Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/signify-openbsd-30/base64.c Examining data/signify-openbsd-30/bcrypt_pbkdf.c Examining data/signify-openbsd-30/blf.h Examining data/signify-openbsd-30/blowfish.c Examining data/signify-openbsd-30/compat.h Examining data/signify-openbsd-30/crypto_api.c Examining data/signify-openbsd-30/crypto_api.h Examining data/signify-openbsd-30/explicit_bzero.c Examining data/signify-openbsd-30/explicit_bzero.h Examining data/signify-openbsd-30/fe25519.c Examining data/signify-openbsd-30/fe25519.h Examining data/signify-openbsd-30/ge25519.h Examining data/signify-openbsd-30/helper.c Examining data/signify-openbsd-30/mod_ed25519.c Examining data/signify-openbsd-30/mod_ge25519.c Examining data/signify-openbsd-30/ohash.c Examining data/signify-openbsd-30/ohash.h Examining data/signify-openbsd-30/pledge_noop.c Examining data/signify-openbsd-30/pledge_waive.c Examining data/signify-openbsd-30/sc25519.c Examining data/signify-openbsd-30/sc25519.h Examining data/signify-openbsd-30/sha2.c Examining data/signify-openbsd-30/sha2.h Examining data/signify-openbsd-30/signify.c Examining data/signify-openbsd-30/signify.h Examining data/signify-openbsd-30/timingsafe_bcmp.c Examining data/signify-openbsd-30/zsig.c FINAL RESULTS: data/signify-openbsd-30/signify.c:408:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nr = snprintf(sigcomment, sizeof(sigcomment), data/signify-openbsd-30/signify.c:778:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) { data/signify-openbsd-30/fe25519.c:98:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void fe25519_unpack(fe25519 *r, const unsigned char x[32]) data/signify-openbsd-30/fe25519.c:106:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void fe25519_pack(unsigned char r[32], const fe25519 *x) data/signify-openbsd-30/fe25519.h:40:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void fe25519_unpack(fe25519 *r, const unsigned char x[32]); data/signify-openbsd-30/fe25519.h:42:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void fe25519_pack(unsigned char r[32], const fe25519 *x); data/signify-openbsd-30/ge25519.h:33:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); data/signify-openbsd-30/ge25519.h:35:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ge25519_pack(unsigned char r[32], const ge25519 *p); data/signify-openbsd-30/helper.c:70:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(filename, O_RDONLY)) == -1) data/signify-openbsd-30/mod_ed25519.c:32:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char extsk[64]; data/signify-openbsd-30/mod_ed25519.c:58:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char r[32]; data/signify-openbsd-30/mod_ed25519.c:59:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/signify-openbsd-30/mod_ed25519.c:60:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char extsk[64]; data/signify-openbsd-30/mod_ed25519.c:62:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hmg[crypto_hash_sha512_BYTES]; data/signify-openbsd-30/mod_ed25519.c:63:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hram[crypto_hash_sha512_BYTES]; data/signify-openbsd-30/mod_ed25519.c:110:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t2[32]; data/signify-openbsd-30/mod_ed25519.c:113:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hram[crypto_hash_sha512_BYTES]; data/signify-openbsd-30/mod_ge25519.c:201:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32]) data/signify-openbsd-30/mod_ge25519.c:248:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ge25519_pack(unsigned char r[32], const ge25519_p3 *p) data/signify-openbsd-30/mod_ge25519.c:271:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b[127]; data/signify-openbsd-30/mod_ge25519.c:314:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char b[85]; data/signify-openbsd-30/ohash.c:53:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p+i->key_offset, start, *end-start); data/signify-openbsd-30/sc25519.c:34:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t[32]; data/signify-openbsd-30/sc25519.c:100:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]) data/signify-openbsd-30/sc25519.c:109:63: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]) data/signify-openbsd-30/sc25519.c:115:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]) data/signify-openbsd-30/sc25519.c:132:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) data/signify-openbsd-30/sc25519.c:219:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_window3(signed char r[85], const sc25519 *s) data/signify-openbsd-30/sc25519.c:256:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_window5(signed char r[51], const sc25519 *s) data/signify-openbsd-30/sc25519.c:293:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2) data/signify-openbsd-30/sc25519.h:44:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); data/signify-openbsd-30/sc25519.h:46:63: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]); data/signify-openbsd-30/sc25519.h:48:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); data/signify-openbsd-30/sc25519.h:52:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_to32bytes(unsigned