Anhang E. flawfinder

Flawfinder version 1.21, (C) 2001–2002 David A. Wheeler.
Number of dangerous functions in C/C++ ruleset: 127
Examining fgets.c
Examining getchar.c
Examining getchar2.c
Examining getenv.c
Examining getenv2.c
Examining gets.c
Examining obsd.c
Examining off-by-one.c
Examining scanf.c
Examining scanf2.c
Examining snprintf.c
Examining sprintf.c
Examining strcat.c
Examining strcpy.c
Examining strncat.c
Examining strncpy.c
Examining strncpy2.c

gets.c:9 [5] (buffer) gets:
  Does not check for buffer overflows. Use fgets() instead.

getenv.c:14 [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused).

scanf.c:10 [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function.

sprintf.c:11 [4] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf.

strcat.c:12 [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination.
  Consider using strncat or strlcat (warning, strncat is easily misused).

strcpy.c:9 [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused).

					  

strncpy2.c:9 [4] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf.

getenv.c:12 [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them.

getenv2.c:12 [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them.

fgets.c:6 [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length.

getchar.c:8 [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length.

getchar2.c:8 [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length.

getenv.c:9 [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length.

getenv2.c:9 [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length.

gets.c:6 [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length.

obsd.c:10 [2] (buffer) char:
  Statically-sized arrays can be overflowed. Perform bounds checking,
  use functions that limit length, or ensure that the size is larger than
  the maximum possible length.