Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/yaws-2.0.8+dfsg/c_src/epam.c
Examining data/yaws-2.0.8+dfsg/c_src/hashtable.c
Examining data/yaws-2.0.8+dfsg/c_src/hashtable.h
Examining data/yaws-2.0.8+dfsg/c_src/hashtable_private.h
Examining data/yaws-2.0.8+dfsg/c_src/setuid_drv.c
Examining data/yaws-2.0.8+dfsg/win32/yaws.c
FINAL RESULTS:
data/yaws-2.0.8+dfsg/c_src/epam.c:230:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&buf[2], "pam %d no %s %s",
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:60:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xbuf, "ok %s", pe->pw_name);
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:88:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xbuf, "ok %s", pe->pw_dir);
data/yaws-2.0.8+dfsg/win32/yaws.c:76:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "erl -noshell -pa \"%s/ebin\" %s ", fpath, s);
data/yaws-2.0.8+dfsg/win32/yaws.c:142:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(paBuf, " -pa \"%s/ebin\" ", fpath);
data/yaws-2.0.8+dfsg/win32/yaws.c:173:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mnesia, "-mnesia dir \"%s\" -run mnesia start ",argv[++p]);
data/yaws-2.0.8+dfsg/win32/yaws.c:182:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tbuf, " -pa \"%s\" ", argv[++p]);
data/yaws-2.0.8+dfsg/win32/yaws.c:183:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(paBuf, tbuf);
data/yaws-2.0.8+dfsg/win32/yaws.c:211:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tbuf, " %s ", argv[++p]);
data/yaws-2.0.8+dfsg/win32/yaws.c:212:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(erlarg, tbuf);
data/yaws-2.0.8+dfsg/win32/yaws.c:221:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(execString, "werl.exe %s %s ", erlarg, paBuf);
data/yaws-2.0.8+dfsg/win32/yaws.c:223:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(execString, "erl.exe %s %s ", erlarg, paBuf);
data/yaws-2.0.8+dfsg/win32/yaws.c:231:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tbuf, " -conf \"%s\\yaws.conf\" ", path);
data/yaws-2.0.8+dfsg/win32/yaws.c:233:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tbuf, " -conf \"%s\" ", conf);
data/yaws-2.0.8+dfsg/win32/yaws.c:234:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(execString, tbuf);
data/yaws-2.0.8+dfsg/win32/yaws.c:236:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tbuf, " -run yaws -yaws id %s ", id);
data/yaws-2.0.8+dfsg/win32/yaws.c:237:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(execString, tbuf);
data/yaws-2.0.8+dfsg/win32/yaws.c:240:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(execString, mnesia);
data/yaws-2.0.8+dfsg/win32/yaws.c:242:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(execString, trace);
data/yaws-2.0.8+dfsg/win32/yaws.c:244:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(execString, traceoutput);
data/yaws-2.0.8+dfsg/win32/yaws.c:247:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tbuf," -sname %s ", sname);
data/yaws-2.0.8+dfsg/win32/yaws.c:248:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(execString, tbuf);
data/yaws-2.0.8+dfsg/win32/yaws.c:250:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tbuf, " -name %s ", name);
data/yaws-2.0.8+dfsg/win32/yaws.c:251:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(execString, tbuf);
data/yaws-2.0.8+dfsg/win32/yaws.c:254:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tbuf, " -runmod %s ", runmod);
data/yaws-2.0.8+dfsg/win32/yaws.c:255:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(execString, tbuf);
data/yaws-2.0.8+dfsg/win32/yaws.c:54:8: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if(CreateProcess(0, execString, NULL, NULL, FALSE, 0, 0, 0, &si, &pi))
data/yaws-2.0.8+dfsg/win32/yaws.c:54:8: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if(CreateProcess(0, execString, NULL, NULL, FALSE, 0, 0, 0, &si, &pi))
data/yaws-2.0.8+dfsg/c_src/epam.c:227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/yaws-2.0.8+dfsg/c_src/epam.c:241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/yaws-2.0.8+dfsg/c_src/epam.c:244:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&buf[2], "pam %d yes", sid);
