Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/winregfs-0.7/config.h
Examining data/winregfs-0.7/fsck_winregfs.c
Examining data/winregfs-0.7/jody_hash.c
Examining data/winregfs-0.7/jody_hash.h
Examining data/winregfs-0.7/jody_string.c
Examining data/winregfs-0.7/jody_string.h
Examining data/winregfs-0.7/ntreg.c
Examining data/winregfs-0.7/ntreg.h
Examining data/winregfs-0.7/version.h
Examining data/winregfs-0.7/winregfs.c
Examining data/winregfs-0.7/winregfs.h
FINAL RESULTS:
data/winregfs-0.7/fsck_winregfs.c:110:34: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if(strncmp(keypath, "\\", 3)) strncat(filename, "\\", ABSPATHLEN);
data/winregfs-0.7/fsck_winregfs.c:111:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(filename, ex.name, ABSPATHLEN);
data/winregfs-0.7/fsck_winregfs.c:131:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(filename, "\\", ABSPATHLEN);
data/winregfs-0.7/fsck_winregfs.c:133:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
else strncat(filename, vex.name, ABSPATHLEN);
data/winregfs-0.7/winregfs.c:153:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(filename, ".", ABSPATHLEN);
data/winregfs-0.7/winregfs.c:154:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(filename, ext[vex->type], ABSPATHLEN);
data/winregfs-0.7/ntreg.c:47:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LOG(...) printf(__VA_ARGS__)
data/winregfs-0.7/ntreg.c:49:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DLOG(...) printf(__VA_ARGS__)
data/winregfs-0.7/ntreg.c:1082:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(part, path);
data/winregfs-0.7/winregfs.h:102:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(wd->log, __VA_ARGS__); fflush(wd->log); \
data/winregfs-0.7/winregfs.h:103:12: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
} else printf(__VA_ARGS__);
data/winregfs-0.7/winregfs.h:110:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define LOG(...) printf(__VA_ARGS__)
data/winregfs-0.7/winregfs.h:120:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(wd->log, __VA_ARGS__); fflush(wd->log); \
data/winregfs-0.7/winregfs.h:121:12: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
} else printf(__VA_ARGS__);
data/winregfs-0.7/winregfs.h:125:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DLOG(...) printf(__VA_ARGS__);
data/winregfs-0.7/fsck_winregfs.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ABSPATHLEN];
data/winregfs-0.7/fsck_winregfs.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/fsck_winregfs.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[ABSPATHLEN];
data/winregfs-0.7/fsck_winregfs.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ABSPATHLEN];
data/winregfs-0.7/ntreg.c:56:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *val_types[REG_MAX+1] = {
data/winregfs-0.7/ntreg.c:921:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[ABSPATHLEN+1];
data/winregfs-0.7/ntreg.c:922:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[ABSPATHLEN];
data/winregfs-0.7/ntreg.c:952:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path + 1, keyname, len_name);
data/winregfs-0.7/ntreg.c:1024:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part[ABSPATHLEN+1];
data/winregfs-0.7/ntreg.c:1407:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, hdesc->buffer + blockofs + 4, copylen);
data/winregfs-0.7/ntreg.c:1413:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (l && kr && keydataptr) memcpy(kr->data, keydataptr, l);
data/winregfs-0.7/ntreg.c:1436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdesc->buffer + ofs + 4, data, size);
data/winregfs-0.7/ntreg.c:1633:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdesc->buffer + newvlist + 4, hdesc->buffer + oldvlist + 0x1004, nk->no_values * 4 + 4);
data/winregfs-0.7/ntreg.c:1663:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&newvkkey->keyname, name, newvkkey->len_name); /* And copy name */
data/winregfs-0.7/ntreg.c:1770:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmplist, vlistkey, nk->no_values * sizeof(int32_t));
data/winregfs-0.7/ntreg.c:1942:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newnk->keyname, name, newnk->len_name);
data/winregfs-0.7/ntreg.c:2049:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[501];
data/winregfs-0.7/ntreg.c:2334:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keydataptr, kv->data, kv->len);
data/winregfs-0.7/ntreg.c:2395:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned v = ((const unsigned char *)string)[i] + ((const unsigned char *)string)[i+1] * 256u;
data/winregfs-0.7/ntreg.c:2395:76: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned v = ((const unsigned char *)string)[i] + ((const unsigned char *)string)[i+1] * 256u;
