Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/aprsdigi-3.10.0/aprsdigi.c
Examining data/aprsdigi-3.10.0/aprsmon.c
Examining data/aprsdigi-3.10.0/aprsshm.c
Examining data/aprsdigi-3.10.0/aprsshm.h
Examining data/aprsdigi-3.10.0/fiforead.c
Examining data/aprsdigi-3.10.0/fifowrite.c
Examining data/aprsdigi-3.10.0/libax25ext.c
Examining data/aprsdigi-3.10.0/libax25ext.h
Examining data/aprsdigi-3.10.0/mic_e.c
Examining data/aprsdigi-3.10.0/mic_e.h
Examining data/aprsdigi-3.10.0/mic_e_test.c
Examining data/aprsdigi-3.10.0/testmcast.c
Examining data/aprsdigi-3.10.0/testparse.c
FINAL RESULTS:
data/aprsdigi-3.10.0/aprsdigi.c:860:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"dummy via %s",str);
data/aprsdigi-3.10.0/aprsdigi.c:1298:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(idinfo,ax25_ntoa_pretty(&iface->aliases[i]));
data/aprsdigi-3.10.0/aprsdigi.c:1302:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(idinfo,ax25_ntoa_pretty(&Floods[i].call));
data/aprsdigi-3.10.0/aprsdigi.c:1830:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(((struct sockaddr*)&i->tsa)->sa_data, i->dev);
data/aprsdigi-3.10.0/aprsdigi.c:1840:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(((struct sockaddr *)&i->rsa)->sa_data, i->dev);
data/aprsdigi-3.10.0/aprsdigi.c:1848:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, i->dev); /* get this port's callsign */
data/aprsdigi-3.10.0/aprsdigi.c:2091:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t,ax25_ntoa_pretty(cl->callsign));
data/aprsdigi-3.10.0/aprsdigi.c:2541:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(devname,"%s:%s",DEVTYPE(j),j->devname);
data/aprsdigi-3.10.0/aprsmon.c:211:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, sa.sa_data);
data/aprsdigi-3.10.0/aprsmon.c:282:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&digis[l],",%s%s",tmp,(buf[ALEN]&REPEATED&&!nextrept)?"*":"");
data/aprsdigi-3.10.0/aprsmon.c:304:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1,"%s>%s%s:%s",from,"APRS",digis,mic1);
data/aprsdigi-3.10.0/aprsmon.c:306:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2,"%s>%s%s:%s",from,"APRS",digis,mic2);
data/aprsdigi-3.10.0/aprsmon.c:311:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1,"%s>%s%s:%s",from,to,digis,mic1);
data/aprsdigi-3.10.0/aprsmon.c:314:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1,"%s>%s%s:",from,to,digis);
data/aprsdigi-3.10.0/mic_e.c:181:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1,"@%02d%02d%02dz%d%d%d%d.%d%d%c%c%03d%02d.%02d%c%c%03d/%03d/%c>mon/M%d/%s",
data/aprsdigi-3.10.0/aprsdigi.c:1439:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((s = getopt_long(argc, argv, optstring, opts, &opt_index)) != -1) {
data/aprsdigi-3.10.0/aprsmon.c:120:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((s = getopt(argc, argv, OPTS)) != -1) {
data/aprsdigi-3.10.0/aprsdigi.c:201:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Dirs[5] = "NSEW";
data/aprsdigi-3.10.0/aprsdigi.c:337:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[AX25_MTU];
data/aprsdigi-3.10.0/aprsdigi.c:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/aprsdigi-3.10.0/aprsdigi.c:461:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&s->in.ax_from_call,
data/aprsdigi-3.10.0/aprsdigi.c:842:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(text,*op,len); /* copy the text */
data/aprsdigi-3.10.0/aprsdigi.c:846:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(tag,*op,taglen); /* and tack on the tag */
data/aprsdigi-3.10.0/aprsdigi.c:857:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/aprsdigi-3.10.0/aprsdigi.c:890:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc_from[12],asc_to[12];
data/aprsdigi-3.10.0/aprsdigi.c:1047:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of = fopen(Logfile,"a");
data/aprsdigi-3.10.0/aprsdigi.c:1159:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(cp,p->d,p->l);
data/aprsdigi-3.10.0/aprsdigi.c:1238:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of = fopen(Logfile,"a");
data/aprsdigi-3.10.0/aprsdigi.c:1276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idinfo[AX25_MTU];
data/aprsdigi-3.10.0/aprsdigi.c:1299:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(idinfo,"/R ");
data/aprsdigi-3.10.0/aprsdigi.c:1303:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(idinfo,"n-n/R ");
data/aprsdigi-3.10.0/aprsdigi.c:1566:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((Keep = atoi(optarg)) <= 0)
data/aprsdigi-3.10.0/aprsdigi.c:1573:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Idinterval = atoi(optarg);
data/aprsdigi-3.10.0/aprsdigi.c:1856:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ifr.ifr_hwaddr.sa_data,I_MYCALL(i).ax25_call,sizeof(I_MYCALL(i).ax25_call));
data/aprsdigi-3.10.0/aprsdigi.c:1883:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((ttlval = atoi(ttl)) <= 0)
data/aprsdigi-3.10.0/aprsdigi.c:1922:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((struct sockaddr*)ai->ai_addr,&i->tsa,sizeof(i->tsa)); /* fill sockaddr w/sockaddr_in */
