Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/webdis-0.1.9+dfsg/src/acl.c
Examining data/webdis-0.1.9+dfsg/src/acl.h
Examining data/webdis-0.1.9+dfsg/src/client.c
Examining data/webdis-0.1.9+dfsg/src/client.h
Examining data/webdis-0.1.9+dfsg/src/cmd.c
Examining data/webdis-0.1.9+dfsg/src/cmd.h
Examining data/webdis-0.1.9+dfsg/src/conf.c
Examining data/webdis-0.1.9+dfsg/src/conf.h
Examining data/webdis-0.1.9+dfsg/src/formats/common.c
Examining data/webdis-0.1.9+dfsg/src/formats/common.h
Examining data/webdis-0.1.9+dfsg/src/formats/custom-type.c
Examining data/webdis-0.1.9+dfsg/src/formats/custom-type.h
Examining data/webdis-0.1.9+dfsg/src/formats/json.c
Examining data/webdis-0.1.9+dfsg/src/formats/json.h
Examining data/webdis-0.1.9+dfsg/src/formats/msgpack.h
Examining data/webdis-0.1.9+dfsg/src/formats/raw.c
Examining data/webdis-0.1.9+dfsg/src/formats/raw.h
Examining data/webdis-0.1.9+dfsg/src/formats/msgpack.c
Examining data/webdis-0.1.9+dfsg/src/http-parser/http_parser.c
Examining data/webdis-0.1.9+dfsg/src/http-parser/http_parser.h
Examining data/webdis-0.1.9+dfsg/src/http.c
Examining data/webdis-0.1.9+dfsg/src/http.h
Examining data/webdis-0.1.9+dfsg/src/md5/md5.c
Examining data/webdis-0.1.9+dfsg/src/md5/md5.h
Examining data/webdis-0.1.9+dfsg/src/pool.c
Examining data/webdis-0.1.9+dfsg/src/pool.h
Examining data/webdis-0.1.9+dfsg/src/server.h
Examining data/webdis-0.1.9+dfsg/src/sha1/sha1.c
Examining data/webdis-0.1.9+dfsg/src/sha1/sha1.h
Examining data/webdis-0.1.9+dfsg/src/slog.c
Examining data/webdis-0.1.9+dfsg/src/slog.h
Examining data/webdis-0.1.9+dfsg/src/version.h
Examining data/webdis-0.1.9+dfsg/src/webdis.c
Examining data/webdis-0.1.9+dfsg/src/websocket.c
Examining data/webdis-0.1.9+dfsg/src/websocket.h
Examining data/webdis-0.1.9+dfsg/src/worker.c
Examining data/webdis-0.1.9+dfsg/src/worker.h
Examining data/webdis-0.1.9+dfsg/src/server.c
Examining data/webdis-0.1.9+dfsg/tests/websocket.c
Examining data/webdis-0.1.9+dfsg/tests/pubsub.c
FINAL RESULTS:
data/webdis-0.1.9+dfsg/src/http.c:175:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ret = sprintf(r->out, "HTTP/1.%d %d %s\r\n", (r->http_version?1:0), r->code, r->msg);
data/webdis-0.1.9+dfsg/src/pool.c:143:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t sz = sprintf(err, msg, ac->errstr);
data/webdis-0.1.9+dfsg/src/server.c:82:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer, comment, port_num);
data/webdis-0.1.9+dfsg/tests/websocket.c:196:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ws_handshake_sz = (size_t)sprintf(ws_handshake, ws_template,
data/webdis-0.1.9+dfsg/tests/pubsub.c:280:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "h:p:r:w:c:n:")) != -1) {
data/webdis-0.1.9+dfsg/tests/websocket.c:250:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "h:p:c:n:v")) != -1) {
data/webdis-0.1.9+dfsg/src/client.c:25:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->path + c->path_sz, at, sz);
data/webdis-0.1.9+dfsg/src/client.c:46:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->body + c->body_sz, at, sz);
data/webdis-0.1.9+dfsg/src/client.c:69:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->headers[n-1].key + c->headers[n-1].key_sz, at, sz);
data/webdis-0.1.9+dfsg/src/client.c:85:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, format, sizeof(format)-1); /* copy format */
data/webdis-0.1.9+dfsg/src/client.c:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + sizeof(format)-1, val, val_len); /* copy filename */
data/webdis-0.1.9+dfsg/src/client.c:124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->type, val, val_len);
data/webdis-0.1.9+dfsg/src/client.c:128:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->jsonp, val, val_len);
data/webdis-0.1.9+dfsg/src/client.c:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->separator, val, val_len);
data/webdis-0.1.9+dfsg/src/client.c:153:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->headers[n-1].val + c->headers[n-1].val_sz, at, sz);
data/webdis-0.1.9+dfsg/src/client.c:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/webdis-0.1.9+dfsg/src/client.c:313:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->buffer + c->sz, buffer, ret);
data/webdis-0.1.9+dfsg/src/client.c:331:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, c->buffer + sz, c->sz - sz);
