Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/unionfs-fuse-1.0/src/conf.h
Examining data/unionfs-fuse-1.0/src/cow.c
Examining data/unionfs-fuse-1.0/src/cow.h
Examining data/unionfs-fuse-1.0/src/cow_utils.c
Examining data/unionfs-fuse-1.0/src/cow_utils.h
Examining data/unionfs-fuse-1.0/src/debug.c
Examining data/unionfs-fuse-1.0/src/debug.h
Examining data/unionfs-fuse-1.0/src/findbranch.c
Examining data/unionfs-fuse-1.0/src/findbranch.h
Examining data/unionfs-fuse-1.0/src/general.c
Examining data/unionfs-fuse-1.0/src/general.h
Examining data/unionfs-fuse-1.0/src/hashtable.c
Examining data/unionfs-fuse-1.0/src/hashtable.h
Examining data/unionfs-fuse-1.0/src/hashtable_itr.c
Examining data/unionfs-fuse-1.0/src/hashtable_itr.h
Examining data/unionfs-fuse-1.0/src/hashtable_private.h
Examining data/unionfs-fuse-1.0/src/opts.c
Examining data/unionfs-fuse-1.0/src/opts.h
Examining data/unionfs-fuse-1.0/src/readdir.c
Examining data/unionfs-fuse-1.0/src/readdir.h
Examining data/unionfs-fuse-1.0/src/rmdir.c
Examining data/unionfs-fuse-1.0/src/rmdir.h
Examining data/unionfs-fuse-1.0/src/string.c
Examining data/unionfs-fuse-1.0/src/string.h
Examining data/unionfs-fuse-1.0/src/uioctl.h
Examining data/unionfs-fuse-1.0/src/unionfs.c
Examining data/unionfs-fuse-1.0/src/unionfs.h
Examining data/unionfs-fuse-1.0/src/unionfsctl.c
Examining data/unionfs-fuse-1.0/src/unlink.c
Examining data/unionfs-fuse-1.0/src/unlink.h
Examining data/unionfs-fuse-1.0/src/usyslog.c
Examining data/unionfs-fuse-1.0/src/usyslog.h
Examining data/unionfs-fuse-1.0/src/version.h
FINAL RESULTS:
data/unionfs-fuse-1.0/src/cow_utils.c:80:6: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(path, fs->st_uid, fs->st_gid)) {
data/unionfs-fuse-1.0/src/cow_utils.c:88:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(path, fs->st_mode)) {
data/unionfs-fuse-1.0/src/cow_utils.c:244:13: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((len = readlink(cow->from_path, link, sizeof(link)-1)) == -1) {
data/unionfs-fuse-1.0/src/unionfs.c:95:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
int res = chmod(p, mode);
data/unionfs-fuse-1.0/src/unionfs.c:327:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(p, mode);
data/unionfs-fuse-1.0/src/unionfs.c:363:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(p, file_perm);
data/unionfs-fuse-1.0/src/unionfs.c:421:12: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
int res = readlink(p, buf, size - 1);
data/unionfs-fuse-1.0/src/cow.c:37:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dirp, "%s%s", uopt.branches[nbranch_rw].path, path);
data/unionfs-fuse-1.0/src/cow.c:50:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(o_dirp, "%s%s", uopt.branches[nbranch_ro].path, path);
data/unionfs-fuse-1.0/src/debug.h:22:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, format, ##__VA_ARGS__); \
data/unionfs-fuse-1.0/src/debug.h:23:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(dbgfile, format, ##__VA_ARGS__); \
data/unionfs-fuse-1.0/src/general.c:105:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, HIDETAG); // TODO check length
data/unionfs-fuse-1.0/src/general.c:150:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, HIDETAG); // TODO check length
data/unionfs-fuse-1.0/src/string.c:121:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, str);
data/unionfs-fuse-1.0/src/usyslog.c:244:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(log->message, MAX_MSG_SIZE, format, ap);
data/unionfs-fuse-1.0/src/opts.c:308:11: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (uopt.chroot) {
data/unionfs-fuse-1.0/src/opts.c:309:24: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
int res = chdir(uopt.chroot);
data/unionfs-fuse-1.0/src/opts.c:312:12: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
uopt.chroot, strerror(errno));
data/unionfs-fuse-1.0/src/opts.c:323:13: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (!uopt.chroot) {
data/unionfs-fuse-1.0/src/opts.c:333:13: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (!uopt.chroot) {
data/unionfs-fuse-1.0/src/opts.c:336:26: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
BUILD_PATH(path, uopt.chroot, uopt.branches[i].path);
data/unionfs-fuse-1.0/src/opts.h:27:8: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
char *chroot; // chroot we might go into
data/unionfs-fuse-1.0/src/unionfs.c:228:11: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (uopt.chroot) {
data/unionfs-fuse-1.0/src/unionfs.c:229:13: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
int res = chroot(uopt.chroot);
data/unionfs-fuse-1.0/src/unionfs.c:229:25: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
int res = chroot(uopt.chroot);
data/unionfs-fuse-1.0/src/unionfs.c:232:11: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
uopt.chroot, strerror(errno));
data/unionfs-fuse-1.0/src/unionfsctl.c:52:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "d:p:")) != -1) {
data/unionfs-fuse-1.0/src/cow.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirp[PATHLEN_MAX]; // dir path to create
data/unionfs-fuse-1.0/src/cow.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char o_dirp[PATHLEN_MAX]; // the pathname we want to copy
data/unionfs-fuse-1.0/src/cow.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/cow.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[PATHLEN_MAX], to[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/cow.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/cow.c:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char member[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/cow_utils.c:137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXBSIZE];
data/unionfs-fuse-1.0/src/cow_utils.c:145:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((from_fd = open(cow->from_path, O_RDONLY, 0)) == -1) {
data/unionfs-fuse-1.0/src/cow_utils.c:152:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
to_fd = open(cow->to_path, O_WRONLY | O_TRUNC | O_CREAT,
data/unionfs-fuse-1.0/src/cow_utils.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/debug.c:31:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbgfile = fopen(dbgpath, "w");
