Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/usbredir-0.8.0/usbredirserver/usbredirserver.c
Examining data/usbredir-0.8.0/usbredirhost/usbredirhost.h
Examining data/usbredir-0.8.0/usbredirhost/usbredirhost.c
Examining data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c
Examining data/usbredir-0.8.0/usbredirparser/usbredirproto-compat.h
Examining data/usbredir-0.8.0/usbredirparser/strtok_r.c
Examining data/usbredir-0.8.0/usbredirparser/usbredirparser.c
Examining data/usbredir-0.8.0/usbredirparser/usbredirfilter.h
Examining data/usbredir-0.8.0/usbredirparser/usbredirfilter.c
Examining data/usbredir-0.8.0/usbredirparser/usbredirparser.h
Examining data/usbredir-0.8.0/usbredirparser/strtok_r.h
Examining data/usbredir-0.8.0/usbredirparser/usbredirproto.h
FINAL RESULTS:
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:155:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)))
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:169:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf + n, sizeof(buf) - n, fmt, ap);
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1405:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(buf, "%s", desc);
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:83:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)))
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:93:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf + n, sizeof(buf) - n, fmt, ap);
data/usbredir-0.8.0/usbredirserver/usbredirserver.c:218:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((o = getopt_long(argc, argv, "hp:v:4:6:k:", longopts, NULL)) != -1) {
data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:210:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((o = getopt_long(argc, argv, "hp:", longopts, NULL)) != -1) {
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:167:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(buf, "usbredirhost: ");
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1403:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1407:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(buf + n, " %02X", data[i + j]);
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1857:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char eps[MAX_ENDPOINTS];
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1888:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char eps[MAX_ENDPOINTS];
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:2164:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + LIBUSB_CONTROL_SETUP_SIZE, data, data_len);
data/usbredir-0.8.0/usbredirhost/usbredirhost.c:2373:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(libusb_get_iso_packet_buffer(transfer->transfer, j),
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:119:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "0x%02x%c", rules[i].device_class, *token_sep);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:121:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "-1%c", *token_sep);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:124:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "0x%04x%c", rules[i].vendor_id, *token_sep);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:126:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "-1%c", *token_sep);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:129:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "0x%04x%c", rules[i].product_id, *token_sep);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:131:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "-1%c", *token_sep);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:134:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "0x%04x%c", rules[i].device_version_bcd, *token_sep);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:136:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "-1%c", *token_sep);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:138:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d%c", rules[i].allow ? 1:0, *rule_sep);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:244:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_class[16], vendor[16], product[16], version[16];
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:248:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device_class, " %02x", rules[i].device_class);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:250:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(device_class, "ANY");
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:253:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(vendor, "%04x", rules[i].vendor_id);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:255:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, " ANY");
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:258:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(product, "%04x", rules[i].product_id);
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:260:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(product, " ANY");
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:263:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(version, "%2d.%02d",
data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:269:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(version, " ANY");
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:91:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(buf, "usbredirparser: ");
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:175:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parser->our_caps, caps, caps_len * sizeof(uint32_t));
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(type_header_out, type_header_in, type_header_len);
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_out, data_in, data_len);
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pos, &val, sizeof(uint32_t));
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1497:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, *pos, sizeof(uint32_t));
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1519:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pos, &len, sizeof(uint32_t));
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1523:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pos, data, len);
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1543:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&len, *pos, sizeof(uint32_t));
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1564:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*data, *pos, len);
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1645:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(write_buf_count_pos, &write_buf_count, sizeof(int32_t));
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1649:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state + sizeof(int32_t), &len, sizeof(int32_t));
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1683:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(orig_caps, parser->our_caps, i);
data/usbredir-0.8.0/usbredirparser/usbredirproto.h:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[64];
data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[16];
data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:256:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port_str, "%d", port);
data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:270:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, hello->version, sizeof(buf));
data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1348:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t *)str, strlen(str) + 1);
data/usbredir-0.8.0/usbredirserver/usbredirserver.c:69:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = read(client_fd, data, count);
data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:108:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = read(client_fd, data, count);
ANALYSIS SUMMARY:
Hits = 56
Lines analyzed = 6907 in approximately 0.17 seconds (41015 lines/second)
Physical Source Lines of Code (SLOC) = 5412
Hits@level = [0] 55 [1] 4 [2] 45 [3] 2 [4] 5 [5] 0
Hits@level+ = [0+] 111 [1+] 56 [2+] 52 [3+] 7 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 20.51 [1+] 10.3474 [2+] 9.60828 [3+] 1.29342 [4+] 0.923873 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.