![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
Original code:
#include <stdio.h>
#define hello(x) goodbye(x)
#define WOKKA "stuff"
main() {
printf("hello\n");
}
/* This is a strcpy test. */
int demo(char *a, char *b) {
strcpy(a, "\n"); // Did this work?
strcpy(a, gettext("Hello there")); // Did this work?
strcpy(b, a);
sprintf(s, "\n");
sprintf(s, "hello");
sprintf(s, "hello %s", bug);
sprintf(s, gettext("hello %s"), bug);
sprintf(s, unknown, bug);
printf(bf, x);
scanf("%d", &x);
scanf("%s", s);
scanf("%10s", s);
scanf("%s", s);
gets(f); // Flawfinder: ignore
gets(f);
}
=========================================================================
Flawfinder results:
Flawfinder version 0.12, (C) 2001 David A. Wheeler.
Number of dangerous functions in C ruleset: 40
Processing test.c
test.c:25 [5] (buffer) gets: does not check for buffer overflows. Use fgets() instead.
test.c:26 [5] (buffer) gets: does not check for buffer overflows. Use fgets() instead.
test.c:14 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
test.c:17 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
test.c:18 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
test.c:19 [4] (format) sprintf: Potential format string problem. Make Format string constant.
test.c:20 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
test.c:22 [4] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function.
test.c:24 [4] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function.
test.c:13 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
test.c:16 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
test.c:12 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
test.c:15 [1] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source is a constant character.
test.c:23 [1] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. Only low-risk scanf formats detected.
There are probably other security vulnerabilities as well; review your code!
=========================================================================
Its4 results:
test.c:25:(Urgent) gets
test.c:26:(Urgent) gets
The input buffer can almost always be overflowed.
Use fgets(buf,size,stdin) instead.
----------------
test.c:6:(Urgent) printf
test.c:20:(Urgent) printf
Non-constant format strings can often be attacked.
Use a constant format string.
----------------
test.c:18:(Urgent) sprintf
test.c:19:(Urgent) sprintf
Non-constant format strings can often be attacked.
Use a constant format string.
----------------
test.c:22:(Very Risky) scanf
test.c:24:(Very Risky) scanf
This function is high risk for buffer overflows
Use precision specifiers, or do your own parsing.
----------------
test.c:17:(Very Risky) sprintf
This function is high risk for buffer overflows
Use snprintf if available, or precision specifiers, if available.
----------------
test.c:13:(Very Risky) strcpy
test.c:14:(Very Risky) strcpy
This function is high risk for buffer overflows
Use strncpy instead.
----------------