data/aprsdigi-3.10.0/aprsdigi.c:1948:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((struct sockaddr*)ai->ai_addr,&i->rsa,sizeof(i->rsa));
data/aprsdigi-3.10.0/aprsdigi.c:1973:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(sun->sun_path)];
data/aprsdigi-3.10.0/aprsdigi.c:2089:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[10];
data/aprsdigi-3.10.0/aprsdigi.c:2093:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(t,"n-n"); /* indicate a WIDEn-n */
data/aprsdigi-3.10.0/aprsdigi.c:2261:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e->be_maskbits = atoi(mask);
data/aprsdigi-3.10.0/aprsdigi.c:2267:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ai->ai_addr,&e->be_addr,ai->ai_addrlen);
data/aprsdigi-3.10.0/aprsdigi.c:2311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[1000];
data/aprsdigi-3.10.0/aprsdigi.c:2369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testhost[200],host[200];
data/aprsdigi-3.10.0/aprsdigi.c:2510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[1000];
data/aprsdigi-3.10.0/aprsdigi.c:2538:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[100];
data/aprsdigi-3.10.0/aprsdigi.c:2670:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(pkt[j],&pref[plen-1],pktl[j]); /* tag vecp onto end of pref. */
data/aprsdigi-3.10.0/aprsdigi.c:2671:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(pref,pkt[j],pktl[j]+=plen-1); /* not sure why this is -1 */
data/aprsdigi-3.10.0/aprsmon.c:106:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1500];
data/aprsdigi-3.10.0/aprsmon.c:130:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
keepfor = atoi(optarg);
data/aprsdigi-3.10.0/aprsmon.c:249:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf1[1000],buf2[100];
data/aprsdigi-3.10.0/aprsmon.c:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mic1[200],mic2[200];
data/aprsdigi-3.10.0/aprsmon.c:252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[10],to[10],digis[100];
data/aprsdigi-3.10.0/aprsmon.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[15];
data/aprsdigi-3.10.0/aprsmon.c:336:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "[invalid]");
data/aprsdigi-3.10.0/aprsmon.c:344:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "-%d", ssid);
data/aprsdigi-3.10.0/aprsshm.c:55:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[MAXPKT]; /* the packet. */
data/aprsdigi-3.10.0/aprsshm.c:102:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((info = fopen(infofile,"w")) != NULL) {
data/aprsdigi-3.10.0/aprsshm.c:152:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((info = fopen(infofile,"r"))) {
data/aprsdigi-3.10.0/aprsshm.c:208:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buf,p->data,len);
data/aprsdigi-3.10.0/libax25ext.c:37:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(*frame,calls->ax_to_call.ax25_call,AXLEN);
data/aprsdigi-3.10.0/libax25ext.c:40:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(*frame,calls->ax_from_call.ax25_call,AXLEN);
data/aprsdigi-3.10.0/libax25ext.c:49:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(*frame,calls->ax_digi_call[calls->ax_n_digis].ax25_call,AXLEN);
data/aprsdigi-3.10.0/libax25ext.c:305:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(calls->ax_to_call.ax25_call,*frame,AXLEN);
data/aprsdigi-3.10.0/libax25ext.c:307:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(calls->ax_from_call.ax25_call,*frame,AXLEN);
data/aprsdigi-3.10.0/libax25ext.c:311:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(calls->ax_digi_call[i].ax25_call,*frame,AXLEN);
data/aprsdigi-3.10.0/libax25ext.c:368:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[11];
data/aprsdigi-3.10.0/mic_e.c:155:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2,"T#MIC%03d,%03d",
data/aprsdigi-3.10.0/mic_e.c:162:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2,"T#MIC%03d,%03d,%03d,%03d,%03d",
data/aprsdigi-3.10.0/mic_e.c:172:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2,"T#MIC%03d,%03d,%03d,%03d,%03d",
data/aprsdigi-3.10.0/mic_e.c:195:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp,&i[buf2_n],l-buf2_n);
data/aprsdigi-3.10.0/mic_e.c:235:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf1,cp,*l1=&i[l-1]-cp);
data/aprsdigi-3.10.0/mic_e_test.c:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[100];
data/aprsdigi-3.10.0/mic_e_test.c:15:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ob1[512],ob2[512];
data/aprsdigi-3.10.0/testmcast.c:44:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[AX25_MTU];
data/aprsdigi-3.10.0/testmcast.c:48:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc < 4 || (ttlval = atoi(ttl)) <= 0) {
data/aprsdigi-3.10.0/testmcast.c:60:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length);
data/aprsdigi-3.10.0/testmcast.c:68:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(service));
