & 0x0f));
data/scsitools-0.12/scsidev/scsidev.c:728:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, nm, ptr-nm+1);
data/scsitools-0.12/scsidev/scsidev.c:741:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shadow[64];
data/scsitools-0.12/scsidev/scsidev.c:750:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open (shadow, O_RDWR | O_CREAT | O_EXCL);
data/scsitools-0.12/scsidev/scsidev.c:759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shadow[64];
data/scsitools-0.12/scsidev/scsidev.c:762:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (shadow, O_RDONLY);
data/scsitools-0.12/scsidev/scsidev.c:780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shadow[64];
data/scsitools-0.12/scsidev/scsidev.c:872:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realnm[64];
data/scsitools-0.12/scsidev/scsidev.c:919:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkto[64];
data/scsitools-0.12/scsidev/scsidev.c:921:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (linkto, "/dev/");
data/scsitools-0.12/scsidev/scsidev.c:941:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[64];
data/scsitools-0.12/scsidev/scsidev.c:1001:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[60];
data/scsitools-0.12/scsidev/scsidev.c:1077:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[160];
data/scsitools-0.12/scsidev/scsidev.c:1125:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (TESTDEV, O_RDONLY | O_NONBLOCK);
data/scsitools-0.12/scsidev/scsidev.c:1200:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (spnt1->name, O_RDONLY | O_NONBLOCK);
data/scsitools-0.12/scsidev/scsidev.c:1243:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (TESTDEV, O_RDONLY | O_NONBLOCK);
data/scsitools-0.12/scsidev/scsidev.c:1270:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (spnt1->name, O_RDONLY | O_NONBLOCK);
data/scsitools-0.12/scsidev/scsidev.c:1327:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (spnt1->name, O_RDONLY | O_NONBLOCK);
data/scsitools-0.12/scsidev/scsidev.c:1378:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (spnt1->name, O_RDONLY | O_NONBLOCK);
data/scsitools-0.12/scsidev/scsidev.c:1422:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (spnt1->name, O_RDONLY | O_NONBLOCK);
data/scsitools-0.12/scsidev/scsidev.c:1459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pline[128]; char *ptr;
data/scsitools-0.12/scsidev/scsidev.c:1460:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pf = fopen ("/proc/partitions", "r");
data/scsitools-0.12/scsidev/scsidev.c:1468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[64], nm2[64];
data/scsitools-0.12/scsidev/scsidev.c:1492:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int part = atoi (ptr);
data/scsitools-0.12/scsidev/scsidev.c:1541:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (TESTDEV, mode);
data/scsitools-0.12/scsidev/scsidev.c:1625:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fourlnbuf[4][128];
data/scsitools-0.12/scsidev/scsidev.c:1664:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const scsi_device_types[MAX_SCSI_DEVICE_CODE] =
data/scsitools-0.12/scsidev/scsidev.c:1700:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9];
data/scsitools-0.12/scsidev/scsidev.c:1701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[17];
data/scsitools-0.12/scsidev/scsidev.c:1702:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rev[5];
data/scsitools-0.12/scsidev/scsidev.c:1703:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devtype[21];
data/scsitools-0.12/scsidev/scsidev.c:1704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hldev0[16], hldev1[16], hldev2[16], hldev3[16];
data/scsitools-0.12/scsidev/scsidev.c:1728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hldev[4][16];
data/scsitools-0.12/scsidev/scsidev.c:1759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[64];
data/scsitools-0.12/scsidev/scsidev.c:1760:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[8];
data/scsitools-0.12/scsidev/scsidev.c:1763:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (path, "/proc/scsi/");
data/scsitools-0.12/scsidev/scsidev.c:1764:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (num, "/%d", hnum);
data/scsitools-0.12/scsidev/scsidev.c:1781:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, O_RDONLY);
data/scsitools-0.12/scsidev/scsidev.c:1795:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lnbuf[128];
data/scsitools-0.12/scsidev/scsidev.c:1796:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm2[64]; char *nmptr;
data/scsitools-0.12/scsidev/scsidev.c:1798:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * iop = fopen ("/proc/ioports", "r");
data/scsitools-0.12/scsidev/scsidev.c:1808:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/scsitools-0.12/scsidev/scsidev.c:1829:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128]; FILE* f; char* ptr;
data/scsitools-0.12/scsidev/scsidev.c:1830:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "/sys/class/scsi_host/");
