stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dhcpcd-ui-0.6.0/src/dhcpcd-gtk/dhcpcd-gtk.h
Examining data/dhcpcd-ui-0.6.0/src/dhcpcd-gtk/main.c
Examining data/dhcpcd-ui-0.6.0/src/dhcpcd-gtk/menu.c
Examining data/dhcpcd-ui-0.6.0/src/dhcpcd-gtk/prefs.c
Examining data/dhcpcd-ui-0.6.0/src/dhcpcd-gtk/wpa.c
Examining data/dhcpcd-ui-0.6.0/src/libdhcpcd/config.c
Examining data/dhcpcd-ui-0.6.0/src/libdhcpcd/dispatch.c
Examining data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h
Examining data/dhcpcd-ui-0.6.0/src/libdhcpcd/main.c
Examining data/dhcpcd-ui-0.6.0/src/libdhcpcd/misc.c
Examining data/dhcpcd-ui-0.6.0/src/libdhcpcd/wpa.c

FINAL RESULTS:

data/dhcpcd-ui-0.6.0/src/libdhcpcd/dispatch.c:91:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(e, i, sizeof(*e));
data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bssid[IF_BSSIDSIZE];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ssid[IF_SSIDSIZE];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char flags[FLAGSIZE];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ifname[IF_NAMESIZE];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char type[TYPESIZE];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char reason[REASONSIZE];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ssid[IF_SSIDSIZE];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ifname[IF_NAMESIZE];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/libdhcpcd.h:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bssid[IF_BSSIDSIZE];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/misc.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[INET6_ADDRSTRLEN];
data/dhcpcd-ui-0.6.0/src/libdhcpcd/config.c:259:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(opt);
data/dhcpcd-ui-0.6.0/src/libdhcpcd/config.c:278:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return c->value + strlen(opt);
data/dhcpcd-ui-0.6.0/src/libdhcpcd/config.c:307:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(opt) + strlen(val) + 2;
data/dhcpcd-ui-0.6.0/src/libdhcpcd/config.c:307:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(opt) + strlen(val) + 2;
data/dhcpcd-ui-0.6.0/src/libdhcpcd/misc.c:85:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(i->ifname) + 3;
data/dhcpcd-ui-0.6.0/src/libdhcpcd/misc.c:86:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(reason) + 1;
data/dhcpcd-ui-0.6.0/src/libdhcpcd/misc.c:97:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len += strlen(i->ssid) + 1;
data/dhcpcd-ui-0.6.0/src/libdhcpcd/wpa.c:317:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(ssid) + 3;

ANALYSIS SUMMARY:

Hits = 19
Lines analyzed = 3325 in approximately 0.12 seconds (26738 lines/second)
Physical Source Lines of Code (SLOC) = 2710
Hits@level = [0]   8 [1]   8 [2]  11 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  27 [1+]  19 [2+]  11 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 9.9631 [1+] 7.01107 [2+] 4.05904 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.