Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/usbredir-0.8.0/usbredirserver/usbredirserver.c Examining data/usbredir-0.8.0/usbredirhost/usbredirhost.h Examining data/usbredir-0.8.0/usbredirhost/usbredirhost.c Examining data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c Examining data/usbredir-0.8.0/usbredirparser/usbredirproto-compat.h Examining data/usbredir-0.8.0/usbredirparser/strtok_r.c Examining data/usbredir-0.8.0/usbredirparser/usbredirparser.c Examining data/usbredir-0.8.0/usbredirparser/usbredirfilter.h Examining data/usbredir-0.8.0/usbredirparser/usbredirfilter.c Examining data/usbredir-0.8.0/usbredirparser/usbredirparser.h Examining data/usbredir-0.8.0/usbredirparser/strtok_r.h Examining data/usbredir-0.8.0/usbredirparser/usbredirproto.h FINAL RESULTS: data/usbredir-0.8.0/usbredirhost/usbredirhost.c:155:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 3, 4))) data/usbredir-0.8.0/usbredirhost/usbredirhost.c:169:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf + n, sizeof(buf) - n, fmt, ap); data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1405:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. n = sprintf(buf, "%s", desc); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:83:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 3, 4))) data/usbredir-0.8.0/usbredirparser/usbredirparser.c:93:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf + n, sizeof(buf) - n, fmt, ap); data/usbredir-0.8.0/usbredirserver/usbredirserver.c:218:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((o = getopt_long(argc, argv, "hp:v:4:6:k:", longopts, NULL)) != -1) { data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:210:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((o = getopt_long(argc, argv, "hp:", longopts, NULL)) != -1) { data/usbredir-0.8.0/usbredirhost/usbredirhost.c:159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/usbredir-0.8.0/usbredirhost/usbredirhost.c:167:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(buf, "usbredirhost: "); data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1403:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1407:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n += sprintf(buf + n, " %02X", data[i + j]); data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1857:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char eps[MAX_ENDPOINTS]; data/usbredir-0.8.0/usbredirhost/usbredirhost.c:1888:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char eps[MAX_ENDPOINTS]; data/usbredir-0.8.0/usbredirhost/usbredirhost.c:2164:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + LIBUSB_CONTROL_SETUP_SIZE, data, data_len); data/usbredir-0.8.0/usbredirhost/usbredirhost.c:2373:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(libusb_get_iso_packet_buffer(transfer->transfer, j), data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:119:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "0x%02x%c", rules[i].device_class, *token_sep); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:121:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "-1%c", *token_sep); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:124:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "0x%04x%c", rules[i].vendor_id, *token_sep); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:126:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "-1%c", *token_sep); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:129:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "0x%04x%c", rules[i].product_id, *token_sep); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:131:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "-1%c", *token_sep); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:134:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "0x%04x%c", rules[i].device_version_bcd, *token_sep); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:136:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "-1%c", *token_sep); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:138:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%d%c", rules[i].allow ? 1:0, *rule_sep); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:244:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device_class[16], vendor[16], product[16], version[16]; data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:248:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(device_class, " %02x", rules[i].device_class); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:250:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(device_class, "ANY"); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:253:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(vendor, "%04x", rules[i].vendor_id); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:255:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(vendor, " ANY"); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:258:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(product, "%04x", rules[i].product_id); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:260:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(product, " ANY"); data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:263:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(version, "%2d.%02d", data/usbredir-0.8.0/usbredirparser/usbredirfilter.c:269:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(version, " ANY"); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:87:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/usbredir-0.8.0/usbredirparser/usbredirparser.c:91:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(buf, "usbredirparser: "); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:175:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(parser->our_caps, caps, caps_len * sizeof(uint32_t)); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:260:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1149:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(type_header_out, type_header_in, type_header_len); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1150:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_out, data_in, data_len); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1482:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*pos, &val, sizeof(uint32_t)); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1497:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, *pos, sizeof(uint32_t)); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1519:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*pos, &len, sizeof(uint32_t)); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1523:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*pos, data, len); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1543:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&len, *pos, sizeof(uint32_t)); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1564:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*data, *pos, len); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1645:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(write_buf_count_pos, &write_buf_count, sizeof(int32_t)); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1649:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state + sizeof(int32_t), &len, sizeof(int32_t)); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1683:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(orig_caps, parser->our_caps, i); data/usbredir-0.8.0/usbredirparser/usbredirproto.h:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[64]; data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[16]; data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:256:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(port_str, "%d", port); data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:426:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/usbredir-0.8.0/usbredirparser/usbredirparser.c:270:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, hello->version, sizeof(buf)); data/usbredir-0.8.0/usbredirparser/usbredirparser.c:1348:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (uint8_t *)str, strlen(str) + 1); data/usbredir-0.8.0/usbredirserver/usbredirserver.c:69:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int r = read(client_fd, data, count); data/usbredir-0.8.0/usbredirtestclient/usbredirtestclient.c:108:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int r = read(client_fd, data, count); ANALYSIS SUMMARY: Hits = 56 Lines analyzed = 6907 in approximately 0.17 seconds (41015 lines/second) Physical Source Lines of Code (SLOC) = 5412 Hits@level = [0] 55 [1] 4 [2] 45 [3] 2 [4] 5 [5] 0 Hits@level+ = [0+] 111 [1+] 56 [2+] 52 [3+] 7 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 20.51 [1+] 10.3474 [2+] 9.60828 [3+] 1.29342 [4+] 0.923873 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.