$Id: TODO-flawfinder,v 1.13 2003/05/26 19:57:01 carstenklapp Exp $

make flawfinder
     using options: -c --inputs

Flawfinder version 1.22, (C) 2001-2003 David A. Wheeler.
Number of dangerous functions in C/C++ ruleset: 127
Examining stats-bsd.c
Examining stats-uxw.c
Examining stats-ult.c
Examining stats-sol.c
Examining stats-lnx.c
Examining stats-mach.c
Examining stats-aix.c
Examining stats-beos.c
Examining stats-w2k.c
Examining network.c
Examining base64.c
Examining options.c
Examining uplog.c
Examining transmit.c
Examining upclient.c
stats-lnx.c:106:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. 
            while (fscanf(fp, "%s :", temp_string) != EOF) {
stats-lnx.c:111:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. 
                    fscanf(fp, "%s", cpu_string);
stats-lnx.c:117:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. 
            while (fscanf(fp, "%s :", temp_string) != EOF) {
stats-lnx.c:120:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. 
                    fscanf(fp, "%s", machine_string);
stats-lnx.c:187:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. 
    while (fscanf(fp, "%s ", temp_string) != EOF) {
stats-uxw.c:97:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. 
    if (fscanf
stats-uxw.c:116:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. 
        fscanf(fp, "%s %d %d %d %d", dummy_str, &temp, &temp, &temp, &pct_idle);
upclient.c:585:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer
  overflows . Check implementation on installation, or limit the size of all
  string inputs. 
    while ((i = getopt(argc, argv, "hVvc:p:")) != -1) {
network.c:82:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
        read_ret = read(fd, buf + nread, nbytes - nread);
stats-aix.c:88:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
    while ((bytes = read(fd, &ut, sizeof(ut)))) {
stats-aix.c:117:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
        if (read(fd, avenrun, sizeof(avenrun)) < 0) {
stats-aix.c:136:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
        if (read(fd, &sys, sizeof(sys)) < 0) {
stats-aix.c:156:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
        if (read(fd, &sys, sizeof(sys)) < 0) {
stats-sol.c:379:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
            if (read(fd, &ut, sizeof(ut)) < 0)
stats-ult.c:101:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
    if (read(fd, &boottime, sizeof(boottime)) < 0)
stats-ult.c:111:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
        if (read(fd, avenrun, sizeof(avenrun)) < 0)
stats-ult.c:125:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
        if (read(fd, &cpudata_offset, sizeof(cpudata_offset)) < 0)
stats-ult.c:129:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
        if (read(fd, &cpudata, sizeof(cpudata)) < 0)
stats-ult.c:149:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
        if (read(fd, &cpudata_offset, sizeof(cpudata_offset)) < 0)
stats-ult.c:153:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
        if (read(fd, &cpudata, sizeof(cpudata)) < 0)
stats-lnx.c:190:  [0] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. No risky scanf format detected.
            fscanf(fp, "%ld %ld %ld %ld", &user, &nice, &system, &idle);
stats-lnx.c:226:  [0] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. No risky scanf format detected.
    if (fscanf(fp, "%*f %*f %lf %*s", loadavg) != 1) {
stats-lnx.c:246:  [0] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. No risky scanf format detected.
    if (fscanf(fp, "%lf %lf", &up, &idle) != 2) {
upclient.c:191:  [0] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. No risky scanf format detected.
        if (!fscanf(fp, "%d", &pid))
Number of hits = 24
Number of Lines Analyzed = 4152 in 1.96 seconds (2839 lines/second)
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
