Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/taningia-0.2.2/include/taningia/atom.h
Examining data/taningia-0.2.2/include/taningia/iri.h
Examining data/taningia-0.2.2/include/taningia/xmpp.h
Examining data/taningia-0.2.2/include/taningia/pubsub.h
Examining data/taningia-0.2.2/include/taningia/log.h
Examining data/taningia-0.2.2/include/taningia/list.h
Examining data/taningia-0.2.2/include/taningia/object.h
Examining data/taningia-0.2.2/include/taningia/taningia.h
Examining data/taningia-0.2.2/include/taningia/error.h
Examining data/taningia-0.2.2/include/taningia/mem.h
Examining data/taningia-0.2.2/include/taningia/srv.h
Examining data/taningia-0.2.2/src/hashtable.h
Examining data/taningia-0.2.2/src/hashtable.c
Examining data/taningia-0.2.2/src/iri.c
Examining data/taningia-0.2.2/src/hashtable-utils.c
Examining data/taningia-0.2.2/src/srv.c
Examining data/taningia-0.2.2/src/list.c
Examining data/taningia-0.2.2/src/atom.c
Examining data/taningia-0.2.2/src/error.c
Examining data/taningia-0.2.2/src/object.c
Examining data/taningia-0.2.2/src/log.c
Examining data/taningia-0.2.2/src/xmpp.c
Examining data/taningia-0.2.2/src/hashtable-utils.h
Examining data/taningia-0.2.2/src/pubsub.c
Examining data/taningia-0.2.2/examples/iri.c
Examining data/taningia-0.2.2/examples/srv.c
Examining data/taningia-0.2.2/examples/list.c
Examining data/taningia-0.2.2/examples/atom.c
Examining data/taningia-0.2.2/examples/xmpp-client-2.c
Examining data/taningia-0.2.2/examples/xmpp-client.c
Examining data/taningia-0.2.2/examples/log.c
FINAL RESULTS:
data/taningia-0.2.2/src/error.c:101:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf (msg, size, fmt, argp);
data/taningia-0.2.2/src/error.c:144:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf (msg, size, fmt, argp);
data/taningia-0.2.2/src/iri.c:547:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (parent->path, "%s,%s:%s",
data/taningia-0.2.2/src/log.c:114:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf (msg, size, fmt, argp); \
data/taningia-0.2.2/src/atom.c:566:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (content->content, text, len);
data/taningia-0.2.2/src/iri.c:224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret, iri->scheme, scheme_size);
data/taningia-0.2.2/src/iri.c:231:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), "://", 3);
data/taningia-0.2.2/src/iri.c:236:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), ":", 1);
data/taningia-0.2.2/src/iri.c:243:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), iri->user, user_size);
data/taningia-0.2.2/src/iri.c:245:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), "@", 1);
data/taningia-0.2.2/src/iri.c:252:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), iri->host, host_size);
data/taningia-0.2.2/src/iri.c:259:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[4];
data/taningia-0.2.2/src/iri.c:261:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), ":", 1);
data/taningia-0.2.2/src/iri.c:263:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (port, "%d", iri->port);
data/taningia-0.2.2/src/iri.c:265:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), port, port_size);
data/taningia-0.2.2/src/iri.c:270:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), iri->path, path_size);
data/taningia-0.2.2/src/iri.c:275:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), "?", 1);
data/taningia-0.2.2/src/iri.c:277:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), iri->query, query_size);
data/taningia-0.2.2/src/iri.c:282:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), "#", 1);
data/taningia-0.2.2/src/iri.c:284:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((ret+position), iri->fragment, fragment_size);
data/taningia-0.2.2/src/iri.c:345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (iri->scheme, string, size+1);
data/taningia-0.2.2/src/iri.c:436:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iri->port = atoi (port_str);
data/taningia-0.2.2/src/log.c:169:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (full, "[", 1);
data/taningia-0.2.2/src/log.c:170:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (full+1, ltime, size1);
data/taningia-0.2.2/src/log.c:171:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (full+1+size1, "][", 2);
data/taningia-0.2.2/src/log.c:172:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (full+3+size1, log->name, size2);
data/taningia-0.2.2/src/log.c:173:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (full+3+size1+size2, "] ", 2);
data/taningia-0.2.2/src/log.c:174:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (full+5+size1+size2, msg, size3);
data/taningia-0.2.2/src/pubsub.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[32];
data/taningia-0.2.2/src/pubsub.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[32];
data/taningia-0.2.2/src/pubsub.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[32];
data/taningia-0.2.2/src/pubsub.c:295:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[ssize];
data/taningia-0.2.2/src/pubsub.c:354:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[ssize];
data/taningia-0.2.2/src/srv.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/taningia-0.2.2/src/iri.c:190:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scheme_size = strlen (iri->scheme);
data/taningia-0.2.2/src/iri.c:191:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host_size = iri->host ? strlen (iri->host) : 0;
data/taningia-0.2.2/src/iri.c:197:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_size = strlen (iri->user);
data/taningia-0.2.2/src/iri.c:203:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_size = strlen (iri->path);
data/taningia-0.2.2/src/iri.c:206:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_size = strlen (iri->query);
data/taningia-0.2.2/src/iri.c:211:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fragment_size = strlen (iri->fragment);
data/taningia-0.2.2/src/iri.c:264:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
port_size = strlen (port);
data/taningia-0.2.2/src/iri.c:543:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent->path = malloc (strlen (tag->authority) +
data/taningia-0.2.2/src/iri.c:544:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tag->date) +
data/taningia-0.2.2/src/iri.c:545:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tag->specific) +
data/taningia-0.2.2/src/log.c:164:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size1 = strlen (ltime),
data/taningia-0.2.2/src/log.c:165:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size2 = strlen (log->name),
data/taningia-0.2.2/src/log.c:166:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size3 = strlen (msg),
data/taningia-0.2.2/src/pubsub.c:294:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ssize = strlen (arg)+7+1;
data/taningia-0.2.2/src/pubsub.c:353:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ssize = strlen (arg)+7+1;
data/taningia-0.2.2/src/xmpp.c:265:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jid_len = strlen (jid);
ANALYSIS SUMMARY:
Hits = 50
Lines analyzed = 8919 in approximately 0.25 seconds (36136 lines/second)
Physical Source Lines of Code (SLOC) = 5443
Hits@level = [0] 105 [1] 16 [2] 30 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 155 [1+] 50 [2+] 34 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 28.4769 [1+] 9.18611 [2+] 6.24656 [3+] 0.734889 [4+] 0.734889 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.