Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/u3-tool-0.3/src/u3.h Examining data/u3-tool-0.3/src/u3_scsi.h Examining data/u3-tool-0.3/src/sg_err.h Examining data/u3-tool-0.3/src/u3_error.c Examining data/u3-tool-0.3/src/u3_commands.h Examining data/u3-tool-0.3/src/md5.h Examining data/u3-tool-0.3/src/u3_error.h Examining data/u3-tool-0.3/src/md5.c Examining data/u3-tool-0.3/src/display_progress.h Examining data/u3-tool-0.3/src/secure_input.h Examining data/u3-tool-0.3/src/display_progress.c Examining data/u3-tool-0.3/src/secure_input.c Examining data/u3-tool-0.3/src/u3_commands.c Examining data/u3-tool-0.3/src/u3_scsi_debug.c Examining data/u3-tool-0.3/src/u3_scsi_sg.c Examining data/u3-tool-0.3/src/u3_scsi_spt.c Examining data/u3-tool-0.3/src/u3_scsi_usb.c Examining data/u3-tool-0.3/src/main.c FINAL RESULTS: data/u3-tool-0.3/src/u3_error.c:33:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(device->err_msg, U3_MAX_ERROR_LEN, fmt, ap); data/u3-tool-0.3/src/u3_error.c:47:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(device->err_msg, U3_MAX_ERROR_LEN, fmt, ap); data/u3-tool-0.3/src/main.c:663:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "cdDehil:p:RuvVz")) != -1) { data/u3-tool-0.3/src/main.c:200:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(iso_filename, "rb")) == NULL) { data/u3-tool-0.3/src/main.c:649:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename_string[MAX_FILENAME_STRING_LENGTH+1]; data/u3-tool-0.3/src/main.c:650:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size_string[MAX_SIZE_STRING_LENGTH+1]; data/u3-tool-0.3/src/main.c:653:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[MAX_PASSWORD_LENGTH+1]; data/u3-tool-0.3/src/main.c:656:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_password[MAX_PASSWORD_LENGTH+1]; data/u3-tool-0.3/src/main.c:754:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char validate_password[MAX_PASSWORD_LENGTH+1]; data/u3-tool-0.3/src/md5.c:72:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void md5_process( md5_context *ctx, unsigned char data[64] ) data/u3-tool-0.3/src/md5.c:217:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void *) (ctx->buffer + left), data/u3-tool-0.3/src/md5.c:234:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void *) (ctx->buffer + left), data/u3-tool-0.3/src/md5.c:239:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char md5_padding[64] = data/u3-tool-0.3/src/md5.c:254:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msglen[8]; data/u3-tool-0.3/src/md5.c:298:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/u3-tool-0.3/src/md5.c:300:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ( f = fopen( path, "rb" ) ) == NULL ) data/u3-tool-0.3/src/md5.c:359:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmpbuf[16]; data/u3-tool-0.3/src/md5.c:392:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char md5_test_str[7][81] = data/u3-tool-0.3/src/md5.c:404:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char md5_test_sum[7][16] = data/u3-tool-0.3/src/md5.c:428:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5sum[16]; data/u3-tool-0.3/src/md5.c:435:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. md5( (unsigned char *) md5_test_str[i], data/u3-tool-0.3/src/md5.h:18:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[64]; /*!< data block being processed */ data/u3-tool-0.3/src/md5.h:19:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipad[64]; /*!< HMAC: inner padding */ data/u3-tool-0.3/src/md5.h:20:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char opad[64]; /*!< HMAC: outer padding */ data/u3-tool-0.3/src/u3.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err_msg[U3_MAX_ERROR_LEN]; data/u3-tool-0.3/src/u3_commands.h:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial[U3_MAX_SERIAL_LEN]; /* Device Serial number */ data/u3-tool-0.3/src/u3_commands.h:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char revision[U3_MAX_CHIP_REVISION_LEN]; data/u3-tool-0.3/src/u3_commands.h:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manufacturer[U3_MAX_CHIP_MANUFACTURER_LEN]; data/u3-tool-0.3/src/u3_scsi_sg.c:55:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((sg_fd = open(which, O_RDWR)) < 0) { data/u3-tool-0.3/src/u3_scsi_sg.c:59:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((sg_fd = open(which, O_RDONLY | O_NONBLOCK)) < 0) { data/u3-tool-0.3/src/u3_scsi_sg.c:65:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((sg_fd = open(which, O_RDWR)) < 0) { data/u3-tool-0.3/src/u3_scsi_sg.c:109:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sense_buf[32]; data/u3-tool-0.3/src/u3_scsi_spt.c:62:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lpszDeviceName, (char *) "\\\\.\\*:", 7); data/u3-tool-0.3/src/u3_scsi_spt.c:125:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sptd.Cdb, cmd, U3_CMD_LEN); data/u3-tool-0.3/src/u3_scsi_usb.c:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[U3_MAX_ERROR_LEN]; data/u3-tool-0.3/src/u3_scsi_usb.c:327:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(cbw.CBWCB), cmd, U3_CBWCB_LEN); data/u3-tool-0.3/src/main.c:76:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(stdin); data/u3-tool-0.3/src/main.c:88:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(stdin); data/u3-tool-0.3/src/main.c:679:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename_string, optarg, MAX_FILENAME_STRING_LENGTH); data/u3-tool-0.3/src/main.c:684:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(size_string, optarg, MAX_SIZE_STRING_LENGTH); data/u3-tool-0.3/src/main.c:742:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(password) == 0) { data/u3-tool-0.3/src/main.c:758:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(new_password) == 0) { data/u3-tool-0.3/src/md5.c:436:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( md5_test_str[i] ), md5sum ); data/u3-tool-0.3/src/secure_input.c:60:5: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch=fgetc(stdin); data/u3-tool-0.3/src/secure_input.c:64:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch=fgetc(stdin); data/u3-tool-0.3/src/secure_input.c:70:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(stdin); data/u3-tool-0.3/src/u3_commands.c:59:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passlen = strlen(password); data/u3-tool-0.3/src/u3_error.c:51:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(device->err_msg, ": ", data/u3-tool-0.3/src/u3_error.c:52:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). U3_MAX_ERROR_LEN - strlen(device->err_msg) - 1); data/u3-tool-0.3/src/u3_error.c:53:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(device->err_msg, old_msg, data/u3-tool-0.3/src/u3_error.c:54:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). U3_MAX_ERROR_LEN - strlen(device->err_msg) - 1); data/u3-tool-0.3/src/u3_scsi_spt.c:55:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(which) != 1 || ! isalpha(which[0])) { ANALYSIS SUMMARY: Hits = 52 Lines analyzed = 3676 in approximately 0.12 seconds (30369 lines/second) Physical Source Lines of Code (SLOC) = 2320 Hits@level = [0] 150 [1] 16 [2] 33 [3] 1 [4] 2 [5] 0 Hits@level+ = [0+] 202 [1+] 52 [2+] 36 [3+] 3 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 87.069 [1+] 22.4138 [2+] 15.5172 [3+] 1.2931 [4+] 0.862069 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.