Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/winregfs-0.7/config.h Examining data/winregfs-0.7/fsck_winregfs.c Examining data/winregfs-0.7/jody_hash.c Examining data/winregfs-0.7/jody_hash.h Examining data/winregfs-0.7/jody_string.c Examining data/winregfs-0.7/jody_string.h Examining data/winregfs-0.7/ntreg.c Examining data/winregfs-0.7/ntreg.h Examining data/winregfs-0.7/version.h Examining data/winregfs-0.7/winregfs.c Examining data/winregfs-0.7/winregfs.h FINAL RESULTS: data/winregfs-0.7/fsck_winregfs.c:110:34: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. if(strncmp(keypath, "\\", 3)) strncat(filename, "\\", ABSPATHLEN); data/winregfs-0.7/fsck_winregfs.c:111:4: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(filename, ex.name, ABSPATHLEN); data/winregfs-0.7/fsck_winregfs.c:131:4: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(filename, "\\", ABSPATHLEN); data/winregfs-0.7/fsck_winregfs.c:133:9: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. else strncat(filename, vex.name, ABSPATHLEN); data/winregfs-0.7/winregfs.c:153:2: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(filename, ".", ABSPATHLEN); data/winregfs-0.7/winregfs.c:154:2: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(filename, ext[vex->type], ABSPATHLEN); data/winregfs-0.7/ntreg.c:47:18: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define LOG(...) printf(__VA_ARGS__) data/winregfs-0.7/ntreg.c:49:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DLOG(...) printf(__VA_ARGS__) data/winregfs-0.7/ntreg.c:1082:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(part, path); data/winregfs-0.7/winregfs.h:102:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(wd->log, __VA_ARGS__); fflush(wd->log); \ data/winregfs-0.7/winregfs.h:103:12: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. } else printf(__VA_ARGS__); data/winregfs-0.7/winregfs.h:110:20: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define LOG(...) printf(__VA_ARGS__) data/winregfs-0.7/winregfs.h:120:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(wd->log, __VA_ARGS__); fflush(wd->log); \ data/winregfs-0.7/winregfs.h:121:12: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. } else printf(__VA_ARGS__); data/winregfs-0.7/winregfs.h:125:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DLOG(...) printf(__VA_ARGS__); data/winregfs-0.7/fsck_winregfs.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[ABSPATHLEN]; data/winregfs-0.7/fsck_winregfs.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/fsck_winregfs.c:148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[ABSPATHLEN]; data/winregfs-0.7/fsck_winregfs.c:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[ABSPATHLEN]; data/winregfs-0.7/ntreg.c:56:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *val_types[REG_MAX+1] = { data/winregfs-0.7/ntreg.c:921:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[ABSPATHLEN+1]; data/winregfs-0.7/ntreg.c:922:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[ABSPATHLEN]; data/winregfs-0.7/ntreg.c:952:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(path + 1, keyname, len_name); data/winregfs-0.7/ntreg.c:1024:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char part[ABSPATHLEN+1]; data/winregfs-0.7/ntreg.c:1407:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, hdesc->buffer + blockofs + 4, copylen); data/winregfs-0.7/ntreg.c:1413:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (l && kr && keydataptr) memcpy(kr->data, keydataptr, l); data/winregfs-0.7/ntreg.c:1436:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hdesc->buffer + ofs + 4, data, size); data/winregfs-0.7/ntreg.c:1633:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hdesc->buffer + newvlist + 4, hdesc->buffer + oldvlist + 0x1004, nk->no_values * 4 + 4); data/winregfs-0.7/ntreg.c:1663:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)&newvkkey->keyname, name, newvkkey->len_name); /* And copy name */ data/winregfs-0.7/ntreg.c:1770:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmplist, vlistkey, nk->no_values * sizeof(int32_t)); data/winregfs-0.7/ntreg.c:1942:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newnk->keyname, name, newnk->len_name); data/winregfs-0.7/ntreg.c:2049:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[501]; data/winregfs-0.7/ntreg.c:2334:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keydataptr, kv->data, kv->len); data/winregfs-0.7/ntreg.c:2395:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned v = ((const unsigned char *)string)[i] + ((const unsigned char *)string)[i+1] * 256u; data/winregfs-0.7/ntreg.c:2395:76: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned v = ((const unsigned char *)string)[i] + ((const unsigned char *)string)[i+1] * 256u; data/winregfs-0.7/ntreg.c:2406:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned v = ((const unsigned char *)string)[i] + ((const unsigned char *)string)[i+1] * 256u; data/winregfs-0.7/ntreg.c:2406:76: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned