Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tiger-3.2.4~rc1/c/getpermit.c
Examining data/tiger-3.2.4~rc1/c/md5.c
Examining data/tiger-3.2.4~rc1/c/realpath.c
Examining data/tiger-3.2.4~rc1/c/snefru.c
Examining data/tiger-3.2.4~rc1/c/testsuid.c
Examining data/tiger-3.2.4~rc1/systems/MacOSX/5/testsuid.c
Examining data/tiger-3.2.4~rc1/systems/SunOS/5/testsuid.c
Examining data/tiger-3.2.4~rc1/version.h
FINAL RESULTS:
data/tiger-3.2.4~rc1/c/realpath.c:63:12: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
extern int readlink(char * const, char * const, const size_t);
data/tiger-3.2.4~rc1/c/realpath.c:69:12: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
extern int readlink();
data/tiger-3.2.4~rc1/c/realpath.c:174:17: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
else if((n = readlink(bufp, tbufp, MAXPATHLEN)) >= 0){
data/tiger-3.2.4~rc1/c/getpermit.c:189:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gcache[hash].name, grent->gr_name);
data/tiger-3.2.4~rc1/c/getpermit.c:233:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(ucache[hash].name, pwent->pw_name);
data/tiger-3.2.4~rc1/c/realpath.c:91:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path2, path1);
data/tiger-3.2.4~rc1/c/realpath.c:124:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevslash+1,path);
data/tiger-3.2.4~rc1/c/realpath.c:191:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tbufp+n, nextslash);
data/tiger-3.2.4~rc1/c/realpath.c:200:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf, nextslash);
data/tiger-3.2.4~rc1/c/realpath.c:208:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(component, tbufp);
data/tiger-3.2.4~rc1/c/realpath.c:238:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, buffer);
data/tiger-3.2.4~rc1/c/realpath.c:56:9: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
#define getwd getcwd
data/tiger-3.2.4~rc1/c/realpath.c:61:14: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
extern char *getwd(char * const);
data/tiger-3.2.4~rc1/c/realpath.c:68:14: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
extern char *getwd();
data/tiger-3.2.4~rc1/c/realpath.c:120:4: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
getwd(buffer);
data/tiger-3.2.4~rc1/c/getpermit.c:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1025];
data/tiger-3.2.4~rc1/c/getpermit.c:195:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(gcache[hash].name, "%8lu", (unsigned long)gid);
data/tiger-3.2.4~rc1/c/getpermit.c:239:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(ucache[hash].name, "%8lu", (unsigned long)uid);
data/tiger-3.2.4~rc1/c/md5.c:62:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/tiger-3.2.4~rc1/c/md5.c:127:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/tiger-3.2.4~rc1/c/md5.c:229:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16]; /* message digest */
data/tiger-3.2.4~rc1/c/md5.c:232:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/tiger-3.2.4~rc1/c/md5.c:258:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/tiger-3.2.4~rc1/c/md5.c:403:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)output)[i] = (char)value;
data/tiger-3.2.4~rc1/c/md5.c:513:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/tiger-3.2.4~rc1/c/md5.c:532:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[TEST_BLOCK_LEN], digest[16];
data/tiger-3.2.4~rc1/c/md5.c:589:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024], digest[16];
data/tiger-3.2.4~rc1/c/md5.c:591:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen (filename, "rb")) == NULL)
data/tiger-3.2.4~rc1/c/md5.c:614:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[16], digest[16];
data/tiger-3.2.4~rc1/c/md5.c:628:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/tiger-3.2.4~rc1/c/realpath.c:109:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN+1];
data/tiger-3.2.4~rc1/c/realpath.c:110:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[MAXPATHLEN+1];
data/tiger-3.2.4~rc1/c/realpath.c:250:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN+1];
data/tiger-3.2.4~rc1/c/realpath.c:251:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rpath[MAXPATHLEN+1];
data/tiger-3.2.4~rc1/c/snefru.c:1163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charBuffer[CHUNK_SIZE*4];
data/tiger-3.2.4~rc1/c/snefru.c:1195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charBuf[CHUNK_SIZE*4];
data/tiger-3.2.4~rc1/c/getpermit.c:98:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0;
data/tiger-3.2.4~rc1/c/md5.c:514:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen (string);
data/tiger-3.2.4~rc1/c/realpath.c:122:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prevslash = buffer+strlen(buffer);
data/tiger-3.2.4~rc1/c/realpath.c:123:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(prevslash,"/");
data/tiger-3.2.4~rc1/c/realpath.c:232:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(bufp);
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 2784 in approximately 0.15 seconds (18923 lines/second)
Physical Source Lines of Code (SLOC) = 1956
Hits@level = [0] 21 [1] 5 [2] 21 [3] 4 [4] 8 [5] 3
Hits@level+ = [0+] 62 [1+] 41 [2+] 36 [3+] 15 [4+] 11 [5+] 3
Hits/KSLOC@level+ = [0+] 31.6973 [1+] 20.9611 [2+] 18.4049 [3+] 7.66871 [4+] 5.62372 [5+] 1.53374
Symlinks skipped = 2 (--allowlink overrides but see doc for security issue)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.