data/winregfs-0.7/ntreg.c:2406:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned v = ((const unsigned char *)string)[i] + ((const unsigned char *)string)[i+1] * 256u;
data/winregfs-0.7/ntreg.c:2406:76: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned v = ((const unsigned char *)string)[i] + ((const unsigned char *)string)[i+1] * 256u;
data/winregfs-0.7/ntreg.c:2588:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hdesc->fp = fopen(hdesc->filename, fmode);
data/winregfs-0.7/ntreg.c:2593:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hdesc->fp = fopen(hdesc->filename, fmode);
data/winregfs-0.7/ntreg.h:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[8]; /* 0x0000000C Q-Word last modify date in WinNT date-format */
data/winregfs-0.7/ntreg.h:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0x1fc-0x30]; /* 0x00000030 Seems like the hive's name is buried here, max len unknown */
data/winregfs-0.7/ntreg.h:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy1[14]; /* 0x14 to 0x001b may be timestamp in some windows versions, at least in first hbin */
data/winregfs-0.7/ntreg.h:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4]; /* Security data up to len_sk bytes */
data/winregfs-0.7/ntreg.h:155:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4]; /* 0x0004 D-Word ASCII: the first 4 characters of the key-name, */
data/winregfs-0.7/ntreg.h:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[1]; /* 0x0014 ???? Name */
data/winregfs-0.7/ntreg.h:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[12]; /* 0x0004 Q-Word write-date/time in windows nt notation */
data/winregfs-0.7/ntreg.h:273:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[1]; /* 0x004C ???? key-name */
data/winregfs-0.7/ntreg.h:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ABSPATHLEN];
data/winregfs-0.7/ntreg.h:292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:39:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ext[REG_MAX + 1] = {
data/winregfs-0.7/winregfs.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newstamp, timestamp, sizeof(int64_t));
data/winregfs-0.7/winregfs.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check1[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check2[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:636:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:705:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:708:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check1[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:709:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check2[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:775:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:776:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:783:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[4096];
data/winregfs-0.7/winregfs.c:851:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sptr + offset, size);
data/winregfs-0.7/winregfs.c:903:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:910:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[4096];
data/winregfs-0.7/winregfs.c:980:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newkv->data, kv->data, kv->len);
data/winregfs-0.7/winregfs.c:981:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)newkv->data + offset), buf, size);
data/winregfs-0.7/winregfs.c:1006:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf, string, kv->len >> 1);
data/winregfs-0.7/winregfs.c:1015:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((newbuf + offset), buf, size);
data/winregfs-0.7/winregfs.c:1109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:1110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:1169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:1170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:1211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:1212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:1253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:1254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keypath[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:1289:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int winregfs_utimens(const char * const restrict path,
data/winregfs-0.7/winregfs.c:1379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[ABSPATHLEN];
data/winregfs-0.7/winregfs.c:1415:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wd->log = fopen("debug.log", "w");
data/winregfs-0.7/winregfs.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *nk_last_path[NKOFS_CACHE_ITEMS];
