Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ap51-flash-2019.0.1/ap51-flash-res.h Examining data/ap51-flash-2019.0.1/ap51-flash.h Examining data/ap51-flash-2019.0.1/commandline.c Examining data/ap51-flash-2019.0.1/commandline.h Examining data/ap51-flash-2019.0.1/compat.h Examining data/ap51-flash-2019.0.1/flash.c Examining data/ap51-flash-2019.0.1/flash.h Examining data/ap51-flash-2019.0.1/fwcfg.c Examining data/ap51-flash-2019.0.1/fwcfg.h Examining data/ap51-flash-2019.0.1/list.h Examining data/ap51-flash-2019.0.1/proto.c Examining data/ap51-flash-2019.0.1/proto.h Examining data/ap51-flash-2019.0.1/router_images.c Examining data/ap51-flash-2019.0.1/router_images.h Examining data/ap51-flash-2019.0.1/router_netconsole.c Examining data/ap51-flash-2019.0.1/router_netconsole.h Examining data/ap51-flash-2019.0.1/router_redboot.c Examining data/ap51-flash-2019.0.1/router_redboot.h Examining data/ap51-flash-2019.0.1/router_tftp_client.c Examining data/ap51-flash-2019.0.1/router_tftp_client.h Examining data/ap51-flash-2019.0.1/router_tftp_server.c Examining data/ap51-flash-2019.0.1/router_tftp_server.h Examining data/ap51-flash-2019.0.1/router_types.c Examining data/ap51-flash-2019.0.1/router_types.h Examining data/ap51-flash-2019.0.1/socket.c Examining data/ap51-flash-2019.0.1/socket.h FINAL RESULTS: data/ap51-flash-2019.0.1/proto.c:168:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. data_len += sprintf(out_tftp_data + data_len, "\"%s\"", "flash_update"); data/ap51-flash-2019.0.1/proto.c:169:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. data_len += sprintf(out_tftp_data + data_len + 1, "%s", "octet"); data/ap51-flash-2019.0.1/router_types.c:206:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system("clear"); data/ap51-flash-2019.0.1/router_types.c:209:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system("cls"); data/ap51-flash-2019.0.1/commandline.c:53:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "hvm:", long_options, NULL)) != -1) { data/ap51-flash-2019.0.1/flash.c:65:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->his_mac_addr, mac_addr, ETH_ALEN); data/ap51-flash-2019.0.1/flash.c:164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->our_mac_addr, our_mac, ETH_ALEN); data/ap51-flash-2019.0.1/fwcfg.c:129:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(router_image->path, O_RDONLY | O_BINARY); data/ap51-flash-2019.0.1/fwcfg.c:154:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, file_data, read_len); data/ap51-flash-2019.0.1/proto.c:80:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_ethhdr->ether_shost, src_mac, ETH_ALEN); data/ap51-flash-2019.0.1/proto.c:81:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_ethhdr->ether_dhost, dst_mac, ETH_ALEN); data/ap51-flash-2019.0.1/proto.c:90:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_arphdr->arp_sha, src_mac, ETH_ALEN); data/ap51-flash-2019.0.1/proto.c:120:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_ethhdr->ether_shost, node->our_mac_addr, ETH_ALEN); data/ap51-flash-2019.0.1/proto.c:121:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_ethhdr->ether_dhost, node->his_mac_addr, ETH_ALEN); data/ap51-flash-2019.0.1/proto.c:181:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. data_len = sprintf(out_tftp_data, "run fw_upg; reset\n"); data/ap51-flash-2019.0.1/proto.c:521:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ethhdr->ether_shost, node->our_mac_addr, ETH_ALEN); data/ap51-flash-2019.0.1/proto.c:522:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ethhdr->ether_dhost, node->his_mac_addr, ETH_ALEN); data/ap51-flash-2019.0.1/proto.c:574:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((unsigned char *)(tcphdr + 1), &mss_option, data/ap51-flash-2019.0.1/proto.c:769:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_ethhdr->ether_dhost, node->his_mac_addr, ETH_ALEN); data/ap51-flash-2019.0.1/proto.c:770:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_ethhdr->ether_shost, node->our_mac_addr, ETH_ALEN); data/ap51-flash-2019.0.1/proto.h:58:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &ip, sizeof(ip)); data/ap51-flash-2019.0.1/router_images.c:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_buff[FILE_NAME_MAX_LENGTH]; data/ap51-flash-2019.0.1/router_images.c:386:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_buff[33], *name_ptr, md5_buff[33]; data/ap51-flash-2019.0.1/router_images.c:512:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char