Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/yaws-2.0.8+dfsg/c_src/epam.c Examining data/yaws-2.0.8+dfsg/c_src/hashtable.c Examining data/yaws-2.0.8+dfsg/c_src/hashtable.h Examining data/yaws-2.0.8+dfsg/c_src/hashtable_private.h Examining data/yaws-2.0.8+dfsg/c_src/setuid_drv.c Examining data/yaws-2.0.8+dfsg/win32/yaws.c FINAL RESULTS: data/yaws-2.0.8+dfsg/c_src/epam.c:230:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&buf[2], "pam %d no %s %s", data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:60:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(xbuf, "ok %s", pe->pw_name); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:88:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(xbuf, "ok %s", pe->pw_dir); data/yaws-2.0.8+dfsg/win32/yaws.c:76:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf, "erl -noshell -pa \"%s/ebin\" %s ", fpath, s); data/yaws-2.0.8+dfsg/win32/yaws.c:142:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(paBuf, " -pa \"%s/ebin\" ", fpath); data/yaws-2.0.8+dfsg/win32/yaws.c:173:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mnesia, "-mnesia dir \"%s\" -run mnesia start ",argv[++p]); data/yaws-2.0.8+dfsg/win32/yaws.c:182:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, " -pa \"%s\" ", argv[++p]); data/yaws-2.0.8+dfsg/win32/yaws.c:183:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(paBuf, tbuf); data/yaws-2.0.8+dfsg/win32/yaws.c:211:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, " %s ", argv[++p]); data/yaws-2.0.8+dfsg/win32/yaws.c:212:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(erlarg, tbuf); data/yaws-2.0.8+dfsg/win32/yaws.c:221:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(execString, "werl.exe %s %s ", erlarg, paBuf); data/yaws-2.0.8+dfsg/win32/yaws.c:223:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(execString, "erl.exe %s %s ", erlarg, paBuf); data/yaws-2.0.8+dfsg/win32/yaws.c:231:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, " -conf \"%s\\yaws.conf\" ", path); data/yaws-2.0.8+dfsg/win32/yaws.c:233:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, " -conf \"%s\" ", conf); data/yaws-2.0.8+dfsg/win32/yaws.c:234:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(execString, tbuf); data/yaws-2.0.8+dfsg/win32/yaws.c:236:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, " -run yaws -yaws id %s ", id); data/yaws-2.0.8+dfsg/win32/yaws.c:237:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(execString, tbuf); data/yaws-2.0.8+dfsg/win32/yaws.c:240:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(execString, mnesia); data/yaws-2.0.8+dfsg/win32/yaws.c:242:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(execString, trace); data/yaws-2.0.8+dfsg/win32/yaws.c:244:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(execString, traceoutput); data/yaws-2.0.8+dfsg/win32/yaws.c:247:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf," -sname %s ", sname); data/yaws-2.0.8+dfsg/win32/yaws.c:248:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(execString, tbuf); data/yaws-2.0.8+dfsg/win32/yaws.c:250:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, " -name %s ", name); data/yaws-2.0.8+dfsg/win32/yaws.c:251:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(execString, tbuf); data/yaws-2.0.8+dfsg/win32/yaws.c:254:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, " -runmod %s ", runmod); data/yaws-2.0.8+dfsg/win32/yaws.c:255:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(execString, tbuf); data/yaws-2.0.8+dfsg/win32/yaws.c:54:8: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if(CreateProcess(0, execString, NULL, NULL, FALSE, 0, 0, 0, &si, &pi)) data/yaws-2.0.8+dfsg/win32/yaws.c:54:8: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if(CreateProcess(0, execString, NULL, NULL, FALSE, 0, 0, 0, &si, &pi)) data/yaws-2.0.8+dfsg/c_src/epam.c:227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/yaws-2.0.8+dfsg/c_src/epam.c:241:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/yaws-2.0.8+dfsg/c_src/epam.c:244:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&buf[2], "pam %d yes", sid); data/yaws-2.0.8+dfsg/c_src/epam.c:253:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/yaws-2.0.8+dfsg/c_src/epam.c:256:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&buf[2], "ok"); data/yaws-2.0.8+dfsg/c_src/epam.c:352:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char lb[2]; data/yaws-2.0.8+dfsg/c_src/epam.c:353:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[BUFSIZ]; data/yaws-2.0.8+dfsg/c_src/epam.c:381:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sid = atoi(mode + strlen(mode) + 1); data/yaws-2.0.8+dfsg/c_src/epam.c:387:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sid = atoi((char *)&buf[1]); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xbuf[BUFSIZ]; data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:48:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(xbuf, "ok %u", (unsigned)pe->pw_uid); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:57:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int uid = atoi(t); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:71:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(xbuf, "ok %u", (unsigned)getuid()); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:77:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(xbuf, "ok %u", (unsigned)pe->pw_uid); data/yaws-2.0.8+dfsg/win32/yaws.c:10:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char path[BSIZ]; data/yaws-2.0.8+dfsg/win32/yaws.c:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/yaws-2.0.8+dfsg/win32/yaws.c:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[BUFSIZ]; data/yaws-2.0.8+dfsg/win32/yaws.c:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paBuf[BUFSIZ]; data/yaws-2.0.8+dfsg/win32/yaws.c:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char execString[BSIZ]; data/yaws-2.0.8+dfsg/win32/yaws.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mnesia[255]; data/yaws-2.0.8+dfsg/win32/yaws.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char erlarg[255]; data/yaws-2.0.8+dfsg/win32/yaws.c:226:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(execString, " -boot start_sasl -yaws debug "); data/yaws-2.0.8+dfsg/win32/yaws.c:228:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(execString, " -detached "); data/yaws-2.0.8+dfsg/c_src/epam.c:29:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read(fd, buf+got, len-got)) <= 0) { data/yaws-2.0.8+dfsg/c_src/epam.c:232:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(&buf[2]); data/yaws-2.0.8+dfsg/c_src/epam.c:245:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(&buf[2]); data/yaws-2.0.8+dfsg/c_src/epam.c:379:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pwd = user + strlen(user) + 1; data/yaws-2.0.8+dfsg/c_src/epam.c:380:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mode= pwd + strlen(pwd) + 1; data/yaws-2.0.8+dfsg/c_src/epam.c:381:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sid = atoi(mode + strlen(mode) + 1); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:50:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). driver_output(port,xbuf, strlen(xbuf)); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:62:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). driver_output(port,xbuf, strlen(xbuf)); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:72:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). driver_output(port,xbuf, strlen(xbuf)); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:79:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). driver_output(port,xbuf, strlen(xbuf)); data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:90:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). driver_output(port,xbuf, strlen(xbuf)); data/yaws-2.0.8+dfsg/win32/yaws.c:26:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fpath = (unsigned char*)malloc(strlen((char*)path)); data/yaws-2.0.8+dfsg/win32/yaws.c:28:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i<strlen((char*)path); i++ ) { ANALYSIS SUMMARY: Hits = 64 Lines analyzed = 1370 in approximately 0.14 seconds (9690 lines/second) Physical Source Lines of Code (SLOC) = 890 Hits@level = [0] 11 [1] 13 [2] 23 [3] 2 [4] 26 [5] 0 Hits@level+ = [0+] 75 [1+] 64 [2+] 51 [3+] 28 [4+] 26 [5+] 0 Hits/KSLOC@level+ = [0+] 84.2697 [1+] 71.9101 [2+] 57.3034 [3+] 31.4607 [4+] 29.2135 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.