data/aprsdigi-3.10.0/testparse.c:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048],*bp;
data/aprsdigi-3.10.0/testparse.c:34:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[2048], *op;
data/aprsdigi-3.10.0/testparse.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc_from[12],asc_to[12];
data/aprsdigi-3.10.0/aprsdigi.c:894:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(asc_to,ax25_ntoa_pretty(&calls->ax_to_call),sizeof(asc_to));
data/aprsdigi-3.10.0/aprsdigi.c:895:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(asc_from,ax25_ntoa_pretty(&calls->ax_from_call),sizeof(asc_from));
data/aprsdigi-3.10.0/aprsdigi.c:1305:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_text(&op,&oleft,idinfo,strlen(idinfo),0,0);
data/aprsdigi-3.10.0/aprsdigi.c:1534:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Floods[N_floods++].len = strlen(optarg);
data/aprsdigi-3.10.0/aprsdigi.c:1559:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Taglen = strlen(optarg);
data/aprsdigi-3.10.0/aprsdigi.c:1977:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name,i->dev,sizeof(name));
data/aprsdigi-3.10.0/aprsdigi.c:1991:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sun->sun_path,name,sizeof(sun->sun_path));
data/aprsdigi-3.10.0/aprsdigi.c:2011:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sun->sun_path,name,sizeof(sun->sun_path));
data/aprsdigi-3.10.0/aprsdigi.c:2345:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,ax25_ntoa_pretty(&sinax25->sax25_call),buflen);
data/aprsdigi-3.10.0/aprsdigi.c:2348:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf,"any",buflen);
data/aprsdigi-3.10.0/aprsdigi.c:2351:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf,"???",buflen);
data/aprsdigi-3.10.0/aprsmon.c:284:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen(&digis[l]);
data/aprsdigi-3.10.0/aprsmon.c:315:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf1);
data/aprsdigi-3.10.0/fiforead.c:37:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mysun.sun_path,argv[1],sizeof(mysun.sun_path));
data/aprsdigi-3.10.0/fifowrite.c:36:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mysun.sun_path,argv[1],sizeof(mysun.sun_path));
data/aprsdigi-3.10.0/fifowrite.c:43:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sent = sendto(sock,buf,strlen(buf),0,(struct sockaddr *)&mysun,
data/aprsdigi-3.10.0/libax25ext.c:331:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*frame,ax25_ntoa_pretty(&calls->ax_from_call),AXLEN+3);
data/aprsdigi-3.10.0/libax25ext.c:332:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(*frame);
data/aprsdigi-3.10.0/libax25ext.c:336:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*frame,ax25_ntoa_pretty(&calls->ax_to_call),AXLEN+3);
data/aprsdigi-3.10.0/libax25ext.c:337:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(*frame);
data/aprsdigi-3.10.0/libax25ext.c:343:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*frame,ax25_ntoa_pretty(&calls->ax_digi_call[i]),AXLEN+3);
data/aprsdigi-3.10.0/libax25ext.c:344:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(*frame);
data/aprsdigi-3.10.0/mic_e.c:159:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*l2 = strlen(buf2);
data/aprsdigi-3.10.0/mic_e.c:169:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*l2 = strlen(buf2);
data/aprsdigi-3.10.0/mic_e.c:175:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*l2 = strlen(buf2);
data/aprsdigi-3.10.0/mic_e.c:191:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp = &buf1[(*l1 = strlen(buf1))];
data/aprsdigi-3.10.0/mic_e_test.c:20:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tl = strlen(b);
data/aprsdigi-3.10.0/mic_e_test.c:36:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fmt_mic_e(to,i,strlen(i),ob1,&ol1,ob2,&ol2,tick)
data/aprsdigi-3.10.0/mic_e_test.c:37:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| fmt_x1j4(to,i,strlen(i),ob1,&ol1,ob2,&ol2,tick)) {
data/aprsdigi-3.10.0/testmcast.c:167:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(0,buffer,sizeof(buffer))) < 0) {
data/aprsdigi-3.10.0/testparse.c:39:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(buf);
data/aprsdigi-3.10.0/testparse.c:59:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&obuf[sizeof(obuf)-olen],bp,buflen);
data/aprsdigi-3.10.0/testparse.c:104:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(asc_to,ax25_ntoa_pretty(&calls->ax_to_call),sizeof(asc_to));
data/aprsdigi-3.10.0/testparse.c:105:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(asc_from,ax25_ntoa_pretty(&calls->ax_from_call),sizeof(asc_from));
ANALYSIS SUMMARY:
Hits = 115
Lines analyzed = 4531 in approximately 0.18 seconds (24783 lines/second)
Physical Source Lines of Code (SLOC) = 3690
Hits@level = [0] 226 [1] 34 [2] 64 [3] 2 [4] 15 [5] 0
Hits@level+ = [0+] 341 [1+] 115 [2+] 81 [3+] 17 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 92.4119 [1+] 31.1653 [2+] 21.9512 [3+] 4.60705 [4+] 4.06504 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.