stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dhcpcd-dbus-0.6.0/dbus-dict.c
Examining data/dhcpcd-dbus-0.6.0/dbus-dict.h
Examining data/dhcpcd-dbus-0.6.0/defs.h
Examining data/dhcpcd-dbus-0.6.0/dhcpcd-dbus.c
Examining data/dhcpcd-dbus-0.6.0/dhcpcd-dbus.h
Examining data/dhcpcd-dbus-0.6.0/dhcpcd.c
Examining data/dhcpcd-dbus-0.6.0/dhcpcd.h
Examining data/dhcpcd-dbus-0.6.0/eloop.c
Examining data/dhcpcd-dbus-0.6.0/eloop.h
Examining data/dhcpcd-dbus-0.6.0/main.c
Examining data/dhcpcd-dbus-0.6.0/wpa-dbus.c
Examining data/dhcpcd-dbus-0.6.0/wpa-dbus.h
Examining data/dhcpcd-dbus-0.6.0/wpa.c
Examining data/dhcpcd-dbus-0.6.0/wpa.h

FINAL RESULTS:

data/dhcpcd-dbus-0.6.0/dhcpcd-dbus.c:285:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buffer, sizeof(buffer), fmt, args);
data/dhcpcd-dbus-0.6.0/eloop.c:135:3:  [4] (format) syslog:
  If syslog's format strings can be influenced by an attacker, they can be
  exploited (CWE-134). Use a constant format string for syslog.
		syslog(LOG_WARNING, NO_MONOTONIC);
data/dhcpcd-dbus-0.6.0/main.c:65:2:  [4] (format) syslog:
  If syslog's format strings can be influenced by an attacker, they can be
  exploited (CWE-134). Use a constant format string for syslog.
	syslog(LOG_INFO, "starting " PACKAGE "-" VERSION);
data/dhcpcd-dbus-0.6.0/wpa.c:79:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(sun.sun_path, sizeof(sun.sun_path),
data/dhcpcd-dbus-0.6.0/dhcpcd-dbus.c:280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[1024];
data/dhcpcd-dbus-0.6.0/dhcpcd-dbus.c:514:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, cmd[128];
data/dhcpcd-dbus-0.6.0/dhcpcd.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c[1024], *p;
data/dhcpcd-dbus-0.6.0/dhcpcd.c:160:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&len, c, sizeof(ssize_t));
data/dhcpcd-dbus-0.6.0/dhcpcd.c:335:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sbuf[sizeof(ssize_t)], *rbuf;
data/dhcpcd-dbus-0.6.0/dhcpcd.c:457:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(cffile, "r");
data/dhcpcd-dbus-0.6.0/dhcpcd.c:640:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[128];
data/dhcpcd-dbus-0.6.0/dhcpcd.c:685:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&nifs, cmd, sizeof(ssize_t));
data/dhcpcd-dbus-0.6.0/wpa-dbus.c:120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[2048], cmd[20], *p, *s;
data/dhcpcd-dbus-0.6.0/wpa-dbus.c:217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, buffer[2048], *t, *ssid, *bssid, *flags;
data/dhcpcd-dbus-0.6.0/wpa-dbus.c:281:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, buffer[2048];
data/dhcpcd-dbus-0.6.0/wpa-dbus.c:309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, buffer[2048];
data/dhcpcd-dbus-0.6.0/wpa-dbus.c:333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[32], *s, buffer[2048];
data/dhcpcd-dbus-0.6.0/wpa-dbus.c:418:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[256], *s, *param, buffer[2048];
data/dhcpcd-dbus-0.6.0/wpa-dbus.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[256], *s, *param, *value, buffer[2048];
data/dhcpcd-dbus-0.6.0/wpa.c:150:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[10];
data/dhcpcd-dbus-0.6.0/wpa.c:241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[256], *p;
data/dhcpcd-dbus-0.6.0/wpa.c:270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[20];
data/dhcpcd-dbus-0.6.0/dhcpcd-dbus.c:249:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lp = prefix ? strlen(prefix) : 0;
data/dhcpcd-dbus-0.6.0/dhcpcd-dbus.c:252:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			l = strlen(dhop->var);
data/dhcpcd-dbus-0.6.0/dhcpcd-dbus.c:270:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		l = strlen(p) + 1;
data/dhcpcd-dbus-0.6.0/dhcpcd-dbus.c:398:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    + strlen(wpa_introspection_xml)
data/dhcpcd-dbus-0.6.0/dhcpcd.c:120:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		last += strlen(p);
data/dhcpcd-dbus-0.6.0/dhcpcd.c:146:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bytes = strlen(cmd) + 1;
data/dhcpcd-dbus-0.6.0/dhcpcd.c:157:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	bytes = read(fd, c, sizeof(ssize_t));
data/dhcpcd-dbus-0.6.0/dhcpcd.c:164:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	bytes = read(fd, *buffer, len);
data/dhcpcd-dbus-0.6.0/dhcpcd.c:187:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = sizeof(sun.sun_family) + strlen(sun.sun_path) + 1;
data/dhcpcd-dbus-0.6.0/dhcpcd.c:201:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	vlen = strlen(var);
data/dhcpcd-dbus-0.6.0/dhcpcd.c:205:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data += strlen(data) + 1;
data/dhcpcd-dbus-0.6.0/dhcpcd.c:339:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	bytes = read(fd, sbuf, sizeof(sbuf));
data/dhcpcd-dbus-0.6.0/dhcpcd.c:350:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	bytes = read(fd, rbuf, len);
data/dhcpcd-dbus-0.6.0/dhcpcd.c:469:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p = line + strlen(line) - 1;
data/dhcpcd-dbus-0.6.0/dhcpcd.c:506:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(option) + strlen(line) + 2;
data/dhcpcd-dbus-0.6.0/dhcpcd.c:506:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(option) + strlen(line) + 2;
data/dhcpcd-dbus-0.6.0/dhcpcd.c:682:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	bytes = read(command_fd, cmd, sizeof(ssize_t));
data/dhcpcd-dbus-0.6.0/wpa-dbus.c:151:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				l = strlen(wpaop->var);
data/dhcpcd-dbus-0.6.0/wpa.c:71:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = sizeof(sun.sun_family) + strlen(sun.sun_path) + 1;
data/dhcpcd-dbus-0.6.0/wpa.c:81:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = sizeof(sun.sun_family) + strlen(sun.sun_path) + 1;
data/dhcpcd-dbus-0.6.0/wpa.c:114:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bytes = write(fd, cmd, strlen(cmd));
data/dhcpcd-dbus-0.6.0/wpa.c:130:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	bytes = read(fd, buffer, len == 1 ? 1 : len - 1);
data/dhcpcd-dbus-0.6.0/wpa.c:244:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	bytes = read(ifs->ctrl_fd, buffer, sizeof(buffer));
data/dhcpcd-dbus-0.6.0/wpa.c:248:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bytes = strlen(buffer);

ANALYSIS SUMMARY:

Hits = 46
Lines analyzed = 3487 in approximately 0.12 seconds (28121 lines/second)
Physical Source Lines of Code (SLOC) = 2788
Hits@level = [0]  52 [1]  24 [2]  18 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+]  98 [1+]  46 [2+]  22 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 35.1506 [1+] 16.4993 [2+] 7.89096 [3+] 1.43472 [4+] 1.43472 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.