Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xlunzip-0.6/linux_module.h Examining data/xlunzip-0.6/carg_parser.h Examining data/xlunzip-0.6/main.c Examining data/xlunzip-0.6/linux_lunzip.h Examining data/xlunzip-0.6/lzip.h Examining data/xlunzip-0.6/in_place.c Examining data/xlunzip-0.6/lzip_decompress.c Examining data/xlunzip-0.6/decompress_lunzip.c Examining data/xlunzip-0.6/linux_lzip.h Examining data/xlunzip-0.6/carg_parser.c Examining data/xlunzip-0.6/linux_mm.h FINAL RESULTS: data/xlunzip-0.6/main.c:299:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( output_filename, name ); data/xlunzip-0.6/main.c:300:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( output_filename + name_len - from_len, known_extensions[eindex].to ); data/xlunzip-0.6/main.c:305:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( output_filename, name ); data/xlunzip-0.6/main.c:728:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( output_filename, default_output_filename ); data/xlunzip-0.6/carg_parser.c:160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code_str[2]; data/xlunzip-0.6/lzip_decompress.c:601:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->buffer + lpos, d->buffer + i, len); data/xlunzip-0.6/main.c:306:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( output_filename, ".out" ); data/xlunzip-0.6/main.c:316:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int infd = open( name, O_RDONLY | O_BINARY ); data/xlunzip-0.6/main.c:348:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfd = open( output_filename, flags, outfd_mode ); data/xlunzip-0.6/carg_parser.c:38:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int len = strlen( argument ); data/xlunzip-0.6/carg_parser.c:50:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( p->argument, argument, len + 1 ); data/xlunzip-0.6/carg_parser.c:58:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int len = strlen( msg ); data/xlunzip-0.6/carg_parser.c:62:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( ap->error + ap->error_size, msg, len + 1 ); data/xlunzip-0.6/carg_parser.c:92:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( options[i].name ) == len ) /* Exact match found */ data/xlunzip-0.6/in_place.c:42:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int n = read( fd, buf + sz, min( 1L << 20, size - sz ) ); data/xlunzip-0.6/main.c:176:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stdin_name_len = strlen( pp->stdin_name ); data/xlunzip-0.6/main.c:180:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned len = (strcmp( s, "-" ) == 0) ? stdin_name_len : strlen( s ); data/xlunzip-0.6/main.c:194:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen( pp->name ); data/xlunzip-0.6/main.c:222:50: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. const unsigned long ulimit ) data/xlunzip-0.6/main.c:258:11: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. if( ulimit / factor >= result ) result *= factor; data/xlunzip-0.6/main.c:262:47: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. if( !errno && ( result < llimit || result > ulimit ) ) errno = ERANGE; data/xlunzip-0.6/main.c:278:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned name_len = strlen( name ); data/xlunzip-0.6/main.c:279:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned ext_len = strlen( ext ); data/xlunzip-0.6/main.c:290:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned name_len = strlen( name ); data/xlunzip-0.6/main.c:294:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned from_len = strlen( from ); data/xlunzip-0.6/main.c:298:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( known_extensions[eindex].to ) + 1 ); data/xlunzip-0.6/main.c:458:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int n = read( infd, (uint8_t *)buf + sz, min( 1UL << 20, size - sz ) ); data/xlunzip-0.6/main.c:727:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( default_output_filename ) + 1 ); ANALYSIS SUMMARY: Hits = 28 Lines analyzed = 2543 in approximately 0.08 seconds (31298 lines/second) Physical Source Lines of Code (SLOC) = 2004 Hits@level = [0] 18 [1] 19 [2] 5 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 46 [1+] 28 [2+] 9 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 22.9541 [1+] 13.9721 [2+] 4.49102 [3+] 1.99601 [4+] 1.99601 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.