Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/spawn-fcgi-1.6.4/src/spawn-fcgi.c
FINAL RESULTS:
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:200:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (-1 == chmod(unixsocket, mode)) {
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:210:14: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (-1 == chown(unixsocket, uid, gid)) {
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:103:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fcgi_addr_un.sun_path, unixsocket);
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:282:5: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(appArgv[0], appArgv);
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:287:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(b, appPath);
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:290:5: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh", "sh", "-c", b, (char *)NULL);
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:497:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (-1 != (o = getopt(argc, argv, "c:d:f:g:?hna:p:b:u:vC:F:s:P:U:G:M:S"))) {
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:634:14: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (-1 == chroot(changeroot)) {
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:245:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgi_childs[64];
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:265:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
max_fd = open("/dev/null", O_RDWR);
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:286:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(b, "exec ");
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:318:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidbuf[12];
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:561:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(-1 == (pid_fd = open(pid_file, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)))) {
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:585:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (pid_fd = open(pid_file, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) {
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:66:16: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t mask = umask(0);
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:67:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mask);
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:102:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(unixsocket) > sizeof(fcgi_addr_un.sun_path) - 1) return -1;
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:109:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
servlen = strlen(fcgi_addr_un.sun_path) + sizeof(fcgi_addr_un.sun_family);
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:285:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *b = malloc((sizeof("exec ") - 1) + strlen(appPath) + 1);
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:322:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (-1 == write_all(pid_fd, pidbuf, strlen(pidbuf))) {
data/spawn-fcgi-1.6.4/src/spawn-fcgi.c:547:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (unixsocket && strlen(unixsocket) > sizeof(un.sun_path) - 1) {
ANALYSIS SUMMARY:
Hits = 21
Lines analyzed = 665 in approximately 0.05 seconds (13817 lines/second)
Physical Source Lines of Code (SLOC) = 534
Hits@level = [0] 45 [1] 7 [2] 6 [3] 2 [4] 4 [5] 2
Hits@level+ = [0+] 66 [1+] 21 [2+] 14 [3+] 8 [4+] 6 [5+] 2
Hits/KSLOC@level+ = [0+] 123.596 [1+] 39.3258 [2+] 26.2172 [3+] 14.9813 [4+] 11.236 [5+] 3.74532
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.