Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tdbcodbc-1.1.1/generic/fakesql.h
Examining data/tdbcodbc-1.1.1/generic/tdbcodbc.c
Examining data/tdbcodbc-1.1.1/generic/odbcStubs.h
Examining data/tdbcodbc-1.1.1/generic/int2ptr_ptr2int.h
Examining data/tdbcodbc-1.1.1/generic/odbcStubInit.c
Examining data/tdbcodbc-1.1.1/win/nmakehlp.c
FINAL RESULTS:
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3889:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "(binding the '%s' parameter)", paramName);
data/tdbcodbc-1.1.1/win/nmakehlp.c:33:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/tdbcodbc-1.1.1/win/nmakehlp.c:33:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/tdbcodbc-1.1.1/win/nmakehlp.c:250:5: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcat(cmdline, option);
data/tdbcodbc-1.1.1/win/nmakehlp.c:388:2: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcat(cmdline, options[i]);
data/tdbcodbc-1.1.1/win/nmakehlp.c:677:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(szBuffer);
data/tdbcodbc-1.1.1/win/nmakehlp.c:258:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tdbcodbc-1.1.1/win/nmakehlp.c:258:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tdbcodbc-1.1.1/win/nmakehlp.c:392:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tdbcodbc-1.1.1/win/nmakehlp.c:392:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:788:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4] = "";
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[64];
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1392:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[16]; /* Buffer to hold the appended count */
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[80];
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1456:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info, "(describing result column #%d)", i+1);
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1489:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbuf, "#%d", count);
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3293:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char have[OPT__END];
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3826:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdata->bindStrings[nBound], byteArrayPtr,
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3859:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdata->bindStrings[nBound],
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4306:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[80];
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4307:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info, "(retrieving result set column #%d)\n", i+1);
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4326:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[80];
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4327:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info, "(retrieving result set column #%d)\n", i+1);
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4360:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[80];
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4361:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info, "(retrieving result set column #%d)\n", i+1);
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4443:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(colPtr, colBuf, BUFSIZE * sizeofSQLWCHAR);
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4452:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[80];
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4453:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info, "(retrieving result set column #%d)\n", i+1);
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4997:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMessage[SQL_MAX_MESSAGE_LENGTH+1];
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:5179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMessage[SQL_MAX_MESSAGE_LENGTH+1];
data/tdbcodbc-1.1.1/win/nmakehlp.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STATICBUFFERSIZE];
data/tdbcodbc-1.1.1/win/nmakehlp.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tdbcodbc-1.1.1/win/nmakehlp.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tdbcodbc-1.1.1/win/nmakehlp.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/tdbcodbc-1.1.1/win/nmakehlp.c:244:5: [2] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
lstrcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X -Fp.\\_junk.pch ");
data/tdbcodbc-1.1.1/win/nmakehlp.c:256:5: [2] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
lstrcat(cmdline, " .\\nul");
data/tdbcodbc-1.1.1/win/nmakehlp.c:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tdbcodbc-1.1.1/win/nmakehlp.c:340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[255];
data/tdbcodbc-1.1.1/win/nmakehlp.c:380:5: [2] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
lstrcpy(cmdline, "link.exe -nologo ");
data/tdbcodbc-1.1.1/win/nmakehlp.c:387:2: [2] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
lstrcat(cmdline, " \"");
data/tdbcodbc-1.1.1/win/nmakehlp.c:507:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuffer[100];
data/tdbcodbc-1.1.1/win/nmakehlp.c:509:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "rt");
data/tdbcodbc-1.1.1/win/nmakehlp.c:540:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, p, q - p);
data/tdbcodbc-1.1.1/win/nmakehlp.c:615:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuffer[1024], szCopy[1024];
data/tdbcodbc-1.1.1/win/nmakehlp.c:620:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rt");
data/tdbcodbc-1.1.1/win/nmakehlp.c:627:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sp = fopen(substitutions, "rt");
data/tdbcodbc-1.1.1/win/nmakehlp.c:674:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, szCopy, sizeof(szCopy));
data/tdbcodbc-1.1.1/win/nmakehlp.c:709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCwd[MAX_PATH + 1];
data/tdbcodbc-1.1.1/win/nmakehlp.c:727:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH+1];
data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3888:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* info = (char *)ckalloc(80 * strlen(paramName));
data/tdbcodbc-1.1.1/win/nmakehlp.c:389:2: [1] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
lstrcat(cmdline, "\"");
data/tdbcodbc-1.1.1/win/nmakehlp.c:525:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(match);
data/tdbcodbc-1.1.1/win/nmakehlp.c:671:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen(p->key);
data/tdbcodbc-1.1.1/win/nmakehlp.c:733:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = strlen(dir);
data/tdbcodbc-1.1.1/win/nmakehlp.c:736:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, dir, dirlen);
data/tdbcodbc-1.1.1/win/nmakehlp.c:737:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(path+dirlen, "\\*", 3); /* Including terminating \0 */
data/tdbcodbc-1.1.1/win/nmakehlp.c:738:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(keypath);
data/tdbcodbc-1.1.1/win/nmakehlp.c:763:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sublen = strlen(finfo.cFileName);
data/tdbcodbc-1.1.1/win/nmakehlp.c:766:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path+dirlen+1, finfo.cFileName, sublen);
data/tdbcodbc-1.1.1/win/nmakehlp.c:768:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path+dirlen+1+sublen+1, keypath, keylen+1);
ANALYSIS SUMMARY:
Hits = 60
Lines analyzed = 7066 in approximately 0.18 seconds (38812 lines/second)
Physical Source Lines of Code (SLOC) = 4386
Hits@level = [0] 13 [1] 11 [2] 39 [3] 4 [4] 6 [5] 0
Hits@level+ = [0+] 73 [1+] 60 [2+] 49 [3+] 10 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 16.6439 [1+] 13.6799 [2+] 11.1719 [3+] 2.27998 [4+] 1.36799 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.