firmware_version[32]; data/ap51-flash-2019.0.1/router_images.c:514:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[64]; data/ap51-flash-2019.0.1/router_images.c:741:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(image_path, O_RDONLY | O_BINARY); data/ap51-flash-2019.0.1/router_images.c:810:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). node->image_state.fd = open(node->router_type->image->path, data/ap51-flash-2019.0.1/router_images.c:873:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, file_data, read_len); data/ap51-flash-2019.0.1/router_images.h:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[DESC_MAX_LENGTH]; data/ap51-flash-2019.0.1/router_images.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char router_name[DESC_MAX_LENGTH]; data/ap51-flash-2019.0.1/router_images.h:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[FILE_NAME_MAX_LENGTH]; data/ap51-flash-2019.0.1/router_redboot.c:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/ap51-flash-2019.0.1/router_redboot.c:176:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "ip_addr -l %d.%d.%d.%d/8 -h %d.%d.%d.%d\n", data/ap51-flash-2019.0.1/router_redboot.c:193:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "load -r -b 0x%08lx -m tftp kernel\n", data/ap51-flash-2019.0.1/router_redboot.c:196:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "load -r -b %%{FREEMEMLO} -m tftp kernel\n"); data/ap51-flash-2019.0.1/router_redboot.c:222:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "fis create -e 0x%08lx -r 0x%08lx vmlinux.bin.l7\n", data/ap51-flash-2019.0.1/router_redboot.c:237:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "load -r -b 0x%08lx -m tftp rootfs\n", data/ap51-flash-2019.0.1/router_redboot.c:240:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "load -r -b %%{FREEMEMLO} -m tftp rootfs\n"); data/ap51-flash-2019.0.1/router_redboot.c:250:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "fis create -f 0x%08lx -l 0x%08lx rootfs\n", data/ap51-flash-2019.0.1/router_types.c:84:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_entry->mac, mac, ETH_ALEN); data/ap51-flash-2019.0.1/router_types.h:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[DESC_MAX_LENGTH]; data/ap51-flash-2019.0.1/socket.c:26:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char payload[BUFF_LEN]; data/ap51-flash-2019.0.1/socket.c:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PCAP_ERRBUF_SIZE]; data/ap51-flash-2019.0.1/socket.c:265:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PCAP_ERRBUF_SIZE]; data/ap51-flash-2019.0.1/socket.c:405:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error[PCAP_ERRBUF_SIZE]; data/ap51-flash-2019.0.1/socket.c:545:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(packet_buff, tmp_packet, ret); data/ap51-flash-2019.0.1/commandline.c:98:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[0]) < 3) data/ap51-flash-2019.0.1/fwcfg.c:22:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s); data/ap51-flash-2019.0.1/fwcfg.c:49:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line) == 0) data/ap51-flash-2019.0.1/fwcfg.c:61:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_len = strlen(line); data/ap51-flash-2019.0.1/fwcfg.c:144:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read_len != read(fd, dst, read_len)) { data/ap51-flash-2019.0.1/proto.c:358:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(file_name, fwupgradecfg, strlen(fwupgradecfg)) == 0) data/ap51-flash-2019.0.1/proto.c:624:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_send(node, (int)strlen(packet_buff), TCP_DATA); data/ap51-flash-2019.0.1/proto.c:658:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(packet_buff, cmd, buflen); data/ap51-flash-2019.0.1/proto.c:661:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tcp_send_data(node, (int)strlen(cmd)); data/ap51-flash-2019.0.1/router_images.c:102:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(router_info->router_name, router_desc, sizeof(router_info->router_name)); data/ap51-flash-2019.0.1/router_images.c:185:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(file_info->file_name, file_name, sizeof(file_info->file_name)); data/ap51-flash-2019.0.1/router_images.c:339:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t