Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ykclient-2.15/cdecode.c Examining data/ykclient-2.15/ykclient_server_response.c Examining data/ykclient-2.15/ykclient_version.h Examining data/ykclient-2.15/ykclient.c Examining data/ykclient-2.15/tests/selftest.c Examining data/ykclient-2.15/sha384-512.c Examining data/ykclient-2.15/sha224-256.c Examining data/ykclient-2.15/ykclient_errors.h Examining data/ykclient-2.15/sha.h Examining data/ykclient-2.15/ykclient_server_response.h Examining data/ykclient-2.15/ykclient_version.c Examining data/ykclient-2.15/tool.c Examining data/ykclient-2.15/cdecode.h Examining data/ykclient-2.15/usha.c Examining data/ykclient-2.15/sha-private.h Examining data/ykclient-2.15/cencode.h Examining data/ykclient-2.15/cencode.c Examining data/ykclient-2.15/hmac.c Examining data/ykclient-2.15/sha1.c Examining data/ykclient-2.15/ykclient.h FINAL RESULTS: data/ykclient-2.15/tests/selftest.c:39:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf xX; \ data/ykclient-2.15/ykclient.c:895:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_NONCE "%s" ADD_OTP "%s" ADD_TS, data/ykclient-2.15/ykclient.c:900:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (*url_exp, len, "%s" ADD_ID "%d" ADD_OTP "%s" ADD_TS, template, data/ykclient-2.15/ykclient.c:922:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. wrote = snprintf (*url_exp, len, template, client_id, encoded_otp); data/ykclient-2.15/tool.c:88:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long (argc, argv, "", data/ykclient-2.15/ykclient.c:857:7: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom (tv.tv_sec * tv.tv_usec); data/ykclient-2.15/ykclient.c:861:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. p[i] = (random () % 26) + 'a'; data/ykclient-2.15/hmac.c:39:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. hmac (SHAversion whichSha, const unsigned char *text, int text_len, data/ykclient-2.15/hmac.c:40:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *key, int key_len, uint8_t digest[USHAMaxHashSize]) data/ykclient-2.15/hmac.c:75:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k_ipad[USHA_Max_Message_Block_Size]; data/ykclient-2.15/hmac.c:78:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tempkey[USHAMaxHashSize]; data/ykclient-2.15/sha.h:180:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k_opad[USHA_Max_Message_Block_Size]; data/ykclient-2.15/tests/selftest.c:94:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b64dig[64]; data/ykclient-2.15/tests/selftest.c:95:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ykclient-2.15/tests/selftest.c:126:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key1[20]; data/ykclient-2.15/tests/selftest.c:134:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char text3[50]; data/ykclient-2.15/tests/selftest.c:136:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key3[20]; data/ykclient-2.15/tests/selftest.c:140:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char text4[50]; data/ykclient-2.15/tests/selftest.c:146:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key5[20]; data/ykclient-2.15/tests/selftest.c:151:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key6[80]; data/ykclient-2.15/tests/selftest.c:156:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key7[80]; data/ykclient-2.15/ykclient.c:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_url[256]; data/ykclient-2.15/ykclient.c:253:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(curl_data->curl_chunk[curl_data->curl_chunk_size]), ptr, data/ykclient-2.15/ykclient.c:1039:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b64dig[3 * 4 * SHA1HashSize + 1]; data/ykclient-2.15/ykclient_server_response.c:328:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char server_digest[SHA1HashSize + 1]; data/ykclient-2.15/tool.c:96:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (optarg) < 16) data/ykclient-2.15/tool.c:120:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (optarg) < 1) data/ykclient-2.15/tool.c:130:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (optarg) < 1) data/ykclient-2.15/tool.c:140:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) < 1) data/ykclient-2.15/tool.c:177:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (*token) < 32) data/ykclient-2.15/ykclient.c:494:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key_len = strlen (key); data/ykclient-2.15/ykclient.c:547:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key_len = strlen (key); data/ykclient-2.15/ykclient.c:878:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (template) + strlen (encoded_otp) + strlen (ADD_OTP) + data/ykclient-2.15/ykclient.c:878:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (template) + strlen (encoded_otp) + strlen (ADD_OTP) + data/ykclient-2.15/ykclient.c:878:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (template) + strlen (encoded_otp) + strlen (ADD_OTP) + data/ykclient-2.15/ykclient.c:879:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (ADD_ID) + strlen(ADD_TS) + 1; data/ykclient-2.15/ykclient.c:879:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (ADD_ID) + strlen(ADD_TS) + 1; data/ykclient-2.15/ykclient.c:884:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (nonce) + strlen (ADD_NONCE); data/ykclient-2.15/ykclient.c:884:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (nonce) + strlen (ADD_NONCE); data/ykclient-2.15/ykclient.c:915:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (template) + strlen (encoded_otp) + 20; data/ykclient-2.15/ykclient.c:915:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (template) + strlen (encoded_otp) + 20; data/ykclient-2.15/ykclient.c:936:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (*url_exp) + strlen (ADD_NONCE) + strlen (nonce) + 1; data/ykclient-2.15/ykclient.c:936:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (*url_exp) + strlen (ADD_NONCE) + strlen (nonce) + 1; data/ykclient-2.15/ykclient.c:936:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (*url_exp) + strlen (ADD_NONCE) + strlen (nonce) + 1; data/ykclient-2.15/ykclient.c:1055:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = hmac (SHA1, (unsigned char *) text, strlen (text), data/ykclient-2.15/ykclient.c:1082:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (ykh->url_exp[i]) + strlen (ADD_HASH) + data/ykclient-2.15/ykclient.c:1082:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (ykh->url_exp[i]) + strlen (ADD_HASH) + data/ykclient-2.15/ykclient.c:1083:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (signature) + 1; data/ykclient-2.15/ykclient.c:1306:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ykc->last_url, url_used, sizeof (ykc->last_url)); data/ykclient-2.15/ykclient_server_response.c:228:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (param->key, pos, index); data/ykclient-2.15/ykclient_server_response.c:248:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (param->value, pos, index); data/ykclient-2.15/ykclient_server_response.c:308:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (iter->parameter->key))) data/ykclient-2.15/ykclient_server_response.c:313:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (iter->parameter->value))) data/ykclient-2.15/ykclient_server_response.c:332:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (serv_response->signature->value), ANALYSIS SUMMARY: Hits = 54 Lines analyzed = 6403 in approximately 0.19 seconds (33645 lines/second) Physical Source Lines of Code (SLOC) = 3720 Hits@level = [0] 100 [1] 29 [2] 18 [3] 3 [4] 4 [5] 0 Hits@level+ = [0+] 154 [1+] 54 [2+] 25 [3+] 7 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 41.3978 [1+] 14.5161 [2+] 6.72043 [3+] 1.88172 [4+] 1.07527 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.