data/yaws-2.0.8+dfsg/c_src/epam.c:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/yaws-2.0.8+dfsg/c_src/epam.c:256:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&buf[2], "ok");
data/yaws-2.0.8+dfsg/c_src/epam.c:352:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lb[2];
data/yaws-2.0.8+dfsg/c_src/epam.c:353:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUFSIZ];
data/yaws-2.0.8+dfsg/c_src/epam.c:381:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sid = atoi(mode + strlen(mode) + 1);
data/yaws-2.0.8+dfsg/c_src/epam.c:387:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sid = atoi((char *)&buf[1]);
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbuf[BUFSIZ];
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:48:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xbuf, "ok %u", (unsigned)pe->pw_uid);
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:57:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int uid = atoi(t);
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:71:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xbuf, "ok %u", (unsigned)getuid());
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:77:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xbuf, "ok %u", (unsigned)pe->pw_uid);
data/yaws-2.0.8+dfsg/win32/yaws.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char path[BSIZ];
data/yaws-2.0.8+dfsg/win32/yaws.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/yaws-2.0.8+dfsg/win32/yaws.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[BUFSIZ];
data/yaws-2.0.8+dfsg/win32/yaws.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paBuf[BUFSIZ];
data/yaws-2.0.8+dfsg/win32/yaws.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char execString[BSIZ];
data/yaws-2.0.8+dfsg/win32/yaws.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mnesia[255];
data/yaws-2.0.8+dfsg/win32/yaws.c:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char erlarg[255];
data/yaws-2.0.8+dfsg/win32/yaws.c:226:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(execString, " -boot start_sasl -yaws debug ");
data/yaws-2.0.8+dfsg/win32/yaws.c:228:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(execString, " -detached ");
data/yaws-2.0.8+dfsg/c_src/epam.c:29:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read(fd, buf+got, len-got)) <= 0) {
data/yaws-2.0.8+dfsg/c_src/epam.c:232:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(&buf[2]);
data/yaws-2.0.8+dfsg/c_src/epam.c:245:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(&buf[2]);
data/yaws-2.0.8+dfsg/c_src/epam.c:379:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwd = user + strlen(user) + 1;
data/yaws-2.0.8+dfsg/c_src/epam.c:380:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mode= pwd + strlen(pwd) + 1;
data/yaws-2.0.8+dfsg/c_src/epam.c:381:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sid = atoi(mode + strlen(mode) + 1);
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:50:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
driver_output(port,xbuf, strlen(xbuf));
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:62:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
driver_output(port,xbuf, strlen(xbuf));
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:72:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
driver_output(port,xbuf, strlen(xbuf));
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:79:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
driver_output(port,xbuf, strlen(xbuf));
data/yaws-2.0.8+dfsg/c_src/setuid_drv.c:90:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
driver_output(port,xbuf, strlen(xbuf));
data/yaws-2.0.8+dfsg/win32/yaws.c:26:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fpath = (unsigned char*)malloc(strlen((char*)path));
data/yaws-2.0.8+dfsg/win32/yaws.c:28:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i<strlen((char*)path); i++ ) {
ANALYSIS SUMMARY:
Hits = 64
Lines analyzed = 1370 in approximately 0.14 seconds (9690 lines/second)
Physical Source Lines of Code (SLOC) = 890
Hits@level = [0] 11 [1] 13 [2] 23 [3] 2 [4] 26 [5] 0
Hits@level+ = [0+] 75 [1+] 64 [2+] 51 [3+] 28 [4+] 26 [5+] 0
Hits/KSLOC@level+ = [0+] 84.2697 [1+] 71.9101 [2+] 57.3034 [3+] 31.4607 [4+] 29.2135 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.