data/winregfs-0.7/fsck_winregfs.c:52:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(keypath, path, ABSPATHLEN);
data/winregfs-0.7/fsck_winregfs.c:53:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(node, path, ABSPATHLEN);
data/winregfs-0.7/fsck_winregfs.c:55:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(node, basename(node), ABSPATHLEN);
data/winregfs-0.7/fsck_winregfs.c:91:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(keypath, path, ABSPATHLEN);
data/winregfs-0.7/fsck_winregfs.c:109:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, keypath, ABSPATHLEN);
data/winregfs-0.7/fsck_winregfs.c:130:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, keypath, ABSPATHLEN);
data/winregfs-0.7/fsck_winregfs.c:132:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vex.name) == 0) strncpy(filename, "@", 2);
data/winregfs-0.7/fsck_winregfs.c:132:31: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
if (strlen(vex.name) == 0) strncpy(filename, "@", 2);
data/winregfs-0.7/fsck_winregfs.c:169:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file, argv[argc-1], ABSPATHLEN);
data/winregfs-0.7/ntreg.c:142:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/winregfs-0.7/ntreg.c:144:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str_new, str, len);
data/winregfs-0.7/ntreg.c:870:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(sptr->name, "", 2);
data/winregfs-0.7/ntreg.c:936:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(path);
data/winregfs-0.7/ntreg.c:939:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, path, ABSPATHLEN-1);
data/winregfs-0.7/ntreg.c:946:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_name = strlen(keyname);
data/winregfs-0.7/ntreg.c:947:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)(strlen(path) + len_name) >= maxlen - 6) {
data/winregfs-0.7/ntreg.c:949:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(path); /* Stop trace when string exhausted */
data/winregfs-0.7/ntreg.c:953:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path + len_name + 1, tmp, maxlen - 6 - len_name);
data/winregfs-0.7/ntreg.c:978:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/winregfs-0.7/ntreg.c:1122:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
part_len = strlen(part);
data/winregfs-0.7/ntreg.c:1638:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newvkofs = alloc_block(hdesc, newvlist, sizeof(struct vk_key) + strlen(name));
data/winregfs-0.7/ntreg.c:1653:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newvkkey->len_name = strlen(name);
data/winregfs-0.7/ntreg.c:1823:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namlen = strlen(name);
data/winregfs-0.7/ntreg.c:1926:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newnkofs = alloc_block(hdesc, nkofs, sizeof(struct nk_key) + strlen(name));
data/winregfs-0.7/ntreg.c:1940:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newnk->len_name = strlen(name);
data/winregfs-0.7/ntreg.c:1967:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newlf->h.hash[slot].name, name, 4);
data/winregfs-0.7/ntreg.c:1969:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, hash = 0; i < (int)strlen(name); i++) {
data/winregfs-0.7/ntreg.c:2055:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namlen = strlen(name);
data/winregfs-0.7/winregfs.c:36:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define cache_hash(a) jody_block_hash((const hash_t *)a, 0, strlen(a))
data/winregfs-0.7/winregfs.c:164:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(path); i >= 0; i--) {
data/winregfs-0.7/winregfs.c:456:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vex.name) == 0) xstrcpy(filename, "@.sz");
data/winregfs-0.7/winregfs.c:565:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vex.name) == 0) xstrcpy(filename, "@.sz");
data/winregfs-0.7/winregfs.c:673:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vex.name) == 0) {
data/winregfs-0.7/winregfs.c:748:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vex.name) == 0) xstrcpy(filename, "@.sz");
data/winregfs-0.7/winregfs.c:804:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vex.name) == 0) xstrcpy(filename, "@");
data/winregfs-0.7/winregfs.c:833:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string) + 1;
ANALYSIS SUMMARY:
Hits = 129
Lines analyzed = 5232 in approximately 0.17 seconds (29966 lines/second)
Physical Source Lines of Code (SLOC) = 3650
Hits@level = [0] 31 [1] 36 [2] 78 [3] 0 [4] 9 [5] 6
Hits@level+ = [0+] 160 [1+] 129 [2+] 93 [3+] 15 [4+] 15 [5+] 6
Hits/KSLOC@level+ = [0+] 43.8356 [1+] 35.3425 [2+] 25.4795 [3+] 4.10959 [4+] 4.10959 [5+] 1.64384
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.