Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/syncmaildir-1.3.0/mddiff.c
Examining data/syncmaildir-1.3.0/smd-applet.c
FINAL RESULTS:
data/syncmaildir-1.3.0/mddiff.c:51:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "error [" tostring(cause) "]: " msg);\
data/syncmaildir-1.3.0/mddiff.c:52:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, "ERROR " msg);\
data/syncmaildir-1.3.0/mddiff.c:56:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "warning [" tostring(cause) "]: " msg)
data/syncmaildir-1.3.0/mddiff.c:58:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (verbose) fprintf(stderr,"debug [" tostring(cause) "]: " msg)
data/syncmaildir-1.3.0/mddiff.c:60:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (verbose) fprintf(stderr,msg)
data/syncmaildir-1.3.0/mddiff.c:450:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
ERROR(fscanf,"malformed db file '%s', please remove it\n",
data/syncmaildir-1.3.0/mddiff.c:480:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
ERROR(fscanf, "%s: malformed line %d: %d != 3 fields."
data/syncmaildir-1.3.0/mddiff.c:1027:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "vhndls", long_options, &option_index);
data/syncmaildir-1.3.0/smd-applet.c:5408:12: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
_tmp28_ = g_get_home_dir ();
data/syncmaildir-1.3.0/mddiff.c:82:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STATIC char tmpbuff_1[SHA_DIGEST_LENGTH * 2 + 1];
data/syncmaildir-1.3.0/mddiff.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STATIC char tmpbuff_2[SHA_DIGEST_LENGTH * 2 + 1];
data/syncmaildir-1.3.0/mddiff.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STATIC char tmpbuff_3[SHA_DIGEST_LENGTH * 2 + 1];
data/syncmaildir-1.3.0/mddiff.c:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STATIC char tmpbuff_4[SHA_DIGEST_LENGTH * 2 + 1];
data/syncmaildir-1.3.0/mddiff.c:88:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STATIC char tmpbuff_5[MAX_EMAIL_NAME_LEN];
data/syncmaildir-1.3.0/mddiff.c:89:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STATIC char tmpbuff_6[MAX_EMAIL_NAME_LEN];
data/syncmaildir-1.3.0/mddiff.c:102:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STATIC void shatxt(const char string[41], unsigned char outbuff[]) {
data/syncmaildir-1.3.0/mddiff.c:164:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bsha[SHA_DIGEST_LENGTH]; // body hash value
data/syncmaildir-1.3.0/mddiff.c:165:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hsha[SHA_DIGEST_LENGTH]; // header hash value
data/syncmaildir-1.3.0/mddiff.c:237:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fname, O_RDONLY | O_NOATIME);
data/syncmaildir-1.3.0/mddiff.c:241:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, O_RDONLY);
data/syncmaildir-1.3.0/mddiff.c:342:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(dbfile, O_RDONLY | O_NOATIME)) == -1) goto err_open;
data/syncmaildir-1.3.0/mddiff.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_dbname[PATH_MAX];
data/syncmaildir-1.3.0/mddiff.c:410:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(new_dbname,"w");
data/syncmaildir-1.3.0/mddiff.c:411:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fd == NULL) ERROR(fopen,"unable to save db file '%s'\n",new_dbname);
data/syncmaildir-1.3.0/mddiff.c:426:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(new_dbname,"w");
data/syncmaildir-1.3.0/mddiff.c:427:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fd == NULL) ERROR(fopen,"unable to save db file '%s'\n",new_dbname);
data/syncmaildir-1.3.0/mddiff.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_dbname[PATH_MAX];
data/syncmaildir-1.3.0/mddiff.c:443:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(new_dbname,"r");
data/syncmaildir-1.3.0/mddiff.c:445:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
WARNING(fopen,"unable to open db file '%s'\n",new_dbname);
data/syncmaildir-1.3.0/mddiff.c:456:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(dbname,"r");
data/syncmaildir-1.3.0/mddiff.c:458:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
WARNING(fopen,"unable to open db file '%s'\n",dbname);
data/syncmaildir-1.3.0/mddiff.c:602:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
WARNING(open,"unable to open file '%s': %s\n", mail_name(m),
data/syncmaildir-1.3.0/mddiff.c:604:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
WARNING(open,"ignoring '%s'\n", mail_name(m));
data/syncmaildir-1.3.0/mddiff.c:838:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fd == -1) ERROR(open,"unable to open file '%s'\n",file);
data/syncmaildir-1.3.0/mddiff.c:900:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fd == -1) ERROR(open,"unable to open file '%s'\n",file);
data/syncmaildir-1.3.0/mddiff.c:1125:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *in = fopen(data,"r");
data/syncmaildir-1.3.0/mddiff.c:1127:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ERROR(fopen,"unable to open fifo %s\n",data);
data/syncmaildir-1.3.0/mddiff.c:1132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_name[MAX_EMAIL_NAME_LEN];
data/syncmaildir-1.3.0/mddiff.c:1133:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgt_name[MAX_EMAIL_NAME_LEN];
data/syncmaildir-1.3.0/mddiff.c:1145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_EMAIL_NAME_LEN];
data/syncmaildir-1.3.0/smd-applet.c:3183:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tmp40_ = atoi (_tmp39_);
data/syncmaildir-1.3.0/smd-applet.c:3197:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_tmp45_ = atoi (_tmp44_);
data/syncmaildir-1.3.0/mddiff.c:111:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/syncmaildir-1.3.0/mddiff.c:126:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/syncmaildir-1.3.0/mddiff.c:285:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(&names[name]);
data/syncmaildir-1.3.0/mddiff.c:784:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path) + 1 + strlen(dir_entry->d_name) + 1;
data/syncmaildir-1.3.0/mddiff.c:784:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path) + 1 + strlen(dir_entry->d_name) + 1;
data/syncmaildir-1.3.0/mddiff.c:799:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data[strlen(data)-1] == '/') data[strlen(data)-1] = '\0';
data/syncmaildir-1.3.0/mddiff.c:799:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data[strlen(data)-1] == '/') data[strlen(data)-1] = '\0';
data/syncmaildir-1.3.0/mddiff.c:827:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = strlen(src_name);
data/syncmaildir-1.3.0/smd-applet.c:1512:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp13_ = strlen (_tmp12_);
data/syncmaildir-1.3.0/smd-applet.c:2003:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp6_ = strlen (self);
data/syncmaildir-1.3.0/smd-applet.c:2507:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tmp69_ = strlen (_tmp68_);
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 6861 in approximately 0.17 seconds (41451 lines/second)
Physical Source Lines of Code (SLOC) = 6309
Hits@level = [0] 67 [1] 11 [2] 33 [3] 2 [4] 7 [5] 0
Hits@level+ = [0+] 120 [1+] 53 [2+] 42 [3+] 9 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 19.0204 [1+] 8.4007 [2+] 6.65716 [3+] 1.42653 [4+] 1.10953 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.