data/webdis-0.1.9+dfsg/src/cmd.c:104:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->if_none_match, client->headers[i].val,
data/webdis-0.1.9+dfsg/src/cmd.c:213:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->argv[0], cmd_name, cmd_len);
data/webdis-0.1.9+dfsg/src/cmd.c:268:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->argv[cur_param], body, body_len);
data/webdis-0.1.9+dfsg/src/conf.c:134:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ac->commands[cur], s, sz);
data/webdis-0.1.9+dfsg/src/conf.c:159:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ip, s, (size_t)(p - s));
data/webdis-0.1.9+dfsg/src/conf.c:160:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mask_bits = (unsigned short)atoi(p+1);
data/webdis-0.1.9+dfsg/src/formats/common.c:28:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etag + 1 + 2*i, "%.2x", (unsigned char)buf[i]);
data/webdis-0.1.9+dfsg/src/formats/custom-type.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char int_buffer[50];
data/webdis-0.1.9+dfsg/src/formats/custom-type.c:47:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(status_buf + 1, reply->str, reply->len);
data/webdis-0.1.9+dfsg/src/formats/custom-type.c:53:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int_len = sprintf(int_buffer, "%lld", reply->integer);
data/webdis-0.1.9+dfsg/src/formats/custom-type.c:108:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, cmd->separator, sep_len);
data/webdis-0.1.9+dfsg/src/formats/custom-type.c:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, e->str, e->len);
data/webdis-0.1.9+dfsg/src/formats/json.c:68:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, p, colon - p);
data/webdis-0.1.9+dfsg/src/formats/json.c:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, p, nl - p);
data/webdis-0.1.9+dfsg/src/formats/json.c:126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(verb, cmd->argv[0], cmd->argv_len[0]);
data/webdis-0.1.9+dfsg/src/formats/json.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, jsonp, jsonp_len);
data/webdis-0.1.9+dfsg/src/formats/json.c:204:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + jsonp_len + 1, json_reply, json_len);
data/webdis-0.1.9+dfsg/src/formats/json.c:205:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + jsonp_len + 1 + json_len, ");\n", 3);
data/webdis-0.1.9+dfsg/src/formats/json.c:229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jsonz, p, sz);
data/webdis-0.1.9+dfsg/src/formats/json.c:278:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", (int)json_integer_value(jelem));
data/webdis-0.1.9+dfsg/src/formats/msgpack.c:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->p + out->sz, s, sz);
data/webdis-0.1.9+dfsg/src/formats/msgpack.c:122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, p, key_sz);
data/webdis-0.1.9+dfsg/src/formats/msgpack.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, p, val_sz);
data/webdis-0.1.9+dfsg/src/formats/raw.c:74:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->argv[i], ri->str, ri->len);
data/webdis-0.1.9+dfsg/src/formats/raw.c:80:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd->argv[i], "%lld", ri->integer);
data/webdis-0.1.9+dfsg/src/formats/raw.c:128:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "*%zd\r\n", r->elements);
data/webdis-0.1.9+dfsg/src/formats/raw.c:135:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "$%d\r\n", e->len);
data/webdis-0.1.9+dfsg/src/formats/raw.c:136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, e->str, e->len);
data/webdis-0.1.9+dfsg/src/formats/raw.c:144:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "$%d\r\n%lld\r\n",
data/webdis-0.1.9+dfsg/src/formats/raw.c:164:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret+1, r->str, *sz-3);
data/webdis-0.1.9+dfsg/src/formats/raw.c:165:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret+*sz - 2, "\r\n", 2);
data/webdis-0.1.9+dfsg/src/formats/raw.c:171:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "$%d\r\n", r->len);
data/webdis-0.1.9+dfsg/src/formats/raw.c:172:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, r->str, *sz - 2 - (p-ret));
data/webdis-0.1.9+dfsg/src/formats/raw.c:173:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + *sz - 2, "\r\n", 2);
