Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tpm-quote-tools-1.0.4/tidy.c Examining data/tpm-quote-tools-1.0.4/tpm_mkaik.c Examining data/tpm-quote-tools-1.0.4/tpm_loadkey.c Examining data/tpm-quote-tools-1.0.4/tpm_updatepcrhash.c Examining data/tpm-quote-tools-1.0.4/include/tss/tddl_error.h Examining data/tpm-quote-tools-1.0.4/include/tss/tss_error.h Examining data/tpm-quote-tools-1.0.4/include/tss/tddli.h Examining data/tpm-quote-tools-1.0.4/include/tss/tddlapi_error.h Examining data/tpm-quote-tools-1.0.4/include/tss/tss_typedef.h Examining data/tpm-quote-tools-1.0.4/include/tss/tcpa_typedef.h Examining data/tpm-quote-tools-1.0.4/include/tss/tcs.h Examining data/tpm-quote-tools-1.0.4/include/tss/tss_error_basics.h Examining data/tpm-quote-tools-1.0.4/include/tss/tpm.h Examining data/tpm-quote-tools-1.0.4/include/tss/tcs_structs.h Examining data/tpm-quote-tools-1.0.4/include/tss/tcs_typedef.h Examining data/tpm-quote-tools-1.0.4/include/tss/tpm_ordinal.h Examining data/tpm-quote-tools-1.0.4/include/tss/tcs_defines.h Examining data/tpm-quote-tools-1.0.4/include/tss/tpm_error.h Examining data/tpm-quote-tools-1.0.4/include/tss/platform.h Examining data/tpm-quote-tools-1.0.4/include/tss/tss_defines.h Examining data/tpm-quote-tools-1.0.4/include/tss/tcpa_struct.h Examining data/tpm-quote-tools-1.0.4/include/tss/tcs_error.h Examining data/tpm-quote-tools-1.0.4/include/tss/tspi.h Examining data/tpm-quote-tools-1.0.4/include/tss/tss_structs.h Examining data/tpm-quote-tools-1.0.4/include/tss/tcpa_error.h Examining data/tpm-quote-tools-1.0.4/include/tss/compat11b.h Examining data/tpm-quote-tools-1.0.4/include/tss/tcpa_defines.h Examining data/tpm-quote-tools-1.0.4/pcr_mask.c Examining data/tpm-quote-tools-1.0.4/createek.c Examining data/tpm-quote-tools-1.0.4/tpm_mkuuid.c Examining data/tpm-quote-tools-1.0.4/takeownership.c Examining data/tpm-quote-tools-1.0.4/tpm_quote.h Examining data/tpm-quote-tools-1.0.4/toutf16le.c Examining data/tpm-quote-tools-1.0.4/quote_nonce.c Examining data/tpm-quote-tools-1.0.4/quote.c Examining data/tpm-quote-tools-1.0.4/loadkey.c Examining data/tpm-quote-tools-1.0.4/tpm_getquote.c Examining data/tpm-quote-tools-1.0.4/tpm_unloadkey.c Examining data/tpm-quote-tools-1.0.4/tpm_getpcrhash.c Examining data/tpm-quote-tools-1.0.4/tss_err.c Examining data/tpm-quote-tools-1.0.4/tpm_verifyquote.c FINAL RESULTS: data/tpm-quote-tools-1.0.4/createek.c:28:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/tpm-quote-tools-1.0.4/takeownership.c:27:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage, argv[0]); data/tpm-quote-tools-1.0.4/tpm_getpcrhash.c:43:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, text, prog); data/tpm-quote-tools-1.0.4/tpm_getquote.c:51:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, text, prog); data/tpm-quote-tools-1.0.4/tpm_loadkey.c:34:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, text, prog); data/tpm-quote-tools-1.0.4/tpm_mkaik.c:112:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, text, prog); data/tpm-quote-tools-1.0.4/tpm_mkuuid.c:28:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, text, prog); data/tpm-quote-tools-1.0.4/tpm_unloadkey.c:34:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, text, prog); data/tpm-quote-tools-1.0.4/tpm_updatepcrhash.c:63:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, text, prog); data/tpm-quote-tools-1.0.4/tpm_verifyquote.c:50:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, text, prog); data/tpm-quote-tools-1.0.4/include/tss/tcs.h:475:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BYTE** random, // out data/tpm-quote-tools-1.0.4/include/tss/tcs.h:486:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BYTE* random, // in data/tpm-quote-tools-1.0.4/include/tss/tcs.h:848:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BYTE** random, // out data/tpm-quote-tools-1.0.4/include/tss/tcs.h:1047:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BYTE** random, // out data/tpm-quote-tools-1.0.4/include/tss/tcs.h:1062:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BYTE* random, // in