data/scsitools-0.12/scsidev/scsidev.c:1831:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf+strlen(buf), "host%d/", sdev->hostnum);
data/scsitools-0.12/scsidev/scsidev.c:1833:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "unique_id");
data/scsitools-0.12/scsidev/scsidev.c:1834:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (buf, "r");
data/scsitools-0.12/scsidev/scsidev.c:1842:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "name"); // used to be device/name
data/scsitools-0.12/scsidev/scsidev.c:1843:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (buf, "r");
data/scsitools-0.12/scsidev/scsidev.c:1845:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[128];
data/scsitools-0.12/scsidev/scsidev.c:1853:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "proc_name");
data/scsitools-0.12/scsidev/scsidev.c:1854:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (buf, "r");
data/scsitools-0.12/scsidev/scsidev.c:1893:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (TESTDEV, O_RDWR | O_NONBLOCK);
data/scsitools-0.12/scsidev/scsidev.c:1896:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scsitools-0.12/scsidev/scsidev.c:1921:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (TESTDEV, O_RDWR);
data/scsitools-0.12/scsidev/scsidev.c:1969:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (TESTDEV, O_RDWR | O_NONBLOCK);
data/scsitools-0.12/scsidev/scsidev.c:1994:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[23];
data/scsitools-0.12/scsidev/scsidev.c:2004:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scsitools-0.12/scsidev/scsidev.c:2016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128]; char *ptr;
data/scsitools-0.12/scsidev/scsidev.c:2035:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nm, "/dev");
data/scsitools-0.12/scsidev/scsidev.c:2036:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(nm, "r");
data/scsitools-0.12/scsidev/scsidev.c:2046:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[128];
data/scsitools-0.12/scsidev/scsidev.c:2049:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nm, "/dev");
data/scsitools-0.12/scsidev/scsidev.c:2050:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(nm, "r");
data/scsitools-0.12/scsidev/scsidev.c:2071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[128];
data/scsitools-0.12/scsidev/scsidev.c:2076:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (nm, "/sys/class/scsi_device/");
data/scsitools-0.12/scsidev/scsidev.c:2077:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (nm+strlen(nm), "%d:%d:%d:%d",
data/scsitools-0.12/scsidev/scsidev.c:2079:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (nm, "/device/");
data/scsitools-0.12/scsidev/scsidev.c:2085:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (nm, "type");
data/scsitools-0.12/scsidev/scsidev.c:2086:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (nm, "r");
data/scsitools-0.12/scsidev/scsidev.c:2097:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[23];
data/scsitools-0.12/scsidev/scsidev.c:2139:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scsifile = fopen (PROCSCSI, "r");
data/scsitools-0.12/scsidev/scsidev.c:2147:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scsifile = fopen (PROCSCSI, "r");
data/scsitools-0.12/scsidev/scsidev.c:2226:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (PROCSCSI, "r");
data/scsitools-0.12/scsidev/scsidev.c:2245:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (PROCSCSI, "w");
data/scsitools-0.12/scsidev/scsidev.c:2260:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (PROCSCSI, "w");
data/scsitools-0.12/scsidev/scsidev.c:2610:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/scsitools-0.12/scsidev/scsidev.c:2614:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsidev[64];
data/scsitools-0.12/scsidev/scsidev.c:2631:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configfile = fopen (scsialias, "r");
data/scsitools-0.12/scsidev/scsidev.c:2868:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm2[64]; char * ptr;
data/scsitools-0.12/scsidev/scsidev.c:2870:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (nm2, "scsi/n");
data/scsitools-0.12/scsidev/scsidev.c:2964:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (str, page+start, ln);
data/scsitools-0.12/scsidev/scsidev.c:2974:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iddata[8];
data/scsitools-0.12/scsidev/scsidev.c:3051:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ven_id[10], dev_id[130];
data/scsitools-0.12/scsidev/scsidev.c:3052:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ven_id, pid->iddata, 8);
data/scsitools-0.12/scsidev/scsidev.c:3054:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev_id, pid->iddata+8, pid->idlen-8);
data/scsitools-0.12/scsidev/scsidev.c:3115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+8, cmd, cmdlen);
data/scsitools-0.12/scsidev/scsidev.c:3127:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6] = { 0x12, (lun << 5 ) | (evpd? 1: 0), page,
data/scsitools-0.12/scsidev/scsidev.c:3150:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[INQBUFSZ];
