Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c
Examining data/tomb-2.8+dfsg1/extras/kdf-keys/benchmark.c
Examining data/tomb-2.8+dfsg1/extras/kdf-keys/gen_salt.c
Examining data/tomb-2.8+dfsg1/extras/kdf-keys/hexencode.c
Examining data/tomb-2.8+dfsg1/extras/kdf-keys/pbkdf2.c
Examining data/tomb-2.8+dfsg1/extras/qt-tray/main.cpp
Examining data/tomb-2.8+dfsg1/extras/qt-tray/tomb.cpp
Examining data/tomb-2.8+dfsg1/extras/qt-tray/tomb.h
Examining data/tomb-2.8+dfsg1/extras/test/close_block.c
FINAL RESULTS:
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:181:5: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("xdg-open", "xdg-open", map, (char*)NULL);
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:215:5: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("tomb", "tomb", "close", map, (char*)NULL);
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:258:5: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("tomb", "tomb", "slam", map, (char*)NULL);
data/tomb-2.8+dfsg1/extras/qt-tray/main.cpp:33:65: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator.load( QString("./i18n/tomb-qt-tray_") + QLocale::system().name() );
data/tomb-2.8+dfsg1/extras/kdf-keys/hexencode.c:25:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "", long_options, &option_index);
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapper[256];
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mountpoint[256];
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tomb_file[512];
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tooltip[256];
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map[256];
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map[256];
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map[256];
data/tomb-2.8+dfsg1/extras/kdf-keys/gen_salt.c:27:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rand = fopen("/dev/random", "r");
data/tomb-2.8+dfsg1/extras/kdf-keys/hexencode.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/tomb-2.8+dfsg1/extras/test/close_block.c:26:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
to_wait = atoi(argv[2]);
data/tomb-2.8+dfsg1/extras/test/close_block.c:29:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_ptr = fopen(argv[1],"w");
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:177:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c=0; read(pipefd[0], &buf, 1) > 0; c++)
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:185:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(pipefd[1], mountpoint, strlen(mountpoint));
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:211:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c=0; read(pipefd[0], &buf, 1) > 0; c++)
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:219:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(pipefd[1], mapper, strlen(mapper));
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:254:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(c=0; read(pipefd[0], &buf, 1) > 0; c++)
data/tomb-2.8+dfsg1/extras/gtk-tray/tomb-gtk-tray.c:262:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(pipefd[1], mapper, strlen(mapper));
data/tomb-2.8+dfsg1/extras/kdf-keys/benchmark.c:12:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int salt_len = strlen(salt);
data/tomb-2.8+dfsg1/extras/kdf-keys/benchmark.c:19:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcry_kdf_derive( pass, strlen(pass), GCRY_KDF_PBKDF2, GCRY_MD_SHA1, salt, salt_len, ic, result_len, result);
data/tomb-2.8+dfsg1/extras/kdf-keys/hexencode.c:38:21: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(( c = (char)getchar() ) != EOF)
data/tomb-2.8+dfsg1/extras/kdf-keys/pbkdf2.c:90:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0; i<strlen(pass); i++) //blank
data/tomb-2.8+dfsg1/extras/kdf-keys/pbkdf2.c:118:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
salt_len = strlen(argv[1])/2+3;
data/tomb-2.8+dfsg1/extras/kdf-keys/pbkdf2.c:143:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getchar();
data/tomb-2.8+dfsg1/extras/kdf-keys/pbkdf2.c:156:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
ANALYSIS SUMMARY:
Hits = 30
Lines analyzed = 999 in approximately 0.06 seconds (16558 lines/second)
Physical Source Lines of Code (SLOC) = 661
Hits@level = [0] 36 [1] 13 [2] 12 [3] 1 [4] 4 [5] 0
Hits@level+ = [0+] 66 [1+] 30 [2+] 17 [3+] 5 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 99.8487 [1+] 45.3858 [2+] 25.7186 [3+] 7.5643 [4+] 6.05144 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.