Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/spamass-milter-0.4.0/strsep.c
Examining data/spamass-milter-0.4.0/daemon.c
Examining data/spamass-milter-0.4.0/poll.c
Examining data/spamass-milter-0.4.0/spamass-milter.h
Examining data/spamass-milter-0.4.0/subst_poll.h
Examining data/spamass-milter-0.4.0/spamass-milter.cpp
FINAL RESULTS:
data/spamass-milter-0.4.0/spamass-milter.cpp:1451:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0] , argv); // does not return!
data/spamass-milter-0.4.0/spamass-milter.cpp:2018:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf)-1, fmt, vl);
data/spamass-milter-0.4.0/spamass-milter.cpp:2021:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, vl);
data/spamass-milter-0.4.0/spamass-milter.cpp:2292:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/spamass-milter-0.4.0/spamass-milter.cpp:202:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, args)) != -1) {
data/spamass-milter-0.4.0/daemon.c:66:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
data/spamass-milter-0.4.0/spamass-milter.cpp:245:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reject_score = atoi(optarg);
data/spamass-milter-0.4.0/spamass-milter.cpp:347:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfile = fopen(pidfilename,"w");
data/spamass-milter-0.4.0/spamass-milter.cpp:498:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *popen_argv[3];
data/spamass-milter-0.4.0/spamass-milter.cpp:723:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sctx->connect_ip, "127.0.0.1");
data/spamass-milter-0.4.0/spamass-milter.cpp:866:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/spamass-milter-0.4.0/spamass-milter.cpp:867:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *popen_argv[4];
data/spamass-milter-0.4.0/spamass-milter.cpp:934:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[32];
data/spamass-milter-0.4.0/spamass-milter.cpp:1446:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argv+argc, spamc_argv, spamc_argc * sizeof(char *));
data/spamass-milter-0.4.0/spamass-milter.cpp:1860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iobuff[1024];
data/spamass-milter-0.4.0/spamass-milter.cpp:1951:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch(atoi(string))
data/spamass-milter-0.4.0/spamass-milter.cpp:2010:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/spamass-milter-0.4.0/spamass-milter.h:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char connect_ip[64]; // remote IP address
data/spamass-milter-0.4.0/spamass-milter.cpp:886:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(buf);
data/spamass-milter-0.4.0/spamass-milter.cpp:1026:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(macro_auth_type)!=0) {
data/spamass-milter-0.4.0/spamass-milter.cpp:1028:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(macro_auth_ssf)!=0) {
data/spamass-milter-0.4.0/spamass-milter.cpp:1587:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output(buffer, strlen((const char *)buffer));
data/spamass-milter-0.4.0/spamass-milter.cpp:1871:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(pipe_io[1][0], iobuff, 1024);
ANALYSIS SUMMARY:
Hits = 23
Lines analyzed = 2759 in approximately 0.09 seconds (31339 lines/second)
Physical Source Lines of Code (SLOC) = 1865
Hits@level = [0] 18 [1] 5 [2] 13 [3] 1 [4] 4 [5] 0
Hits@level+ = [0+] 41 [1+] 23 [2+] 18 [3+] 5 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 21.9839 [1+] 12.3324 [2+] 9.65147 [3+] 2.68097 [4+] 2.14477 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.