data/scsitools-0.12/scsidev/scsidev.c:3239:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024];
data/scsitools-0.12/scsidev/scsidev.c:3241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[64];
data/scsitools-0.12/scsidev/scsidev.c:3243:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[12] = {
data/scsitools-0.12/scsifmt/scsifmt.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[256];
data/scsitools-0.12/scsifmt/scsifmt.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char id[25];
data/scsitools-0.12/scsifmt/scsifmt.c:225:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zfd = open(argv[1],0);
data/scsitools-0.12/scsiinfo/scsiformat.c:111:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char par_initpattern[65536 + 5];
data/scsitools-0.12/scsiinfo/scsiformat.c:139:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf(fh, "%02x ", (unsigned int) ((unsigned char *) buffer)[i]);
data/scsitools-0.12/scsiinfo/scsiformat.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sense_buffer[16];
data/scsitools-0.12/scsiinfo/scsiformat.c:185:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+8, sense_buffer, sgh.sb_len_wr);
data/scsitools-0.12/scsiinfo/scsiformat.c:209:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[100];
data/scsitools-0.12/scsiinfo/scsiformat.c:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + 9 + 1 + 4 + 9 + 1 + 10];
data/scsitools-0.12/scsiinfo/scsiformat.c:321:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(linebuf, "%2d:%02d:%02d", spltime->tm_hour, spltime->tm_min, spltime->tm_sec);
data/scsitools-0.12/scsiinfo/scsiformat.c:325:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(linebuf + wins.ws_col - 8, "%2d:%02d:%02d", spltime->tm_hour, spltime->tm_min,
data/scsitools-0.12/scsiinfo/scsiformat.c:329:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "(%u.%u%%, ", i / 10, i % 10);
data/scsitools-0.12/scsiinfo/scsiformat.c:331:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linebuf + wins.ws_col - 7, "unknown");
data/scsitools-0.12/scsiinfo/scsiformat.c:332:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "(Running since ");
data/scsitools-0.12/scsiinfo/scsiformat.c:336:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(buf, 0), "%dh", (int) end / 3600);
data/scsitools-0.12/scsiinfo/scsiformat.c:340:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(buf, 0), "%dm", (int) end / 60);
data/scsitools-0.12/scsiinfo/scsiformat.c:343:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(buf, 0), "%ds)", (int) end);
data/scsitools-0.12/scsiinfo/scsiformat.c:373:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(msg, 'x') + 1, "%02x", code & 255);
data/scsitools-0.12/scsiinfo/scsiformat.c:381:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *sense[16] =
data/scsitools-0.12/scsiinfo/scsiformat.c:389:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *driver_err[8] =
data/scsitools-0.12/scsiinfo/scsiformat.c:400:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *host_err[9] =
data/scsitools-0.12/scsiinfo/scsiformat.c:467:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2 * 65536 + 100];
data/scsitools-0.12/scsiinfo/scsiformat.c:504:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(end, par_initpattern, par_patternlen);
data/scsitools-0.12/scsiinfo/scsiformat.c:525:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(end, par_defects, par_defectlen);
data/scsitools-0.12/scsiinfo/scsiformat.c:682:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, *buff, name1[40], name2[40];
data/scsitools-0.12/scsiinfo/scsiformat.c:702:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(buff, "r");
data/scsitools-0.12/scsiinfo/scsiformat.c:724:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[40], *eol = "\n";
data/scsitools-0.12/scsiinfo/scsiformat.c:726:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(tmpfname, "w");
data/scsitools-0.12/scsiinfo/scsiformat.c:804:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, " %u:%u:%d", ntohl(par_defects[i]) >> 8,
data/scsitools-0.12/scsiinfo/scsiformat.c:848:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(tmpfname, "r");
data/scsitools-0.12/scsiinfo/scsiformat.c:1195:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newfd = open(newdev, O_RDWR);
data/scsitools-0.12/scsiinfo/scsiformat.c:1220:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(partdev + o, "%d", i);
data/scsitools-0.12/scsiinfo/scsiformat.c:1253:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char newdata[8], *tablow, *tabhigh, *new;
data/scsitools-0.12/scsiinfo/scsiformat.c:1259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(par_defects, newdata, size);
data/scsitools-0.12/scsiinfo/scsiformat.c:1285:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tabhigh, newdata, size);
data/scsitools-0.12/scsiinfo/scsiformat.c:1518:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flag = open("/dev/tty", O_RDWR);
data/scsitools-0.12/scsiinfo/scsiformat.c:1544:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(devicename, O_RDWR);