data/tpm-quote-tools-1.0.4/tpm_getpcrhash.c:53:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "r:hv")) != -1) { data/tpm-quote-tools-1.0.4/tpm_getquote.c:63:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "r:p:hv")) != -1) { data/tpm-quote-tools-1.0.4/tpm_loadkey.c:42:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "r:hv")) != -1) { data/tpm-quote-tools-1.0.4/tpm_mkaik.c:121:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "zuhv")) != -1) { data/tpm-quote-tools-1.0.4/tpm_mkuuid.c:35:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "hv")) != -1) { data/tpm-quote-tools-1.0.4/tpm_unloadkey.c:42:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "r:hv")) != -1) { data/tpm-quote-tools-1.0.4/tpm_updatepcrhash.c:70:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "hv")) != -1) { data/tpm-quote-tools-1.0.4/tpm_verifyquote.c:57:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "hv")) != -1) { data/tpm-quote-tools-1.0.4/tpm_getpcrhash.c:89:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(uuidname, "rb"); data/tpm-quote-tools-1.0.4/tpm_getpcrhash.c:121:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(hashname, "wb"); data/tpm-quote-tools-1.0.4/tpm_getpcrhash.c:140:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(pcrvals, "wb"); data/tpm-quote-tools-1.0.4/tpm_getquote.c:102:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(uuidname, "rb"); data/tpm-quote-tools-1.0.4/tpm_getquote.c:116:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(noncename, "rb"); data/tpm-quote-tools-1.0.4/tpm_getquote.c:144:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(quotename, "wb"); data/tpm-quote-tools-1.0.4/tpm_getquote.c:166:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(pcrvals, "wb"); data/tpm-quote-tools-1.0.4/tpm_loadkey.c:73:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(blobname, "rb"); data/tpm-quote-tools-1.0.4/tpm_loadkey.c:83:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(uuidname, "rb"); data/tpm-quote-tools-1.0.4/tpm_mkaik.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufSize]; data/tpm-quote-tools-1.0.4/tpm_mkaik.c:242:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(blobname, "wb"); data/tpm-quote-tools-1.0.4/tpm_mkaik.c:281:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(pubkeyname, "wb"); data/tpm-quote-tools-1.0.4/tpm_mkuuid.c:81:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(uuidname, "wb"); data/tpm-quote-tools-1.0.4/tpm_unloadkey.c:72:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(uuidname, "rb"); data/tpm-quote-tools-1.0.4/tpm_updatepcrhash.c:42:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(name, "rb"); data/tpm-quote-tools-1.0.4/tpm_updatepcrhash.c:89:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(newpcrvalsname, "r"); data/tpm-quote-tools-1.0.4/tpm_updatepcrhash.c:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZE]; /* Read a line of input */ data/tpm-quote-tools-1.0.4/tpm_updatepcrhash.c:263:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hash+hashLen-digestLen-sizeof(TPM_NONCE), digest, digestLen); data/tpm-quote-tools-1.0.4/tpm_updatepcrhash.c:267:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(newhashname, "wb"); data/tpm-quote-tools-1.0.4/tpm_verifyquote.c:25:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen(name, "rb"); data/tpm-quote-tools-1.0.4/tpm_verifyquote.c:115:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hashNonce, nonce, sizeof(TPM_NONCE)); data/tpm-quote-tools-1.0.4/toutf16le.c:31:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(src); data/tpm-quote-tools-1.0.4/tpm_mkaik.c:89:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf), (BYTE *)buf); data/tpm-quote-tools-1.0.4/tpm_mkaik.c:92:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf), (BYTE *)buf); ANALYSIS SUMMARY: Hits = 47 Lines analyzed = 10556 in approximately 0.19 seconds (56334 lines/second) Physical Source Lines of Code (SLOC) = 6827 Hits@level = [0] 83 [1] 3 [2] 21 [3] 13 [4] 10 [5] 0 Hits@level+ = [0+] 130 [1+] 47 [2+] 44 [3+] 23 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 19.042 [1+] 6.88443 [2+] 6.445 [3+] 3.36898 [4+] 1.46477 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.