v = ((const unsigned char *)string)[i] + ((const unsigned char *)string)[i+1] * 256u; data/winregfs-0.7/ntreg.c:2588:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hdesc->fp = fopen(hdesc->filename, fmode); data/winregfs-0.7/ntreg.c:2593:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hdesc->fp = fopen(hdesc->filename, fmode); data/winregfs-0.7/ntreg.h:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[8]; /* 0x0000000C Q-Word last modify date in WinNT date-format */ data/winregfs-0.7/ntreg.h:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[0x1fc-0x30]; /* 0x00000030 Seems like the hive's name is buried here, max len unknown */ data/winregfs-0.7/ntreg.h:100:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy1[14]; /* 0x14 to 0x001b may be timestamp in some windows versions, at least in first hbin */ data/winregfs-0.7/ntreg.h:134:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[4]; /* Security data up to len_sk bytes */ data/winregfs-0.7/ntreg.h:155:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4]; /* 0x0004 D-Word ASCII: the first 4 characters of the key-name, */ data/winregfs-0.7/ntreg.h:238:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[1]; /* 0x0014 ???? Name */ data/winregfs-0.7/ntreg.h:256:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[12]; /* 0x0004 Q-Word write-date/time in windows nt notation */ data/winregfs-0.7/ntreg.h:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[1]; /* 0x004C ???? key-name */ data/winregfs-0.7/ntreg.h:283:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[ABSPATHLEN]; data/winregfs-0.7/ntreg.h:292:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:39:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *ext[REG_MAX + 1] = { data/winregfs-0.7/winregfs.c:56:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newstamp, timestamp, sizeof(int64_t)); data/winregfs-0.7/winregfs.c:176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:209:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:393:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:418:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:419:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:420:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:511:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:512:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:513:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:514:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char check1[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:515:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char check2[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:636:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:637:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:705:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:706:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:707:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:708:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char check1[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:709:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char check2[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:775:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:776:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:777:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:783:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[4096]; data/winregfs-0.7/winregfs.c:851:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, sptr + offset, size); data/winregfs-0.7/winregfs.c:903:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:904:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:910:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[4096]; data/winregfs-0.7/winregfs.c:980:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newkv->data, kv->data, kv->len); data/winregfs-0.7/winregfs.c:981:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *)newkv->data + offset), buf, size); data/winregfs-0.7/winregfs.c:1006:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuf, string, kv->len >> 1); data/winregfs-0.7/winregfs.c:1015:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((newbuf + offset), buf, size); data/winregfs-0.7/winregfs.c:1109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:1110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:1169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:1170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:1211:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:1212:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:1253:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:1254:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypath[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:1289:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int winregfs_utimens(const char * const restrict