data/webdis-0.1.9+dfsg/src/formats/raw.c:179:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, ":%lld\r\n", r->integer);
data/webdis-0.1.9+dfsg/src/formats/raw.c:188:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, "$-1\r\n", 5);
data/webdis-0.1.9+dfsg/src/http-parser/http_parser.c:110:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tokens[256] = {
data/webdis-0.1.9+dfsg/src/http.c:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->headers[pos].key, k, key_sz);
data/webdis-0.1.9+dfsg/src/http.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->headers[pos].val, v, val_sz);
data/webdis-0.1.9+dfsg/src/http.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *out, tmp[64];
data/webdis-0.1.9+dfsg/src/http.c:154:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
chunk_size = sprintf(tmp, "%x\r\n", (int)sz);
data/webdis-0.1.9+dfsg/src/http.c:158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, tmp, chunk_size);
data/webdis-0.1.9+dfsg/src/http.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + chunk_size, p, sz);
data/webdis-0.1.9+dfsg/src/http.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + chunk_size + sz, "\r\n", 2);
data/webdis-0.1.9+dfsg/src/http.c:181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_length[10];
data/webdis-0.1.9+dfsg/src/http.c:182:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(content_length, "%zd", r->body_len);
data/webdis-0.1.9+dfsg/src/http.c:196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, r->headers[i].key, r->headers[i].key_sz);
data/webdis-0.1.9+dfsg/src/http.c:204:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, r->headers[i].val, r->headers[i].val_sz);
data/webdis-0.1.9+dfsg/src/http.c:221:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->out + r->out_sz, "\r\n", 2);
data/webdis-0.1.9+dfsg/src/http.c:234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->out + r->out_sz, tmp, tmp_len);
data/webdis-0.1.9+dfsg/src/md5/md5.c:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf, data, 64);
data/webdis-0.1.9+dfsg/src/md5/md5.c:343:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf + offset, p, copy);
data/webdis-0.1.9+dfsg/src/md5/md5.c:357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf, p, left);
data/webdis-0.1.9+dfsg/src/server.c:155:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR, 0)) != -1) {
data/webdis-0.1.9+dfsg/src/server.c:164:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(pidfile, "w");
data/webdis-0.1.9+dfsg/src/sha1/sha1.h:38:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Message_Block[64]; /* 512-bit message blocks */
data/webdis-0.1.9+dfsg/src/slog.c:28:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s->log.fd = open(s->cfg->logfile,
data/webdis-0.1.9+dfsg/src/slog.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[64];
data/webdis-0.1.9+dfsg/src/slog.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[124];
data/webdis-0.1.9+dfsg/src/slog.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256]; /* bounds are checked. */
data/webdis-0.1.9+dfsg/src/websocket.c:41:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buffer, sha1_output[20];
data/webdis-0.1.9+dfsg/src/websocket.c:53:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, key, key_sz);
data/webdis-0.1.9+dfsg/src/websocket.c:54:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+key_sz, magic, sizeof(magic)-1);
data/webdis-0.1.9+dfsg/src/websocket.c:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sha1_output, (unsigned char*)ctx.Message_Digest, 20);
data/webdis-0.1.9+dfsg/src/websocket.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sha1_handshake[40];
data/webdis-0.1.9+dfsg/src/websocket.c:132:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, template0, sizeof(template0)-1);
data/webdis-0.1.9+dfsg/src/websocket.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, origin, origin_sz);
data/webdis-0.1.9+dfsg/src/websocket.c:138:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, template1, sizeof(template1)-1);
data/webdis-0.1.9+dfsg/src/websocket.c:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, host, host_sz);
data/webdis-0.1.9+dfsg/src/websocket.c:142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, c->path, c->path_sz);
