Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tarlz-0.17/arg_parser.h Examining data/tarlz-0.17/lzip_index.cc Examining data/tarlz-0.17/arg_parser.cc Examining data/tarlz-0.17/main.cc Examining data/tarlz-0.17/create_lz.cc Examining data/tarlz-0.17/common_decode.cc Examining data/tarlz-0.17/archive_reader.h Examining data/tarlz-0.17/create.cc Examining data/tarlz-0.17/tarlz.h Examining data/tarlz-0.17/lzip_index.h Examining data/tarlz-0.17/extract.cc Examining data/tarlz-0.17/archive_reader.cc Examining data/tarlz-0.17/delete.cc Examining data/tarlz-0.17/decode_lz.cc Examining data/tarlz-0.17/extended.cc Examining data/tarlz-0.17/common.cc Examining data/tarlz-0.17/exclude.cc Examining data/tarlz-0.17/delete_lz.cc FINAL RESULTS: data/tarlz-0.17/create.cc:462:18: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. len = sz = readlink( filename, (char *)header + linkname_o, linkname_l ); data/tarlz-0.17/create.cc:469:18: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. len = sz = readlink( filename, buf, st.st_size ); data/tarlz-0.17/extract.cc:238:18: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if( !islink && chown( filename, uid, gid ) != 0 && data/tarlz-0.17/extract.cc:358:18: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. long len = readlink( filename, buf, st.st_size ); data/tarlz-0.17/main.cc:88:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. std::printf( "\nOptions:\n" data/tarlz-0.17/common_decode.cc:40:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void format_mode_string( const Tar_header header, char buf[mode_string_size] ) data/tarlz-0.17/common_decode.cc:44:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( buf, "----------", mode_string_size ); data/tarlz-0.17/common_decode.cc:77:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[group_string_size] ) data/tarlz-0.17/create.cc:251:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. { std::memcpy( header + name_o, stored_name, len ); return true; } data/tarlz-0.17/create.cc:256:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( header + name_o, stored_name + i + 1, len - i - 1 ); data/tarlz-0.17/create.cc:257:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( header + prefix_o, stored_name, i ); data/tarlz-0.17/create.cc:473:38: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if( len <= linkname_l ) std::memcpy( header + linkname_o, buf, len ); data/tarlz-0.17/extended.cc:115:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( buf + pos, value.c_str(), value.size() ); data/tarlz-0.17/extended.cc:177:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( buf + pos, Extended::crc_record.c_str(), crc_size ); data/tarlz-0.17/extended.cc:265:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stored_name[prefix_l+1+name_l+1]; data/tarlz-0.17/lzip_index.cc:47:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[80]; data/tarlz-0.17/lzip_index.cc:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/tarlz-0.17/lzip_index.cc:154:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( buffer + rd_size, buffer, buffer_size - rd_size ); data/tarlz-0.17/main.cc:277:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const int infd = open( name.c_str(), O_RDONLY | O_BINARY ); data/tarlz-0.17/main.cc:289:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const int outfd = open( name.c_str(), flags, outfd_mode ); data/tarlz-0.17/tarlz.h:48:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( header + magic_o, ustar_magic, magic_l - 1 ); data/tarlz-0.17/archive_reader.cc:45:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int retval = read( (uint8_t *)rbuf(), bufsize ); data/tarlz-0.17/archive_reader.cc:54:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Archive_reader::read( uint8_t * const buf, const int size ) data/tarlz-0.17/archive_reader.cc:91:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int ret = read( buf, size ); if( ret != 0 ) return ret; data/tarlz-0.17/archive_reader.cc:150:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int ret = read( buf, rsize ); data/tarlz-0.17/archive_reader.cc:170:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Archive_reader_i::read( uint8_t * const buf, const int size ) data/tarlz-0.17/archive_reader.cc:219:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int ret = read( buf, rsize ); data/tarlz-0.17/archive_reader.h:70:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual int read( uint8_t * const buf, const int size ) = 0; data/tarlz-0.17/archive_reader.h:88:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read( uint8_t * const buf, const int size ); data/tarlz-0.17/archive_reader.h:120:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read( uint8_t * const buf, const int size ); data/tarlz-0.17/arg_parser.cc:40:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( std::strlen( options[i].name ) == len ) // Exact match found data/tarlz-0.17/common.cc:125:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int n = read( fd, buf + sz, size - sz ); data/tarlz-0.17/create.cc:248:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int len = std::strlen( stored_name ); data/tarlz-0.17/create.cc:500:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). std::strncpy( (char *)header + uname_o, pw->pw_name, uname_l - 1 ); data/tarlz-0.17/create.cc:506:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). std::strncpy( (char *)header + gname_o, gr->gr_name, gname_l - 1 ); data/tarlz-0.17/decode_lz.cc:372:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int ret = ar.read( header, header_size ); data/tarlz-0.17/extract.cc:154:49: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). if( first_call ) { first_call = false; mask = umask( 0 ); umask( mask ); data/tarlz-0.17/extract.cc:154:61: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). if( first_call ) { first_call = false; mask = umask( 0 ); umask( mask ); data/tarlz-0.17/extract.cc:256:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int ret = ar.read( buf, rsize ); data/tarlz-0.17/extract.cc:392:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if( ( retval = ar.read( buf1, rsize1 ) ) != 0 ) { diff = true; break; } data/tarlz-0.17/extract.cc:461:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int ret = ar.read( header, header_size ); data/tarlz-0.17/main.cc:150:53: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. const unsigned long long ulimit ) data/tarlz-0.17/main.cc:184:11: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. if( ulimit / factor >= result ) result *= factor; data/tarlz-0.17/main.cc:188:47: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. if( !errno && ( result < llimit || result > ulimit ) ) errno = ERANGE; ANALYSIS SUMMARY: Hits = 44 Lines analyzed = 5565 in approximately 0.18 seconds (30838 lines/second) Physical Source Lines of Code (SLOC) = 4438 Hits@level = [0] 32 [1] 23 [2] 16 [3] 0 [4] 1 [5] 4 Hits@level+ = [0+] 76 [1+] 44 [2+] 21 [3+] 5 [4+] 5 [5+] 4 Hits/KSLOC@level+ = [0+] 17.1248 [1+] 9.91438 [2+] 4.73186 [3+] 1.12663 [4+] 1.12663 [5+] 0.901307 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.