data/scsitools-0.12/scsiinfo/scsiformat.c:1569:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(tmpfname, 'X'), "%02lx:%02lx:%02lx:%02lx:%08lx",
data/scsitools-0.12/scsiinfo/scsiformat.c:1620:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bootsector[SECTOR_SIZE];
data/scsitools-0.12/scsiinfo/scsiinfo.c:80:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64 * 1024 + 100];
data/scsitools-0.12/scsiinfo/scsiinfo.c:81:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer1[10 * 1024 + 100];
data/scsitools-0.12/scsiinfo/scsiinfo.c:220:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((unsigned char *) buffer)[i] > 0x20)
data/scsitools-0.12/scsiinfo/scsiinfo.c:221:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf(" %c ", (unsigned int) ((unsigned char *) buffer)[i]);
data/scsitools-0.12/scsiinfo/scsiinfo.c:224:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("%02x ", (unsigned int) ((unsigned char *) buffer)[i]);
data/scsitools-0.12/scsiinfo/scsiinfo.c:323:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ptr = (unsigned char *) (unsigned long) (replacement_values[next_parameter++]);
data/scsitools-0.12/scsiinfo/scsiinfo.c:367:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sense_buffer[16];
data/scsitools-0.12/scsiinfo/scsiinfo.c:392:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+8, sense_buffer, sgh.sb_len_wr);
data/scsitools-0.12/scsiinfo/scsiinfo.c:536:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd + 6, contents, pagelen1);
data/scsitools-0.12/scsiinfo/scsiinfo.c:796:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *) buffer, "%u:%u:%d", getnbyte(df, 3), df[3], getnbyte(df + 4, 4));
data/scsitools-0.12/scsiinfo/scsiinfo.c:1106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[16];
data/scsitools-0.12/scsiinfo/scsiinfo.c:1113:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test = open(devname, O_NDELAY | O_RDONLY, 0);
data/scsitools-0.12/scsiinfo/scsiinfo.c:1123:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test = open(devname, O_NDELAY | O_RDONLY, 0);
data/scsitools-0.12/scsiinfo/scsiinfo.c:1133:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test = open(devname, O_NDELAY | O_RDONLY, 0);
data/scsitools-0.12/scsiinfo/scsiinfo.c:1529:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile = open(device_name = argv[optind], O_NDELAY | O_RDONLY, 0);
data/scsitools-0.12/scsistop/scsistop-0.3.3.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[256];
data/scsitools-0.12/scsistop/scsistop-0.3.3.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[25];
data/scsitools-0.12/scsistop/scsistop-0.3.3.c:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/scsitools-0.12/scsistop/scsistop-0.3.3.c:230:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zfd = open( argv[1], 0 );
data/scsitools-0.12/scsistop/scsistop-0.3.3.c:254:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ( buffer, "sync " );
data/scsitools-0.12/sraw/srawread.c:100:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2*64*1024+8];
data/scsitools-0.12/sraw/srawread.c:158:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile = fopen( argv[c], "r" );
data/scsitools-0.12/sraw/srawread.c:164:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc>c+1) bstart = atoi(argv[c+1]);
data/scsitools-0.12/sraw/srawread.c:165:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc>c+2) bstep = atoi(argv[c+2]);
data/scsitools-0.12/scsidev/scsidev.c:409:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ln = strlen(dtp);
data/scsitools-0.12/scsidev/scsidev.c:542:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy (nm, DEVSCSI); strcat (nm, "/");
data/scsitools-0.12/scsidev/scsidev.c:575:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
genpart = nm + strlen (nm);
data/scsitools-0.12/scsidev/scsidev.c:685:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (genpart+strlen(genpart), "%d", (spnt->minor & 0x0f));
data/scsitools-0.12/scsidev/scsidev.c:972:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy (filename, DEVSCSI); strcat (filename, "/");
data/scsitools-0.12/scsidev/scsidev.c:1015:31: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy (filename, DEVSCSI); strcat (filename, "/");
data/scsitools-0.12/scsidev/scsidev.c:1031:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen (str);
data/scsitools-0.12/scsidev/scsidev.c:1472:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf (pline, " %d %d %d %8s", &maj, &min, &blk, nm) < 4)
data/scsitools-0.12/scsidev/scsidev.c:1477:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isdigit (nm2[strlen(nm2)-1])) {
data/scsitools-0.12/scsidev/scsidev.c:1478:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ptr = nm2+strlen(nm2)-1; isdigit(*ptr); --ptr);
data/scsitools-0.12/scsidev/scsidev.c:1481:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = nm + strlen(nm2);
data/scsitools-0.12/scsidev/scsidev.c:1640:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (f);
data/scsitools-0.12/scsidev/scsidev.c:1645:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (f);