data/webdis-0.1.9+dfsg/src/websocket.c:146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, template2, sizeof(template2)-1);
data/webdis-0.1.9+dfsg/src/websocket.c:148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, host, host_sz);
data/webdis-0.1.9+dfsg/src/websocket.c:152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, template3, sizeof(template3)-1);
data/webdis-0.1.9+dfsg/src/websocket.c:154:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &sha1_handshake[0], handshake_sz);
data/webdis-0.1.9+dfsg/src/websocket.c:158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, template4, sizeof(template4)-1);
data/webdis-0.1.9+dfsg/src/websocket.c:232:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->payload + m->payload_sz, p, psz);
data/webdis-0.1.9+dfsg/src/websocket.c:257:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mask[4];
data/webdis-0.1.9+dfsg/src/websocket.c:273:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sz16, frame + 2, sizeof(uint16_t));
data/webdis-0.1.9+dfsg/src/websocket.c:350:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 2, p, sz);
data/webdis-0.1.9+dfsg/src/websocket.c:355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 2, &sz16, 2);
data/webdis-0.1.9+dfsg/src/websocket.c:356:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 4, p, sz);
data/webdis-0.1.9+dfsg/src/websocket.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz64[8] = webdis_htonl64(sz);
data/webdis-0.1.9+dfsg/src/websocket.c:361:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 2, sz64, 8);
data/webdis-0.1.9+dfsg/src/websocket.c:362:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 10, p, sz);
data/webdis-0.1.9+dfsg/tests/pubsub.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp[2048];
data/webdis-0.1.9+dfsg/tests/pubsub.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/webdis-0.1.9+dfsg/tests/pubsub.c:171:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c->http_request, "GET /SUBSCRIBE/chan:%d HTTP/1.1\r\n\r\n", chan);
data/webdis-0.1.9+dfsg/tests/pubsub.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/webdis-0.1.9+dfsg/tests/pubsub.c:222:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c->http_request, "GET /PUBLISH/chan:%d/hi HTTP/1.1\r\n\r\n", chan);
data/webdis-0.1.9+dfsg/tests/pubsub.c:291:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = (short)atol(colon+1);
data/webdis-0.1.9+dfsg/tests/pubsub.c:296:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = (short)atol(optarg);
data/webdis-0.1.9+dfsg/tests/pubsub.c:300:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r = atoi(optarg);
data/webdis-0.1.9+dfsg/tests/pubsub.c:304:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w = atoi(optarg);
data/webdis-0.1.9+dfsg/tests/pubsub.c:308:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chans = atoi(optarg);
data/webdis-0.1.9+dfsg/tests/pubsub.c:312:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(optarg);
data/webdis-0.1.9+dfsg/tests/websocket.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[2048], *pos;
data/webdis-0.1.9+dfsg/tests/websocket.c:261:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi.port = (short)atol(colon+1);
data/webdis-0.1.9+dfsg/tests/websocket.c:266:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi.port = (short)atol(optarg);
data/webdis-0.1.9+dfsg/tests/websocket.c:270:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_count = atoi(optarg);
data/webdis-0.1.9+dfsg/tests/websocket.c:274:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msg_target = atoi(optarg);
data/webdis-0.1.9+dfsg/src/client.c:199:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->path_sz = strlen(c->path);
data/webdis-0.1.9+dfsg/src/client.c:284:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(c->fd, buffer, sizeof(buffer));
data/webdis-0.1.9+dfsg/src/client.c:360:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(key);
data/webdis-0.1.9+dfsg/src/conf.c:131:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(s);
data/webdis-0.1.9+dfsg/src/conf.c:176:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len, plain_len = strlen(plain) + 0;
data/webdis-0.1.9+dfsg/src/formats/custom-type.c:83:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sep_len = strlen(cmd->separator);
data/webdis-0.1.9+dfsg/src/formats/json.c:40:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