path, data/winregfs-0.7/winregfs.c:1379:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[ABSPATHLEN]; data/winregfs-0.7/winregfs.c:1415:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). wd->log = fopen("debug.log", "w"); data/winregfs-0.7/winregfs.h:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nk_last_path[NKOFS_CACHE_ITEMS]; data/winregfs-0.7/fsck_winregfs.c:52:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(keypath, path, ABSPATHLEN); data/winregfs-0.7/fsck_winregfs.c:53:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(node, path, ABSPATHLEN); data/winregfs-0.7/fsck_winregfs.c:55:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(node, basename(node), ABSPATHLEN); data/winregfs-0.7/fsck_winregfs.c:91:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(keypath, path, ABSPATHLEN); data/winregfs-0.7/fsck_winregfs.c:109:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, keypath, ABSPATHLEN); data/winregfs-0.7/fsck_winregfs.c:130:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, keypath, ABSPATHLEN); data/winregfs-0.7/fsck_winregfs.c:132:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vex.name) == 0) strncpy(filename, "@", 2); data/winregfs-0.7/fsck_winregfs.c:132:31: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. if (strlen(vex.name) == 0) strncpy(filename, "@", 2); data/winregfs-0.7/fsck_winregfs.c:169:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(file, argv[argc-1], ABSPATHLEN); data/winregfs-0.7/ntreg.c:142:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str) + 1; data/winregfs-0.7/ntreg.c:144:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str_new, str, len); data/winregfs-0.7/ntreg.c:870:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(sptr->name, "", 2); data/winregfs-0.7/ntreg.c:936:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(path); data/winregfs-0.7/ntreg.c:939:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, path, ABSPATHLEN-1); data/winregfs-0.7/ntreg.c:946:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_name = strlen(keyname); data/winregfs-0.7/ntreg.c:947:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)(strlen(path) + len_name) >= maxlen - 6) { data/winregfs-0.7/ntreg.c:949:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(path); /* Stop trace when string exhausted */ data/winregfs-0.7/ntreg.c:953:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path + len_name + 1, tmp, maxlen - 6 - len_name); data/winregfs-0.7/ntreg.c:978:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/winregfs-0.7/ntreg.c:1122:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). part_len = strlen(part); data/winregfs-0.7/ntreg.c:1638:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newvkofs = alloc_block(hdesc, newvlist, sizeof(struct vk_key) + strlen(name)); data/winregfs-0.7/ntreg.c:1653:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newvkkey->len_name = strlen(name); data/winregfs-0.7/ntreg.c:1823:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namlen = strlen(name); data/winregfs-0.7/ntreg.c:1926:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newnkofs = alloc_block(hdesc, nkofs, sizeof(struct nk_key) + strlen(name)); data/winregfs-0.7/ntreg.c:1940:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newnk->len_name = strlen(name); data/winregfs-0.7/ntreg.c:1967:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newlf->h.hash[slot].name, name, 4); data/winregfs-0.7/ntreg.c:1969:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, hash = 0; i < (int)strlen(name); i++) { data/winregfs-0.7/ntreg.c:2055:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namlen = strlen(name); data/winregfs-0.7/winregfs.c:36:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define cache_hash(a) jody_block_hash((const hash_t *)a, 0, strlen(a)) data/winregfs-0.7/winregfs.c:164:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(path); i >= 0; i--) { data/winregfs-0.7/winregfs.c:456:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vex.name) == 0) xstrcpy(filename, "@.sz"); data/winregfs-0.7/winregfs.c:565:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vex.name) == 0) xstrcpy(filename, "@.sz"); data/winregfs-0.7/winregfs.c:673:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vex.name) == 0) { data/winregfs-0.7/winregfs.c:748:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vex.name) == 0) xstrcpy(filename, "@.sz"); data/winregfs-0.7/winregfs.c:804:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vex.name) == 0) xstrcpy(filename, "@"); data/winregfs-0.7/winregfs.c:833:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(string) + 1; ANALYSIS SUMMARY: Hits = 129 Lines analyzed = 5232 in approximately 0.17 seconds (29966 lines/second) Physical Source Lines of Code (SLOC) = 3650 Hits@level = [0] 31 [1] 36 [2] 78 [3] 0 [4] 9 [5] 6 Hits@level+ = [0+] 160 [1+] 129 [2+] 93 [3+] 15 [4+] 15 [5+] 6 Hits/KSLOC@level+ = [0+] 43.8356 [1+] 35.3425 [2+] 25.4795 [3+] 4.10959 [4+] 4.10959 [5+] 1.64384 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.