data/scsitools-0.12/scsidev/scsidev.c:1722:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
return sscanf (fourlnbuf[3], " Attached drivers: %16s %16s %16s %16s",
data/scsitools-0.12/scsidev/scsidev.c:1731:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int n = sscanf (fourlnbuf[3], " Attached drivers: %16s %16s %16s %16s",
data/scsitools-0.12/scsidev/scsidev.c:1761:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* const phost = path + strlen("/proc/scsi/");
data/scsitools-0.12/scsidev/scsidev.c:1831:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (buf+strlen(buf), "host%d/", sdev->hostnum);
data/scsitools-0.12/scsidev/scsidev.c:1832:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = buf+strlen(buf);
data/scsitools-0.12/scsidev/scsidev.c:1847:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf2[strlen(buf2)-1] == '\n')
data/scsitools-0.12/scsidev/scsidev.c:1848:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf2[strlen(buf2)-1] = 0;
data/scsitools-0.12/scsidev/scsidev.c:1861:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1] == '\n')
data/scsitools-0.12/scsidev/scsidev.c:1862:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0;
data/scsitools-0.12/scsidev/scsidev.c:2028:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const ssize_t ln = strlen(pat);
data/scsitools-0.12/scsidev/scsidev.c:2077:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (nm+strlen(nm), "%d:%d:%d:%d",
data/scsitools-0.12/scsidev/scsidev.c:2648:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnt = buffer + strlen(buffer) - 1;
data/scsitools-0.12/scsidev/scsidev.c:2806:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(spnt->hostname, host, strlen(host)) != 0)
data/scsitools-0.12/scsidev/scsidev.c:2808:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(spnt->shorthostname, host, strlen(host)) != 0) )
data/scsitools-0.12/scsifmt/scsifmt.c:82:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ return ((strlen(fs) == 8) && (strncmp("/dev/sd",fs,7) == 0));
data/scsitools-0.12/scsiinfo/scsiformat.c:344:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(linebuf + (wins.ws_col - strlen(buf)) / 2, buf, strlen(buf));
data/scsitools-0.12/scsiinfo/scsiformat.c:344:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(linebuf + (wins.ws_col - strlen(buf)) / 2, buf, strlen(buf));
data/scsitools-0.12/scsiinfo/scsiformat.c:344:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(linebuf + (wins.ws_col - strlen(buf)) / 2, buf, strlen(buf));
data/scsitools-0.12/scsiinfo/scsiformat.c:688:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff = alloca(strlen(tmpfname) + NAME_MAX);
data/scsitools-0.12/scsiinfo/scsiformat.c:697:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(dptr->d_name, "scsiformat.", strlen("scsiformat.")))
data/scsitools-0.12/scsiinfo/scsiformat.c:700:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buff) > strlen(tmpfname))
data/scsitools-0.12/scsiinfo/scsiformat.c:700:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buff) > strlen(tmpfname))
data/scsitools-0.12/scsiinfo/scsiformat.c:704:14: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
dummy = fscanf(fd, "%d%d%d %35s %35s\n", &dummy, &dummy, &dummy,
data/scsitools-0.12/scsiinfo/scsiformat.c:1166:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ptr);
data/scsitools-0.12/scsiinfo/scsiformat.c:1215:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o = strlen(devicename);
data/scsitools-0.12/scsiinfo/scsiformat.c:1420:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((flag != strlen(optarg)) || (strlen(optarg) > 2) || !strlen(optarg))
data/scsitools-0.12/scsiinfo/scsiformat.c:1420:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((flag != strlen(optarg)) || (strlen(optarg) > 2) || !strlen(optarg))
data/scsitools-0.12/scsiinfo/scsiformat.c:1420:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((flag != strlen(optarg)) || (strlen(optarg) > 2) || !strlen(optarg))
data/scsitools-0.12/scsiinfo/scsiformat.c:1426:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(flag != strlen(optarg)))
data/scsitools-0.12/scsiinfo/scsiformat.c:1557:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(devicename, mnt->mnt_fsname, strlen(devicename))) {
data/scsitools-0.12/scsiinfo/scsiinfo.c:1508:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(argv[optind + i] + 1);
data/scsitools-0.12/scsistop/scsistop-0.3.3.c:143:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((strlen(fs) == 8) && (strncmp("/dev/sd",fs,7) == 0));
data/scsitools-0.12/sraw/srawread.c:145:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=1; i < strlen(argv[c]); i++)
ANALYSIS SUMMARY:
Hits = 275
Lines analyzed = 7809 in approximately 0.26 seconds (29907 lines/second)
Physical Source Lines of Code (SLOC) = 6043
Hits@level = [0] 327 [1] 46 [2] 180 [3] 8 [4] 36 [5] 5
Hits@level+ = [0+] 602 [1+] 275 [2+] 229 [3+] 49 [4+] 41 [5+] 5
Hits/KSLOC@level+ = [0+] 99.6194 [1+] 45.5072 [2+] 37.8951 [3+] 8.10856 [4+] 6.78471 [5+] 0.827404
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.