Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/yubiserver-0.6/yubiserver.c Examining data/yubiserver-0.6/yubiserver.h Examining data/yubiserver-0.6/yubiserver-admin.c FINAL RESULTS: data/yubiserver-0.6/yubiserver-admin.c:835:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "Vhlyopa:x:e:d:b:", long_options, data/yubiserver-0.6/yubiserver.c:1496:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "Vhp:d:l:", long_options, &option_index)) data/yubiserver-0.6/yubiserver-admin.c:402:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). retval = atoi((char *)sqlite3_column_text(stmt, 0)) + 1; data/yubiserver-0.6/yubiserver.c:70:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fd = open(yubiserver_log, O_CREAT| O_WRONLY | O_APPEND, 0644)) >= 0) data/yubiserver-0.6/yubiserver.c:118:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hex_otp, modhex_otp, OTP_TOKEN); data/yubiserver-0.6/yubiserver.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]={' ','\0'}; data/yubiserver-0.6/yubiserver.c:142:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2] = {' ', '\0'}; data/yubiserver-0.6/yubiserver.c:296:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(otp_buffer, otp + 12, OTP_MSG_SIZE); data/yubiserver-0.6/yubiserver.c:407:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char chrotpcounter[7]; data/yubiserver-0.6/yubiserver.c:416:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char chrotptimestamp[7]; data/yubiserver-0.6/yubiserver.c:425:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char chrotpcounter[5]; data/yubiserver-0.6/yubiserver.c:433:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char chrotpcounter[3]; data/yubiserver-0.6/yubiserver.c:478:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *db_counter = atoi((const char *)sqlite3_column_text(stmt, 0)); data/yubiserver-0.6/yubiserver.c:479:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *db_timestamp = atoi((const char *)sqlite3_column_text(stmt, 1)); data/yubiserver-0.6/yubiserver.c:691:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[20]; data/yubiserver-0.6/yubiserver.c:730:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hmac_result[20]; data/yubiserver-0.6/yubiserver.c:734:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Counter[8]= { data/yubiserver-0.6/yubiserver.c:760:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(final_hotp, HOTP + strlen(HOTP) - digits, digits); data/yubiserver-0.6/yubiserver.c:802:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). oyubikey->counter = atoi((const char *)sqlite3_column_text(stmt, 0)); data/yubiserver-0.6/yubiserver.c:973:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *token1,*token[7]; data/yubiserver-0.6/yubiserver.c:1022:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tokens->timeout = atoi(find_token(token[j])); data/yubiserver-0.6/yubiserver.c:1033:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *token1, *token[7]; data/yubiserver-0.6/yubiserver.c:1065:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ipv4_addr[INET_ADDRSTRLEN]; /* We do not support IPv6 */ data/yubiserver-0.6/yubiserver.c:1066:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char validation_date[DATE_BUFSIZE]; data/yubiserver-0.6/yubiserver.c:1067:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char datetmp[20]; data/yubiserver-0.6/yubiserver.c:1077:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *status[12] = {"OK","BAD_OTP","REPLAYED_OTP","DELAYED_OTP", data/yubiserver-0.6/yubiserver.c:1087:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, cli->buffer, cli->ret); data/yubiserver-0.6/yubiserver.c:1199:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(tokens->timestamp) == 1) data/yubiserver-0.6/yubiserver.c:1208:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sl = atoi(tokens->sl); data/yubiserver-0.6/yubiserver.c:1415:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuff[BUFSIZE + 1]; data/yubiserver-0.6/yubiserver.c:1476:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portStr[6]; data/yubiserver-0.6/yubiserver.c:1517:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/yubiserver-0.6/yubiserver.h:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char publicname[PUBLIC_NAME_SIZE + 1]; /* Database Public Name */ data/yubiserver-0.6/yubiserver.h:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_date[DATE_BUFSIZE]; /* Database account creation datetime */ data/yubiserver-0.6/yubiserver.h:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char private_id[PRIVATE_ID_SIZE + 1]; /* Database private ID */ data/yubiserver-0.6/yubiserver.h:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oprivate_id[OPRIVATE_ID_SIZE + 1]; /* Database OATH private ID */ data/yubiserver-0.6/yubiserver.h:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aeskey[AES_SIZE + 1]; /* Database AES Key */ data/yubiserver-0.6/yubiserver-admin.c:469:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!ext_db && (Argc != 7 || (strlen(user) > 16 || strlen(Argv[4]) != 12 || data/yubiserver-0.6/yubiserver-admin.c:469:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!ext_db && (Argc != 7 || (strlen(user) > 16 || strlen(Argv[4]) != 12 || data/yubiserver-0.6/yubiserver-admin.c:470:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Argv[5]) != 12 || data/yubiserver-0.6/yubiserver-admin.c:471:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Argv[6]) != 32))) { data/yubiserver-0.6/yubiserver-admin.c:474:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (ext_db && (Argc != 9 || (strlen(user) > 16 || data/yubiserver-0.6/yubiserver-admin.c:475:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Argv[6]) != 