Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/simpleproxy-3.5/cfg.c
Examining data/simpleproxy-3.5/cfg.h
Examining data/simpleproxy-3.5/simpleproxy.c
FINAL RESULTS:
data/simpleproxy-3.5/simpleproxy.c:328:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(HTTPSBasicAuthString,PROXY_HEADER_FMT,HTTPSAuthHash);
data/simpleproxy-3.5/simpleproxy.c:1164:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "CONNECT %s:%i HTTP/1.0\nUser-agent: %s%s\r\n\r\n",
data/simpleproxy-3.5/simpleproxy.c:1245:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)vsnprintf(buffer, MBUFSIZ, format, ap);
data/simpleproxy-3.5/simpleproxy.c:1251:19: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)vsprintf(buffer, format, ap);
data/simpleproxy-3.5/simpleproxy.c:1262:20: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(stderr, format, ap);
data/simpleproxy-3.5/simpleproxy.c:194:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(ac, av, "iVv7dhuL:R:H:f:p:P:D:S:s:a:A:t:")) != -1)
data/simpleproxy-3.5/cfg.c:70:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f=fopen(name,"wb"))==NULL)
data/simpleproxy-3.5/cfg.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAXTOKENLEN];
data/simpleproxy-3.5/cfg.c:133:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f=fopen(name,"rb"))==NULL)
data/simpleproxy-3.5/cfg.c:298:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfg->dict,last,sizeof(struct Dict *)*cfg->nelements);
data/simpleproxy-3.5/cfg.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/simpleproxy-3.5/cfg.c:351:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"%lu",v);
data/simpleproxy-3.5/cfg.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/simpleproxy-3.5/cfg.c:364:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"%0*lu",w, v);
data/simpleproxy-3.5/simpleproxy.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[NI_MAXHOST];
data/simpleproxy-3.5/simpleproxy.c:289:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Delay = atol(optarg);
data/simpleproxy-3.5/simpleproxy.c:534:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void) open("/", O_RDONLY);
data/simpleproxy-3.5/simpleproxy.c:596:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&res , he->h_addr , he->h_length);
data/simpleproxy-3.5/simpleproxy.c:674:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result,s,n);
data/simpleproxy-3.5/simpleproxy.c:707:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[MBUFSIZ];
data/simpleproxy-3.5/simpleproxy.c:860:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(tmp):
data/simpleproxy-3.5/simpleproxy.c:871:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f=fopen(filename,"w"))==nil)
data/simpleproxy-3.5/simpleproxy.c:889:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2048];
data/simpleproxy-3.5/simpleproxy.c:893:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f=fopen(popfile,"r"))==nil)
data/simpleproxy-3.5/simpleproxy.c:996:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[MBUFSIZ];
data/simpleproxy-3.5/simpleproxy.c:1159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[MBUFSIZ];
data/simpleproxy-3.5/simpleproxy.c:1242:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MBUFSIZ];
data/simpleproxy-3.5/simpleproxy.c:1337:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dtable[64];
data/simpleproxy-3.5/simpleproxy.c:1358:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char igroup[3];
data/simpleproxy-3.5/simpleproxy.c:1399:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer_name[NI_MAXHOST+16]; /* 16 bytes from column and port number */
data/simpleproxy-3.5/simpleproxy.c:1400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trace_header[256];
data/simpleproxy-3.5/simpleproxy.c:1406:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int tfd = open(Tracefile, O_CREAT | O_WRONLY| O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
data/simpleproxy-3.5/simpleproxy.c:1418:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[NI_MAXHOST];
data/simpleproxy-3.5/simpleproxy.c:1431:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(peer_name, "unknown source");
data/simpleproxy-3.5/cfg.c:140:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c=fgetc(f))!=EOF)
data/simpleproxy-3.5/simpleproxy.c:327:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HTTPSBasicAuthString = malloc(strlen(HTTPSAuthHash) + strlen(PROXY_HEADER_FMT));
data/simpleproxy-3.5/simpleproxy.c:327:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HTTPSBasicAuthString = malloc(strlen(HTTPSAuthHash) + strlen(PROXY_HEADER_FMT));
data/simpleproxy-3.5/simpleproxy.c:530:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/simpleproxy-3.5/simpleproxy.c:639:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uri);
data/simpleproxy-3.5/simpleproxy.c:650:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < (slen = strlen(*pp))) continue;
data/simpleproxy-3.5/simpleproxy.c:655:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < (slen = strlen(*pp))) continue;
data/simpleproxy-3.5/simpleproxy.c:661:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (pos = len; pos > (slen = strlen(*pp)); pos = strrindex(uri,'/',pos)) {
data/simpleproxy-3.5/simpleproxy.c:733:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int authlen=strlen(PROXY_HEADER)+strlen(http_authhash);
data/simpleproxy-3.5/simpleproxy.c:733:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int authlen=strlen(PROXY_HEADER)+strlen(http_authhash);
data/simpleproxy-3.5/simpleproxy.c:735:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(match+strlen(PROXY_HEADER),http_authhash,strlen(http_authhash))==0 &&
data/simpleproxy-3.5/simpleproxy.c:735:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(match+strlen(PROXY_HEADER),http_authhash,strlen(http_authhash))==0 &&
data/simpleproxy-3.5/simpleproxy.c:949:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(fd, buf, siz);
data/simpleproxy-3.5/simpleproxy.c:1005:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen(user, SIMPLEPROXY_VERSION, strlen(SIMPLEPROXY_VERSION));
data/simpleproxy-3.5/simpleproxy.c:1020:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen(user,errmsg2,strlen(errmsg2)); /* Send error to client */
data/simpleproxy-3.5/simpleproxy.c:1031:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen(user,errmsg1,strlen(errmsg1)); /* Send error to client */
data/simpleproxy-3.5/simpleproxy.c:1040:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen(user,errmsg0,strlen(errmsg0)); /* Send error to client */
data/simpleproxy-3.5/simpleproxy.c:1045:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen(server,buff,strlen(buff));
data/simpleproxy-3.5/simpleproxy.c:1051:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen(user,buff,strlen(buff));
data/simpleproxy-3.5/simpleproxy.c:1068:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen(user,errmsg3,strlen(errmsg3)); /* Send error to client */
data/simpleproxy-3.5/simpleproxy.c:1073:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen(server,buff,strlen(buff));
data/simpleproxy-3.5/simpleproxy.c:1078:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen(user,buff,strlen(buff)); /* forward server response to client */
data/simpleproxy-3.5/simpleproxy.c:1166:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(buff);
data/simpleproxy-3.5/simpleproxy.c:1353:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cryptext = malloc(strlen(plaintext)*2);
ANALYSIS SUMMARY:
Hits = 58
Lines analyzed = 1866 in approximately 0.06 seconds (33598 lines/second)
Physical Source Lines of Code (SLOC) = 1417
Hits@level = [0] 15 [1] 24 [2] 28 [3] 1 [4] 5 [5] 0
Hits@level+ = [0+] 73 [1+] 58 [2+] 34 [3+] 6 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 51.5173 [1+] 40.9315 [2+] 23.9944 [3+] 4.2343 [4+] 3.52858 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.