format_send_reply(cmd, jstr, strlen(jstr), "application/json");
data/webdis-0.1.9+dfsg/src/formats/json.c:53:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(s);
data/webdis-0.1.9+dfsg/src/formats/json.c:197:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t jsonp_len = strlen(jsonp);
data/webdis-0.1.9+dfsg/src/formats/json.c:198:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t json_len = strlen(json_reply);
data/webdis-0.1.9+dfsg/src/formats/json.c:272:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->argv_len[cur] = strlen(tmp);
data/webdis-0.1.9+dfsg/src/formats/json.c:281:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->argv_len[cur] = strlen(tmp);
data/webdis-0.1.9+dfsg/src/http.c:50:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t key_sz = strlen(k);
data/webdis-0.1.9+dfsg/src/http.c:51:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t val_sz = strlen(v);
data/webdis-0.1.9+dfsg/src/http.c:172:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r->out_sz = sizeof("HTTP/1.x xxx ")-1 + strlen(r->msg) + 2;
data/webdis-0.1.9+dfsg/src/pool.c:140:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t errlen = strlen(ac->errstr);
data/webdis-0.1.9+dfsg/src/server.c:81:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buffer = malloc(strlen(comment) -2 + strlen("65535") + 1);
data/webdis-0.1.9+dfsg/src/server.c:81:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buffer = malloc(strlen(comment) -2 + strlen("65535") + 1);
data/webdis-0.1.9+dfsg/src/slog.c:64:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = sz ? sz:strlen(body);
data/webdis-0.1.9+dfsg/src/websocket.c:49:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t key_sz = key?strlen(key):0, buffer_sz = key_sz + sizeof(magic) - 1;
data/webdis-0.1.9+dfsg/src/websocket.c:71:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*out_sz = strlen(out);
data/webdis-0.1.9+dfsg/src/websocket.c:102:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
origin_sz = strlen(origin);
data/webdis-0.1.9+dfsg/src/websocket.c:104:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
origin_sz = strlen(origin);
data/webdis-0.1.9+dfsg/src/websocket.c:107:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host_sz = strlen(host);
data/webdis-0.1.9+dfsg/src/worker.c:120:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(pipefd, &addr, sizeof(addr));
data/webdis-0.1.9+dfsg/tests/pubsub.c:68:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int r = write(c->fd, buffer, strlen(buffer));
data/webdis-0.1.9+dfsg/tests/pubsub.c:73:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(c->fd, resp+pos, sizeof(resp)-pos);
data/webdis-0.1.9+dfsg/tests/pubsub.c:128:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(fd, buffer, sizeof(buffer));
data/webdis-0.1.9+dfsg/tests/pubsub.c:190:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, buffer, sizeof(buffer)); /* discard */
data/webdis-0.1.9+dfsg/tests/pubsub.c:285:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(optarg);
data/webdis-0.1.9+dfsg/tests/pubsub.c:287:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(host, optarg, sz);
data/webdis-0.1.9+dfsg/tests/pubsub.c:290:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(host, optarg, colon-optarg);
data/webdis-0.1.9+dfsg/tests/websocket.c:94:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, packet, sizeof(packet));
data/webdis-0.1.9+dfsg/tests/websocket.c:194:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 2*strlen(wt->hi->host) + 500;
data/webdis-0.1.9+dfsg/tests/websocket.c:255:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(optarg);
data/webdis-0.1.9+dfsg/tests/websocket.c:257:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hi.host, optarg, sz);
data/webdis-0.1.9+dfsg/tests/websocket.c:260:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hi.host, optarg, colon-optarg);
ANALYSIS SUMMARY:
Hits = 155
Lines analyzed = 7516 in approximately 0.21 seconds (36550 lines/second)
Physical Source Lines of Code (SLOC) = 5257
Hits@level = [0] 18 [1] 37 [2] 112 [3] 2 [4] 4 [5] 0
Hits@level+ = [0+] 173 [1+] 155 [2+] 118 [3+] 6 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 32.9085 [1+] 29.4845 [2+] 22.4463 [3+] 1.14134 [4+] 0.76089 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.