data/unionfs-fuse-1.0/src/findbranch.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/general.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/general.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whiteoutpath[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/general.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/general.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/general.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char metapath[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/general.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/general.c:154:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
res = open(p, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
data/unionfs-fuse-1.0/src/opts.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/opts.c:331:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/opts.c:339:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(path, O_RDONLY);
data/unionfs-fuse-1.0/src/readdir.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/readdir.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/readdir.c:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/rmdir.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:133:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int res = open(p, fi->flags, 0);
data/unionfs-fuse-1.0/src/unionfs.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[PATHLEN_MAX], t[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:385:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(p, fi->flags);
data/unionfs-fuse-1.0/src/unionfs.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:466:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[PATHLEN_MAX], t[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:598:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stbuf, &stb, sizeof(*stbuf));
data/unionfs-fuse-1.0/src/unionfs.c:646:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:664:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:674:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int unionfs_utimens(const char *path, const struct timespec ts[2]) {
data/unionfs-fuse-1.0/src/unionfs.c:680:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:722:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:742:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:762:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfs.c:786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/unionfsctl.c:40:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd = open(file_name, O_RDONLY );
data/unionfs-fuse-1.0/src/unlink.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[PATHLEN_MAX];
data/unionfs-fuse-1.0/src/usyslog.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_MSG_SIZE]; // 2nd argument for syslog()
data/unionfs-fuse-1.0/src/cow.c:147:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cow.umask = umask(0);
data/unionfs-fuse-1.0/src/cow.c:148:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cow.umask);
data/unionfs-fuse-1.0/src/cow.c:148:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cow.umask);
data/unionfs-fuse-1.0/src/cow_utils.c:187:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rcount = read(from_fd, buf, MAXBSIZE)) > 0) {
data/unionfs-fuse-1.0/src/cow_utils.c:220:54: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
fchmod(to_fd, fs->st_mode & RETAINBITS & ~cow->umask)) {
data/unionfs-fuse-1.0/src/cow_utils.h:14:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t umask;
data/unionfs-fuse-1.0/src/general.c:43:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(HIDETAG) > PATHLEN_MAX) RETURN(-ENAMETOOLONG);
data/unionfs-fuse-1.0/src/general.c:43:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(HIDETAG) > PATHLEN_MAX) RETURN(-ENAMETOOLONG);
data/unionfs-fuse-1.0/src/general.c:66:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *walk = whiteoutpath + uopt.branches[branch].path_len + strlen(METADIR) - 1;
data/unionfs-fuse-1.0/src/general.c:104:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) + strlen(HIDETAG) > PATHLEN_MAX) RETURN(-ENAMETOOLONG);
data/unionfs-fuse-1.0/src/general.c:104:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) + strlen(HIDETAG) > PATHLEN_MAX) RETURN(-ENAMETOOLONG);
data/unionfs-fuse-1.0/src/opts.c:123:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cwdlen = strlen(cwd);
data/unionfs-fuse-1.0/src/opts.c:131:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int abslen = cwdlen + strlen(relpath) + 2;
data/unionfs-fuse-1.0/src/opts.c:154:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path);
data/unionfs-fuse-1.0/src/opts.c:165:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/unionfs-fuse-1.0/src/opts.c:219:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(branch) == 0) continue;
data/unionfs-fuse-1.0/src/opts.c:251:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) < 3) {
data/unionfs-fuse-1.0/src/opts.c:346:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uopt.branches[i].path_len = strlen(path);
data/unionfs-fuse-1.0/src/opts.h:54:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
void set_debug_path(char *new_path, int strlen);
data/unionfs-fuse-1.0/src/string.c:38:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tag && tag != fname && strlen(tag) == strlen(HIDETAG)) {
data/unionfs-fuse-1.0/src/string.c:38:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tag && tag != fname && strlen(tag) == strlen(HIDETAG)) {
data/unionfs-fuse-1.0/src/string.c:106:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/unionfs-fuse-1.0/src/string.c:112:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(str);
data/unionfs-fuse-1.0/src/string.c:152:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ret, "."); // '/' not found, so path is only a file
data/unionfs-fuse-1.0/src/unionfs.c:882:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/unionfs-fuse-1.0/src/unionfsctl.c:56:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argument_param) < 1) {
data/unionfs-fuse-1.0/src/unionfsctl.c:63:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argument_param) > PATHLEN_MAX) {
data/unionfs-fuse-1.0/src/unionfsctl.c:77:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argument_param) < 1) {
ANALYSIS SUMMARY:
Hits = 105
Lines analyzed = 4673 in approximately 0.16 seconds (29532 lines/second)
Physical Source Lines of Code (SLOC) = 2734
Hits@level = [0] 57 [1] 28 [2] 50 [3] 12 [4] 8 [5] 7
Hits@level+ = [0+] 162 [1+] 105 [2+] 77 [3+] 27 [4+] 15 [5+] 7
Hits/KSLOC@level+ = [0+] 59.2538 [1+] 38.4053 [2+] 28.1639 [3+] 9.87564 [4+] 5.48647 [5+] 2.56035
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.