Flawfinder Results
Here are the security scan results from
Flawfinder version 1.26,
(C) 2001-2004 David A. Wheeler.
Number of dangerous functions in C/C++ ruleset: 158
Examining CClientSocket.cpp
Examining CEventSocket.cpp
Examining CEventSocketSet.cpp
Examining CServerSocket.cpp
Examining CSocket.cpp
Examining CSocketSet.cpp
Examining CSocketUDP.cpp
Examining libaeon.cpp
Examining documentation.h
Examining libaeon.h
- CSocket.cpp:209: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination.
Consider using strncpy or strlcpy (warning, strncpy is easily misused).
- CClientSocket.cpp:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination. Make
sure destination can always hold the source data.
- CSocket.cpp:257: [2] (buffer) char:
Statically-sized arrays can be overflowed. Perform bounds checking,
use functions that limit length, or ensure that the size is larger than
the maximum possible length.
- libaeon.h:112: [2] (buffer) char:
Statically-sized arrays can be overflowed. Perform bounds checking,
use functions that limit length, or ensure that the size is larger than
the maximum possible length.
- libaeon.h:113: [2] (buffer) char:
Statically-sized arrays can be overflowed. Perform bounds checking,
use functions that limit length, or ensure that the size is larger than
the maximum possible length.
- CEventSocket.cpp:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated (it could cause a
crash if unprotected).
- CEventSocket.cpp:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated (it could cause a
crash if unprotected).
- CSocket.cpp:131: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated (it could cause a
crash if unprotected).
- CSocketUDP.cpp:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated (it could cause a
crash if unprotected).
Hits = 9
Lines analyzed = 1270 in 0.61 seconds (11686 lines/second)
Physical Source Lines of Code (SLOC) = 668
Hits@level = [0] 0 [1] 4 [2] 4 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 9 [1+] 9 [2+] 5 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 13.4731 [1+] 13.4731 [2+] 7.48503 [3+] 1.49701 [4+] 1.49701 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!