12 || data/yubiserver-0.6/yubiserver-admin.c:476:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Argv[7]) != 12 || data/yubiserver-0.6/yubiserver-admin.c:477:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Argv[8]) != 32))) { data/yubiserver-0.6/yubiserver-admin.c:549:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!ext_db && (Argc != 6 || (strlen(user) > 16 || strlen(Argv[4]) != 12 || data/yubiserver-0.6/yubiserver-admin.c:549:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!ext_db && (Argc != 6 || (strlen(user) > 16 || strlen(Argv[4]) != 12 || data/yubiserver-0.6/yubiserver-admin.c:550:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Argv[5]) != 40))) { data/yubiserver-0.6/yubiserver-admin.c:553:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (ext_db && (Argc != 8 || (strlen(user) > 16 || data/yubiserver-0.6/yubiserver-admin.c:554:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Argv[6]) != 12 || data/yubiserver-0.6/yubiserver-admin.c:555:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Argv[7]) != 40))) { data/yubiserver-0.6/yubiserver-admin.c:641:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!ext_db && (strlen(Argv[4]) != 20)) { data/yubiserver-0.6/yubiserver-admin.c:643:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (ext_db && (strlen(Argv[6]) != 20)) { data/yubiserver-0.6/yubiserver.c:60:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(num, logbuffer, strlen(logbuffer)); data/yubiserver-0.6/yubiserver.c:72:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fd, logbuffer, strlen(logbuffer)); data/yubiserver-0.6/yubiserver.c:106:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(modhex_otp); i++) data/yubiserver-0.6/yubiserver.c:206:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0); data/yubiserver-0.6/yubiserver.c:460:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0); data/yubiserver-0.6/yubiserver.c:533:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0); data/yubiserver-0.6/yubiserver.c:578:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0); data/yubiserver-0.6/yubiserver.c:586:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text(stmt, 1, id, strlen(id), 0); data/yubiserver-0.6/yubiserver.c:702:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keylen = strlen(password); data/yubiserver-0.6/yubiserver.c:714:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datalen = strlen(data); data/yubiserver-0.6/yubiserver.c:743:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). td = mhash_hmac_init(MHASH_SHA1, key, strlen(key), data/yubiserver-0.6/yubiserver.c:760:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(final_hotp, HOTP + strlen(HOTP) - digits, digits); data/yubiserver-0.6/yubiserver.c:785:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0); data/yubiserver-0.6/yubiserver.c:858:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval = sqlite3_prepare_v2(handle, query, strlen(query), &stmt, 0); data/yubiserver-0.6/yubiserver.c:904:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hotp_val = calloc(1, strlen(otp) - 12 + 1); data/yubiserver-0.6/yubiserver.c:905:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(hotp_val, strlen(otp) - 12 + 1, "%s", otp + 12); data/yubiserver-0.6/yubiserver.c:906:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(hotp_val) % 2 != 0) data/yubiserver-0.6/yubiserver.c:920:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp = hotp(Key, counter, strlen(hotp_val)); data/yubiserver-0.6/yubiserver.c:1137:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tokens->otp) > OTP_TOKEN) data/yubiserver-0.6/yubiserver.c:1156:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (otp_n == NULL || strlen(tokens->otp) != OTP_TOKEN) data/yubiserver-0.6/yubiserver.c:1178:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tokens->nonce) < 16 || strlen(tokens->nonce) > 40) data/yubiserver-0.6/yubiserver.c:1178:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tokens->nonce) < 16 || strlen(tokens->nonce) > 40) data/yubiserver-0.6/yubiserver.c:1212:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(cli->fd, fstr, strlen(fstr)); data/yubiserver-0.6/yubiserver.c:1245:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(cli->fd, fstr, strlen(fstr)); data/yubiserver-0.6/yubiserver.c:1292:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(oath_tokens->otp) == 18 || data/yubiserver-0.6/yubiserver.c:1293:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(oath_tokens->otp) == 20)) data/yubiserver-0.6/yubiserver.c:1306:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(oath_tokens->otp) > 20) data/yubiserver-0.6/yubiserver.c:1313:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(cli->fd, fstr, strlen(fstr)); data/yubiserver-0.6/yubiserver.c:1318:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(cli->fd, fstr, strlen(fstr)); data/yubiserver-0.6/yubiserver.c:1341:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(cli->fd, buffer, strlen(buffer)); data/yubiserver-0.6/yubiserver.c:1353:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(cli->fd, buffer, strlen(buffer)); data/yubiserver-0.6/yubiserver.c:1418:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(cli->fd, &rbuff, BUFSIZE); ANALYSIS SUMMARY: Hits = 85 Lines analyzed = 2619 in approximately 0.10 seconds (25917 lines/second) Physical Source Lines of Code (SLOC) = 2176 Hits@level = [0] 117 [1] 48 [2] 35 [3] 2 [4] 0 [5] 0 Hits@level+ = [0+] 202 [1+] 85 [2+] 37 [3+] 2 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 92.8309 [1+] 39.0625 [2+] 17.0037 [3+] 0.919118 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.