stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/urfkill-0.5.0/liburfkill-glib/urf-client.c
Examining data/urfkill-0.5.0/liburfkill-glib/urf-client.h
Examining data/urfkill-0.5.0/liburfkill-glib/urf-device.c
Examining data/urfkill-0.5.0/liburfkill-glib/urf-device.h
Examining data/urfkill-0.5.0/liburfkill-glib/urf-enum.h
Examining data/urfkill-0.5.0/liburfkill-glib/urf-killswitch.c
Examining data/urfkill-0.5.0/liburfkill-glib/urf-killswitch.h
Examining data/urfkill-0.5.0/liburfkill-glib/urfkill.h
Examining data/urfkill-0.5.0/src/urf-arbitrator.c
Examining data/urfkill-0.5.0/src/urf-arbitrator.h
Examining data/urfkill-0.5.0/src/urf-config.c
Examining data/urfkill-0.5.0/src/urf-config.h
Examining data/urfkill-0.5.0/src/urf-daemon.c
Examining data/urfkill-0.5.0/src/urf-daemon.h
Examining data/urfkill-0.5.0/src/urf-device.c
Examining data/urfkill-0.5.0/src/urf-device.h
Examining data/urfkill-0.5.0/src/urf-input.c
Examining data/urfkill-0.5.0/src/urf-input.h
Examining data/urfkill-0.5.0/src/urf-killswitch.c
Examining data/urfkill-0.5.0/src/urf-killswitch.h
Examining data/urfkill-0.5.0/src/urf-main.c
Examining data/urfkill-0.5.0/src/urf-polkit.c
Examining data/urfkill-0.5.0/src/urf-polkit.h
Examining data/urfkill-0.5.0/src/urf-seat-consolekit.c
Examining data/urfkill-0.5.0/src/urf-seat-consolekit.h
Examining data/urfkill-0.5.0/src/urf-seat-logind.c
Examining data/urfkill-0.5.0/src/urf-seat-logind.h
Examining data/urfkill-0.5.0/src/urf-session-checker-consolekit.c
Examining data/urfkill-0.5.0/src/urf-session-checker-consolekit.h
Examining data/urfkill-0.5.0/src/urf-session-checker-logind.c
Examining data/urfkill-0.5.0/src/urf-session-checker-logind.h
Examining data/urfkill-0.5.0/src/urf-session-checker-none.c
Examining data/urfkill-0.5.0/src/urf-session-checker-none.h
Examining data/urfkill-0.5.0/src/urf-utils.c
Examining data/urfkill-0.5.0/src/urf-utils.h
Examining data/urfkill-0.5.0/tests/catch-signal.c
Examining data/urfkill-0.5.0/tests/device-write.c
Examining data/urfkill-0.5.0/tests/enumerate-devices.c
Examining data/urfkill-0.5.0/tests/inhibit-keycontrol.c
Examining data/urfkill-0.5.0/tests/killswitch-write.c
Examining data/urfkill-0.5.0/tests/monitor-killswitch.c
Examining data/urfkill-0.5.0/tests/test-urfkill-client.c

FINAL RESULTS:

data/urfkill-0.5.0/src/urf-session-checker-consolekit.c:219:12:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		cookie = g_random_int_range (1, G_MAXINT);
data/urfkill-0.5.0/src/urf-session-checker-logind.c:219:12:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		cookie = g_random_int_range (1, G_MAXINT);
data/urfkill-0.5.0/src/urf-arbitrator.c:513:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open("/dev/rfkill", O_RDWR | O_NONBLOCK);
data/urfkill-0.5.0/src/urf-input.c:138:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(dev_node, O_RDONLY | O_NONBLOCK);
data/urfkill-0.5.0/src/urf-utils.c:113:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (index_c && atoi(index_c) == index)
data/urfkill-0.5.0/src/urf-arbitrator.c:460:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		gsize read;
data/urfkill-0.5.0/src/urf-arbitrator.c:466:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
						  &read,
data/urfkill-0.5.0/src/urf-arbitrator.c:486:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
							  &read,
data/urfkill-0.5.0/src/urf-arbitrator.c:528:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		len = read(fd, &event, sizeof(event));
data/urfkill-0.5.0/src/urf-config.c:184:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen (str1) < 1 || strlen (str2) < 1)
data/urfkill-0.5.0/src/urf-config.c:184:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen (str1) < 1 || strlen (str2) < 1)
data/urfkill-0.5.0/src/urf-config.c:221:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen (token[i]) < 1) {
data/urfkill-0.5.0/src/urf-config.c:245:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen (token[i]) < 1) {
data/urfkill-0.5.0/src/urf-config.c:269:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen (token[i]) < 1) {
data/urfkill-0.5.0/src/urf-config.c:445:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen (content);
data/urfkill-0.5.0/src/urf-config.c:537:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 strlen (header),
data/urfkill-0.5.0/src/urf-input.c:89:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		gsize read;
data/urfkill-0.5.0/src/urf-input.c:94:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
						  &read,
data/urfkill-0.5.0/src/urf-input.c:120:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
							  &read,
data/urfkill-0.5.0/src/urf-session-checker-consolekit.c:387:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen (new_owner) == 0 &&
data/urfkill-0.5.0/src/urf-session-checker-consolekit.c:388:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strlen (old_owner) > 0) {
data/urfkill-0.5.0/src/urf-session-checker-logind.c:390:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen (new_owner) == 0 &&
data/urfkill-0.5.0/src/urf-session-checker-logind.c:391:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strlen (old_owner) > 0) {

ANALYSIS SUMMARY:

Hits = 23
Lines analyzed = 9726 in approximately 0.21 seconds (47323 lines/second)
Physical Source Lines of Code (SLOC) = 6558
Hits@level = [0]  37 [1]  18 [2]   3 [3]   2 [4]   0 [5]   0
Hits@level+ = [0+]  60 [1+]  23 [2+]   5 [3+]   2 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 9.14913 [1+] 3.50717 [2+] 0.762428 [3+] 0.304971 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.