end_len = strlen(end); data/ap51-flash-2019.0.1/router_images.c:340:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t str_len = strlen(str); data/ap51-flash-2019.0.1/router_images.c:364:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(file_name, fwupgradecfg, strlen(fwupgradecfg)) != 0) data/ap51-flash-2019.0.1/router_images.c:371:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (file_name[strlen(fwupgradecfg)] == '-') data/ap51-flash-2019.0.1/router_images.c:372:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). router_desc = &file_name[strlen(fwupgradecfg) + 1]; data/ap51-flash-2019.0.1/router_images.c:410:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. ret = sscanf(buff, "CE%10s%02x", name_buff, &num_files); data/ap51-flash-2019.0.1/router_images.c:418:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. ret = sscanf(buff, "CE%*02x%32s%02x", name_buff, &num_files); data/ap51-flash-2019.0.1/router_images.c:444:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. ret = sscanf(buff + hdr_offset, "%20s%08x", name_buff, data/ap51-flash-2019.0.1/router_images.c:451:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. ret = sscanf(buff + hdr_offset, "%32s%08x%32s", data/ap51-flash-2019.0.1/router_images.c:468:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(name_buff, fwupgradecfg, strlen(fwupgradecfg)) == 0) { data/ap51-flash-2019.0.1/router_images.c:469:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fwupgradecfg) + 1 < strlen(name_buff) && data/ap51-flash-2019.0.1/router_images.c:469:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fwupgradecfg) + 1 < strlen(name_buff) && data/ap51-flash-2019.0.1/router_images.c:472:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). &name_buff[strlen(fwupgradecfg) + 1]); data/ap51-flash-2019.0.1/router_images.c:748:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = (int)read(fd, file_buff, file_buff_size); data/ap51-flash-2019.0.1/router_images.c:855:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read_len != read(node->image_state.fd, dst, read_len)) { data/ap51-flash-2019.0.1/router_netconsole.c:103:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (packet_buff_len < (int)strlen(PROMPT_STR)) data/ap51-flash-2019.0.1/router_netconsole.c:106:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(packet_buff, PROMPT_STR, strlen(PROMPT_STR)) != 0) data/ap51-flash-2019.0.1/router_netconsole.c:115:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (packet_buff_len < (int)strlen(DONE_STR)) data/ap51-flash-2019.0.1/router_netconsole.c:118:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(packet_buff, DONE_STR, strlen(DONE_STR)) != 0) data/ap51-flash-2019.0.1/router_redboot.c:155:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). redboot_priv->version_info = malloc(strlen(telnet_msg) + 1); data/ap51-flash-2019.0.1/router_redboot.c:159:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(redboot_priv->version_info, telnet_msg, strlen(telnet_msg) + 1); data/ap51-flash-2019.0.1/router_redboot.c:159:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(redboot_priv->version_info, telnet_msg, strlen(telnet_msg) + 1); data/ap51-flash-2019.0.1/router_redboot.c:160:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). redboot_priv->version_info[strlen(telnet_msg)] = '\0'; data/ap51-flash-2019.0.1/socket.c:314:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(iface) > IFNAMSIZ - 1) { data/ap51-flash-2019.0.1/socket.c:329:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(req.ifr_name, iface, IFNAMSIZ); data/ap51-flash-2019.0.1/socket.c:513:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read_len = read(raw_sock, packet_buff, packet_buff_len - 1); data/ap51-flash-2019.0.1/socket.c:608:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(req.ifr_name, iface, IFNAMSIZ); ANALYSIS SUMMARY: Hits = 84 Lines analyzed = 5559 in approximately 0.14 seconds (38543 lines/second) Physical Source Lines of Code (SLOC) = 4300 Hits@level = [0] 116 [1] 38 [2] 41 [3] 1 [4] 4 [5] 0 Hits@level+ = [0+] 200 [1+] 84 [2+] 46 [3+] 5 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 46.5116 [1+] 19.5349 [2+] 10.6977 [3+] 1.16279 [4+] 0.930233 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.