From cfe1a062fea3eabf65a6cca1c6537ca49ea2b13c Mon Sep 17 00:00:00 2001
From: "David A. Wheeler" <dwheeler@dwheeler.com>
Date: Sat, 19 Jul 2014 18:58:55 -0400
Subject: [PATCH] Tweak mappings to CWE.  strlen() better maps to CWE-126
 (buffer over-read)

---
 flawfinder   |  8 +++++---
 flawfinder.1 | 10 ++++++----
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/flawfinder b/flawfinder
index 9a55bff..ae856f8 100755
--- a/flawfinder
+++ b/flawfinder
@@ -764,7 +764,8 @@ c_ruleset = {
       "buffer", "", {}),
   "char|TCHAR|wchar_t":  # This isn't really a function call, but it works.
      (c_static_array, 2,
-      "Statically-sized arrays can be overflowed (CWE-120)",
+      "Statically-sized arrays can be overflowed or have other issues " +
+      "(CWE-119,CWE-120)",
       ("Perform bounds checking, use functions that limit length, " +
         "or ensure that the size is larger than the maximum possible length " +
         "(CWE-119)"),
@@ -827,8 +828,9 @@ c_ruleset = {
      (normal,
       1, # Often this isn't really a risk, and even when, it usually at worst causes
       # program crash (and nothing worse).
-      "Does not handle strings that are not \\0-terminated (it could cause a crash " +
-         "if unprotected) (CWE-119)",
+      "Does not handle strings that are not \\0-terminated; " +
+      "if given one it may perform an over-read (it could cause a crash " +
+         "if unprotected) (CWE-126)",
       "",
       "buffer", "", {}),
 
diff --git a/flawfinder.1 b/flawfinder.1
index bda3f83..8aa253d 100644
--- a/flawfinder.1
+++ b/flawfinder.1
@@ -575,9 +575,9 @@ Examine the current directory recursively, but only report lines
 that were changed or added in recent.patch.
 
 .TP
-\fBflawfinder \-\-regex "CWE-119|CWE-120" src/\fR
+\fBflawfinder \-\-regex "CWE-120|CWE-126" src/\fR
 Examine directory \fIsrc\fR recursively, but only report hits
-where CWE-119 or CWE-120 apply.
+where CWE-120 or CWE-126 apply.
 
 .SS "Invoking from vim"
 
@@ -732,6 +732,8 @@ CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
 .IP \(bu
 CWE-120: Buffer Copy without Checking Size of Input (``Classic Buffer Overflow'')*
 .IP \(bu
+CWE-126: Buffer Over-read
+.IP \(bu
 CWE-134: Uncontrolled Format String*
 .IP \(bu
 CWE-190: Integer Overflow or Wraparound*
@@ -780,7 +782,7 @@ though certain obscure constructs can cause it to fail (see BUGS below).
 You can select a specific subset of CWEs to report by using
 the ``\-\-regex'' (-e) option.
 This option accepts a regular expression, so you can select multiple CWEs,
-e.g., ``\-\-regex "CWE-119|CWE-120"''.
+e.g., ``\-\-regex "CWE-120|CWE-126"''.
 If you select multiple CWEs with ``|'' on a command line
 you will typically need to quote the parameters (since an
 unquoted ``|'' is the pipe symbol).
@@ -793,7 +795,7 @@ The file must be in regular expression format.
 For example,
 ``flawfinder -e $(cat file1)'' would report only hits that matched
 the pattern in ``file1''.
-If file1 contained ``CWE-119|CWE-120'' it
+If file1 contained ``CWE-120|CWE-126'' it
 would only report hits matching those CWEs.
 .PP
 A list of all