Security

Finding triggers whenever there is a strcat or strncat used. This is an issue because strcat or strncat can lead to buffer overflow vulns. Fix this by using strcat_s instead.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-676: Use of Potentially Dangerous Function

Variable ‘$VAR’ was passed to a function after being freed. This can lead to undefined behavior.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-416: Use After Free

Call to ‘read()’ without error checking is susceptible to file descriptor exhaustion. Consider using the ‘getrandom()’ function.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling

Avoid ‘gets()‘. This function does not consider buffer boundaries and can lead to buffer overflows. Use ‘fgets()’ or ‘gets_s()’ instead.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-676: Use of Potentially Dangerous Function

Avoid using ‘scanf()‘. This function, when used improperly, does not consider buffer boundaries and can lead to buffer overflows. Use ‘fgets()’ instead for reading input.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-676: Use of Potentially Dangerous Function

Variable ‘$VAR’ was freed twice. This can lead to undefined behavior.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-415: Double Free
OWASP:
- A03:2021 - Injection
- A01:2017 - Injection

Avoid using ‘strtok()‘. This function directly modifies the first argument buffer, permanently erasing the delimiter character. Use ‘strtok_r()’ instead.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-676: Use of Potentially Dangerous Function

Use %s, %d, %c… to format your variables, otherwise this could leak information.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-532: Insertion of Sensitive Information into Log File
OWASP:
- A09:2021 - Security Logging and Monitoring Failures

When handling sensitive information in a buffer, it’s important to ensure that the data is securely erased before the buffer is deleted or reused. While memset() is commonly used for this purpose, it can leave sensitive information behind due to compiler optimizations or other factors. To avoid this potential vulnerability, it’s recommended to use the memset_s() function instead. memset_s() is a standardized function that securely overwrites the memory with a specified value, making it more difficult for an attacker to recover any sensitive data that was stored in the buffer. By using memset_s() instead of memset(), you can help to ensure that your application is more secure and less vulnerable to exploits that rely on residual data in memory.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-14: Compiler Removal of Code to Clear Buffers
OWASP:
- A04:2021 - Insecure Design

Finding triggers whenever there is a strcpy or strncpy used. This is an issue because strcpy does not affirm the size of the destination array and strncpy will not automatically NULL-terminate strings. This can lead to buffer overflows, which can cause program crashes and potentially let an attacker inject code in the program. Fix this by using strcpy_s instead (although note that strcpy_s is an optional part of the C11 standard, and so may not be available).
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-676: Use of Potentially Dangerous Function

Variable ‘$VAR’ was used after being freed. This can lead to undefined behavior.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-416: Use After Free

Avoid using user-controlled format strings passed into ‘sprintf’, ‘printf’ and ‘vsprintf’. These functions put you at risk of buffer overflow vulnerabilities through the use of format string exploits. Instead, use ‘snprintf’ and ‘vsnprintf’.
Likelihood: MEDIUM
Confidence: LOW
CWE:
- CWE-134: Use of Externally-Controlled Format String