Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tdbcodbc-1.1.1/generic/fakesql.h Examining data/tdbcodbc-1.1.1/generic/tdbcodbc.c Examining data/tdbcodbc-1.1.1/generic/odbcStubs.h Examining data/tdbcodbc-1.1.1/generic/int2ptr_ptr2int.h Examining data/tdbcodbc-1.1.1/generic/odbcStubInit.c Examining data/tdbcodbc-1.1.1/win/nmakehlp.c FINAL RESULTS: data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3889:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(info, "(binding the '%s' parameter)", paramName); data/tdbcodbc-1.1.1/win/nmakehlp.c:33:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tdbcodbc-1.1.1/win/nmakehlp.c:33:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tdbcodbc-1.1.1/win/nmakehlp.c:250:5: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). lstrcat(cmdline, option); data/tdbcodbc-1.1.1/win/nmakehlp.c:388:2: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). lstrcat(cmdline, options[i]); data/tdbcodbc-1.1.1/win/nmakehlp.c:677:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(szBuffer); data/tdbcodbc-1.1.1/win/nmakehlp.c:258:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/tdbcodbc-1.1.1/win/nmakehlp.c:258:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/tdbcodbc-1.1.1/win/nmakehlp.c:392:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/tdbcodbc-1.1.1/win/nmakehlp.c:392:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/tdbcodbc-1.1.1/generic/tdbcodbc.c:788:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4] = ""; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1223:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char info[64]; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1392:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[16]; /* Buffer to hold the appended count */ data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1455:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char info[80]; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1456:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(info, "(describing result column #%d)", i+1); data/tdbcodbc-1.1.1/generic/tdbcodbc.c:1489:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numbuf, "#%d", count); data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3293:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char have[OPT__END]; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3826:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rdata->bindStrings[nBound], byteArrayPtr, data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3859:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rdata->bindStrings[nBound], data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4306:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char info[80]; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4307:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(info, "(retrieving result set column #%d)\n", i+1); data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4326:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char info[80]; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4327:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(info, "(retrieving result set column #%d)\n", i+1); data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4360:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char info[80]; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4361:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(info, "(retrieving result set column #%d)\n", i+1); data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4443:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(colPtr, colBuf, BUFSIZE * sizeofSQLWCHAR); data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4452:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char info[80]; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4453:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(info, "(retrieving result set column #%d)\n", i+1); data/tdbcodbc-1.1.1/generic/tdbcodbc.c:4997:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorMessage[SQL_MAX_MESSAGE_LENGTH+1]; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:5179:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorMessage[SQL_MAX_MESSAGE_LENGTH+1]; data/tdbcodbc-1.1.1/win/nmakehlp.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[STATICBUFFERSIZE]; data/tdbcodbc-1.1.1/win/nmakehlp.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/tdbcodbc-1.1.1/win/nmakehlp.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/tdbcodbc-1.1.1/win/nmakehlp.c:204:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[100]; data/tdbcodbc-1.1.1/win/nmakehlp.c:244:5: [2] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. lstrcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X -Fp.\\_junk.pch "); data/tdbcodbc-1.1.1/win/nmakehlp.c:256:5: [2] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. lstrcat(cmdline, " .\\nul"); data/tdbcodbc-1.1.1/win/nmakehlp.c:336:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/tdbcodbc-1.1.1/win/nmakehlp.c:340:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[255]; data/tdbcodbc-1.1.1/win/nmakehlp.c:380:5: [2] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. lstrcpy(cmdline, "link.exe -nologo "); data/tdbcodbc-1.1.1/win/nmakehlp.c:387:2: [2] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. lstrcat(cmdline, " \""); data/tdbcodbc-1.1.1/win/nmakehlp.c:507:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char szBuffer[100]; data/tdbcodbc-1.1.1/win/nmakehlp.c:509:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "rt"); data/tdbcodbc-1.1.1/win/nmakehlp.c:540:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBuffer, p, q - p); data/tdbcodbc-1.1.1/win/nmakehlp.c:615:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char szBuffer[1024], szCopy[1024]; data/tdbcodbc-1.1.1/win/nmakehlp.c:620:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "rt"); data/tdbcodbc-1.1.1/win/nmakehlp.c:627:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sp = fopen(substitutions, "rt"); data/tdbcodbc-1.1.1/win/nmakehlp.c:674:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBuffer, szCopy, sizeof(szCopy)); data/tdbcodbc-1.1.1/win/nmakehlp.c:709:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szCwd[MAX_PATH + 1]; data/tdbcodbc-1.1.1/win/nmakehlp.c:727:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_PATH+1]; data/tdbcodbc-1.1.1/generic/tdbcodbc.c:3888:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* info = (char *)ckalloc(80 * strlen(paramName)); data/tdbcodbc-1.1.1/win/nmakehlp.c:389:2: [1] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant character. lstrcat(cmdline, "\""); data/tdbcodbc-1.1.1/win/nmakehlp.c:525:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(match); data/tdbcodbc-1.1.1/win/nmakehlp.c:671:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). op += strlen(p->key); data/tdbcodbc-1.1.1/win/nmakehlp.c:733:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen(dir); data/tdbcodbc-1.1.1/win/nmakehlp.c:736:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, dir, dirlen); data/tdbcodbc-1.1.1/win/nmakehlp.c:737:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(path+dirlen, "\\*", 3); /* Including terminating \0 */ data/tdbcodbc-1.1.1/win/nmakehlp.c:738:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keylen = strlen(keypath); data/tdbcodbc-1.1.1/win/nmakehlp.c:763:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sublen = strlen(finfo.cFileName); data/tdbcodbc-1.1.1/win/nmakehlp.c:766:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path+dirlen+1, finfo.cFileName, sublen); data/tdbcodbc-1.1.1/win/nmakehlp.c:768:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path+dirlen+1+sublen+1, keypath, keylen+1); ANALYSIS SUMMARY: Hits = 60 Lines analyzed = 7066 in approximately 0.18 seconds (38812 lines/second) Physical Source Lines of Code (SLOC) = 4386 Hits@level = [0] 13 [1] 11 [2] 39 [3] 4 [4] 6 [5] 0 Hits@level+ = [0+] 73 [1+] 60 [2+] 49 [3+] 10 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 16.6439 [1+] 13.6799 [2+] 11.1719 [3+] 2.27998 [4+] 1.36799 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.