char r[32], const sc25519 *x); data/signify-openbsd-30/sc25519.h:71:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_window3(signed char r[85], const sc25519 *s); data/signify-openbsd-30/sc25519.h:76:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_window5(signed char r[51], const sc25519 *s); data/signify-openbsd-30/sc25519.h:78:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); data/signify-openbsd-30/sha2.c:307:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st32, sha224_initial_hash_value, data/signify-openbsd-30/sha2.c:333:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH); data/signify-openbsd-30/sha2.c:344:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st32, sha256_initial_hash_value, data/signify-openbsd-30/sha2.c:526:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, freespace); data/signify-openbsd-30/sha2.c:533:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, len); data/signify-openbsd-30/sha2.c:549:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->buffer, data, len); data/signify-openbsd-30/sha2.c:613:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH); data/signify-openbsd-30/sha2.c:624:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st64, sha512_initial_hash_value, data/signify-openbsd-30/sha2.c:807:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, freespace); data/signify-openbsd-30/sha2.c:814:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, len); data/signify-openbsd-30/sha2.c:830:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->buffer, data, len); data/signify-openbsd-30/sha2.c:894:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH); data/signify-openbsd-30/sha2.c:906:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st64, sha384_initial_hash_value, data/signify-openbsd-30/sha2.c:932:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH); data/signify-openbsd-30/sha2.c:943:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state.st64, sha512_256_initial_hash_value, data/signify-openbsd-30/sha2.c:969:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state.st64, SHA512_256_DIGEST_LENGTH); data/signify-openbsd-30/signify.c:106:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fname, oflags, mode); data/signify-openbsd-30/signify.c:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b64[2048]; data/signify-openbsd-30/signify.c:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b64[1024]; data/signify-openbsd-30/signify.c:260:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pass[1024]; data/signify-openbsd-30/signify.c:276:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pass2[1024]; data/signify-openbsd-30/signify.c:301:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sig, sigbuf, SIGBYTES); data/signify-openbsd-30/signify.c:314:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char commentbuf[COMMENTMAXLEN]; data/signify-openbsd-30/signify.c:325:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(enckey.pkalg, PKALG, 2); data/signify-openbsd-30/signify.c:326:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(enckey.kdfalg, KDFALG, 2); data/signify-openbsd-30/signify.c:328:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(enckey.keynum, keynum, KEYNUMLEN); data/signify-openbsd-30/signify.c:344:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pubkey.pkalg, PKALG, 2); data/signify-openbsd-30/signify.c:345:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pubkey.keynum, keynum, KEYNUMLEN); data/signify-openbsd-30/signify.c:398:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[COMMENTMAXLEN], sigcomment[COMMENTMAXLEN]; data/signify-openbsd-30/signify.c:430:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sig.keynum, enckey.keynum, KEYNUMLEN); data/signify-openbsd-30/signify.c:433:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sig.pkalg, PKALG, 2); data/signify-openbsd-30/signify.c:476:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sigbuf, sig->sig, SIGBYTES); data/signify-openbsd-30/signify.c:477:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sigbuf + SIGBYTES, msg, msglen); data/signify-openbsd-30/signify.c:512:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[PATH_MAX]; data/signify-openbsd-30/signify.c:534:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sigcomment[COMMENTMAXLEN]; data/signify-openbsd-30/signify.c:554:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sigcomment[COMMENTMAXLEN]; data/signify-openbsd-30/signify.c:598:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[PATH_MAX]; data/signify-openbsd-30/signify.c:599:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash[HASHBUFSIZE]; data/signify-openbsd-30/signify.c:600:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char algo[32]; data/signify-openbsd-30/signify.c:636:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[HASHBUFSIZE]; data/signify-openbsd-30/signify.c:738:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sigcomment[COMMENTMAXLEN]; data/signify-openbsd-30/signify.c:759:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sigfilebuf[PATH_MAX]; data/signify-openbsd-30/zsig.c:151:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, residual, n); data/signify-openbsd-30/zsig.c:243:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[80]; data/signify-openbsd-30/blowfish.c:691:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). blf_key(&c, (u_int8_t *) key2, strlen(key2)); data/signify-openbsd-30/fe25519.c:14:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static crypto_uint32 equal(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ data/signify-openbsd-30/fe25519.c:85:21: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. crypto_uint32 m = equal(r->v[31],127); data/signify-openbsd-30/fe25519.c:87:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. m &= equal(r->v[i],255); data/signify-openbsd-30/fe25519.c:121:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. r = equal(t.v[0],0); data/signify-openbsd-30/fe25519.c:123:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. r &= equal(t.v[i],0); data/signify-openbsd-30/helper.c:88:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((nr = read(fd, buffer, MINIMUM(sizeof(buffer), len))) > 0) { data/signify-openbsd-30/mod_ge25519.c:156:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static unsigned char equal(signed char b,signed char c) data/signify-openbsd-30/mod_ge25519.c:179:55: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); data/signify-openbsd-30/mod_ge25519.c:179:68: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); data/signify-openbsd-30/mod_ge25519.c:180:55: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); data/signify-openbsd-30/mod_ge25519.c:180:68: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); data/signify-openbsd-30/mod_ge25519.c:181:55: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); data/signify-openbsd-30/mod_ge25519.c:181:68: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); data/signify-openbsd-30/mod_ge25519.c:182:55: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4)); data/signify-openbsd-30/ohash.c:50:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *end = start + strlen(start); data/signify-openbsd-30/ohash.c:212:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *e = s + strlen(s); data/signify-openbsd-30/sha2.c:90:32: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN data/signify-openbsd-30/signify.c:162:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((rv = read(fd, b64, sizeof(b64) - 1)) == -1) data/signify-openbsd-30/signify.c:198:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((x = read(fd, msg + msglen, space)) == -1) data/signify-openbsd-30/signify.c:250:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeall(fd, header, strlen(header), filename); data/signify-openbsd-30/signify.c:251:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). explicit_bzero(header, strlen(header)); data/signify-openbsd-30/signify.c:273:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pass) == 0) data/signify-openbsd-30/signify.c:284:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!errstr && bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key, data/signify-openbsd-30/signify.c:364:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(seckeyfile); data/signify-openbsd-30/signify.c:374:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pubkeyfile) != len) data/signify-openbsd-30/signify.c:409:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). VERIFYWITH "%.*s.pub", (int)strlen(keyname) - 4, keyname); data/signify-openbsd-30/signify.c:453:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeall(fd, sighdr, strlen(sighdr), sigfile); data/signify-openbsd-30/signify.c:496:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). typelen = strlen(keytype); data/signify-openbsd-30/signify.c:517:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pubkeyfile += strlen(VERIFYWITH); data/signify-openbsd-30/signify.c:625:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(hash) == len) data/signify-openbsd-30/signify.c:684:8: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. rv = sscanf(line, "%31s (%1023[^)]) = %223s", data/signify-openbsd-30/zsig.c:75:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(fd, buf+len, sz-len); data/signify-openbsd-30/zsig.c:156:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t more = read(fdin, buffer+n, bufsize-n); data/signify-openbsd-30/zsig.c:277:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t n = read(fdin, buffer, bufsize); data/signify-openbsd-30/zsig.c:295:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeall(fdout, sighdr, strlen(sighdr), sigfile); data/signify-openbsd-30/zsig.c:305:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t n = read(fdin, buffer, bufsize); ANALYSIS SUMMARY: Hits = 118 Lines analyzed = 5840 in approximately 0.20 seconds (29017 lines/second) Physical Source Lines of Code (SLOC) = 4311 Hits@level = [0] 16 [1] 37 [2] 79 [3] 1 [4] 1 [5] 0 Hits@level+ = [0+] 134 [1+] 118 [2+] 81 [3+] 2 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 31.0833 [1+] 27.3718 [2+] 18.7891 [3+] 0.463929 [4+] 0.231965 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.