stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bidentd-1.1.4/main.cc
Examining data/bidentd-1.1.4/sizes.h

FINAL RESULTS:

data/bidentd-1.1.4/main.cc:42:70:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void msyslog(enum loglevel_t ll, const char *msg, ...) FORMAT(printf, 2, 3);
data/bidentd-1.1.4/main.cc:49:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buf, sizeof(buf), msg, ap);
data/bidentd-1.1.4/main.cc:168:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
            sscanf(Buf, "%s %X:%X %*X:%X %X", proto, &masqhost, &l, &r, &masqport);
data/bidentd-1.1.4/main.cc:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2048];
data/bidentd-1.1.4/main.cc:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Buf[256];
data/bidentd-1.1.4/main.cc:119:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(Buf, "%d,%d\r\n", rport, lport);
data/bidentd-1.1.4/main.cc:132:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Buf[256];
data/bidentd-1.1.4/main.cc:153:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(Buf, "%u", uid);
data/bidentd-1.1.4/main.cc:167:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char proto[5];
data/bidentd-1.1.4/main.cc:184:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char proto[20];
data/bidentd-1.1.4/main.cc:185:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char masqhosts[20];
data/bidentd-1.1.4/main.cc:214:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ipm = fopen("/proc/net/ip_masquerade", "rt");
data/bidentd-1.1.4/main.cc:215:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ipc = fopen("/proc/net/ip_conntrack", "rt");
data/bidentd-1.1.4/main.cc:216:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    tcp = fopen("/proc/net/tcp", "rt");
data/bidentd-1.1.4/main.cc:58:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if(read(0, &c, 1) > 0)rv = c;
data/bidentd-1.1.4/main.cc:122:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    write(sock, Buf, strlen(Buf));
data/bidentd-1.1.4/main.cc:124:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while(read(sock, &c, 1)==1 && c!=':') { }
data/bidentd-1.1.4/main.cc:125:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    for(RespType=""; read(sock, &c, 1)==1 && c != ':'; )if(RespType.size() || c!=' ')if(c != ' ')RespType += c;
data/bidentd-1.1.4/main.cc:126:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    for(AddInfo=""; read(sock, &c, 1)==1 && c != '\n'; )if(AddInfo.size() || c!=' ')if(c != '\r')AddInfo += c;
data/bidentd-1.1.4/main.cc:190:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
            sscanf(Buf, "%19s %*d %*d", proto);
data/bidentd-1.1.4/main.cc:191:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
            sscanf(a, "src=%19s %*s sport=%u %*s",

ANALYSIS SUMMARY:

Hits = 21
Lines analyzed = 316 in approximately 0.02 seconds (14994 lines/second)
Physical Source Lines of Code (SLOC) = 266
Hits@level = [0]   5 [1]   7 [2]  11 [3]   0 [4]   3 [5]   0
Hits@level+ = [0+]  26 [1+]  21 [2+]  14 [3+]   3 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 97.7444 [1+] 78.9474 [2+] 52.6316 [3+] 11.2782 [4+] 11.2782 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.