Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xbill-2.1/Bill.c
Examining data/xbill-2.1/Bill.h
Examining data/xbill-2.1/Bucket.c
Examining data/xbill-2.1/Bucket.h
Examining data/xbill-2.1/Cable.c
Examining data/xbill-2.1/Cable.h
Examining data/xbill-2.1/Computer.c
Examining data/xbill-2.1/Computer.h
Examining data/xbill-2.1/Game.c
Examining data/xbill-2.1/Game.h
Examining data/xbill-2.1/Horde.c
Examining data/xbill-2.1/Horde.h
Examining data/xbill-2.1/Network.c
Examining data/xbill-2.1/Network.h
Examining data/xbill-2.1/OS.c
Examining data/xbill-2.1/OS.h
Examining data/xbill-2.1/Scorelist.c
Examining data/xbill-2.1/Scorelist.h
Examining data/xbill-2.1/Spark.c
Examining data/xbill-2.1/Spark.h
Examining data/xbill-2.1/UI.c
Examining data/xbill-2.1/UI.h
Examining data/xbill-2.1/acconfig.h
Examining data/xbill-2.1/gtk.c
Examining data/xbill-2.1/gtk.h
Examining data/xbill-2.1/strings.h
Examining data/xbill-2.1/types.h
Examining data/xbill-2.1/util.c
Examining data/xbill-2.1/util.h
Examining data/xbill-2.1/x11-athena.c
Examining data/xbill-2.1/x11-athena.h
Examining data/xbill-2.1/x11-motif.c
Examining data/xbill-2.1/x11-motif.h
Examining data/xbill-2.1/x11.c
Examining data/xbill-2.1/x11.h
FINAL RESULTS:
data/xbill-2.1/Computer.c:73:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Computer_compatible(Computer *computer, int system) {
data/xbill-2.1/Computer.c:74:28: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return (computer->type == system ||
data/xbill-2.1/Computer.c:75:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(computer->type >= MIN_PC && OS_ispc(system)));
data/xbill-2.1/Computer.h:16:49: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int Computer_compatible(Computer *computer, int system);
data/xbill-2.1/Scorelist.c:62:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (scores[i].name, scores[i - 1].name);
data/xbill-2.1/Scorelist.c:78:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scores[i].name, tname);
data/xbill-2.1/Scorelist.c:87:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s\n\n", "High Scores:");
data/xbill-2.1/Scorelist.c:88:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%-*s %6s %7s\n", str, NAMELEN,
data/xbill-2.1/Scorelist.c:91:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%-*s %6d %7d\n", str, NAMELEN,
data/xbill-2.1/UI.c:202:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newname, "%s_%d", name, index);
data/xbill-2.1/gtk.c:250:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file, "%s/pixmaps/%s.xpm", pictdir, name);
data/xbill-2.1/util.c:10:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/xbill-2.1/x11-athena.c:153:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ttext, "%-*s", (int)sizeof(ttext) - 1, text);
data/xbill-2.1/x11.c:152:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file, "%s/bitmaps/%s.xbm", pictdir, name);
data/xbill-2.1/x11.c:158:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file, "%s/bitmaps/%s_mask.xbm", pictdir, name);
data/xbill-2.1/x11.c:204:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file, "%s/pixmaps/%s.xpm", pictdir, name);
data/xbill-2.1/Game.c:307:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/xbill-2.1/Game.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/xbill-2.1/Game.c:78:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "Bill:%d/%d System:%d/%d/%d Level:%d Score:%d",
data/xbill-2.1/Game.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[40];
data/xbill-2.1/Game.c:212:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "After Level %d:\nScore: %d", level, score);
data/xbill-2.1/Scorelist.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELEN + 1];
data/xbill-2.1/Scorelist.c:21:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *scorefile = fopen(SCOREFILE, "r");
data/xbill-2.1/Scorelist.c:32:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(scores[i].name, "Anonymous");
data/xbill-2.1/Scorelist.c:41:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *scorefile = fopen(SCOREFILE, "w");
data/xbill-2.1/Scorelist.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[NAMELEN + 1];
data/xbill-2.1/Scorelist.c:72:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tname, "Anonymous");
data/xbill-2.1/Scorelist.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[500];
data/xbill-2.1/UI.c:28:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *dialog_strings[DIALOG_MAX + 1];
data/xbill-2.1/UI.c:29:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *menu_strings[DIALOG_MAX + 1];
data/xbill-2.1/gtk.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[255];
data/xbill-2.1/x11-athena.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttext[16];
data/xbill-2.1/x11.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[255];
data/xbill-2.1/x11.c:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[255];
data/xbill-2.1/Game.c:259:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]) == 2 && i == argc - 1)
data/xbill-2.1/Game.c:261:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]) > 2)
data/xbill-2.1/Scorelist.c:26:4: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
fscanf(scorefile, "%20s%d%d\n", scores[i].name,
data/xbill-2.1/Scorelist.c:73:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tname, str, sizeof(tname) - 1);
data/xbill-2.1/UI.c:201:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newname = xalloc(strlen(name) + 4);
data/xbill-2.1/x11-athena.c:152:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text != NULL && strlen(text) < sizeof(ttext)) {
data/xbill-2.1/x11.c:282:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawString(display, offscreen, stdgc, x, y, str, strlen(str));
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 3950 in approximately 0.10 seconds (41335 lines/second)
Physical Source Lines of Code (SLOC) = 3211
Hits@level = [0] 12 [1] 7 [2] 17 [3] 1 [4] 16 [5] 0
Hits@level+ = [0+] 53 [1+] 41 [2+] 34 [3+] 17 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 16.5058 [1+] 12.7686 [2+] 10.5886 [3+] 5.2943 [4+] 4.98287 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.