Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dhcpstarv-0.2.2/src/debug.c Examining data/dhcpstarv-0.2.2/src/debug.h Examining data/dhcpstarv-0.2.2/src/dhcp.c Examining data/dhcpstarv-0.2.2/src/dhcp.h Examining data/dhcpstarv-0.2.2/src/ether.c Examining data/dhcpstarv-0.2.2/src/ether.h Examining data/dhcpstarv-0.2.2/src/ip.c Examining data/dhcpstarv-0.2.2/src/ip.h Examining data/dhcpstarv-0.2.2/src/leases.c Examining data/dhcpstarv-0.2.2/src/leases.h Examining data/dhcpstarv-0.2.2/src/log.c Examining data/dhcpstarv-0.2.2/src/log.h Examining data/dhcpstarv-0.2.2/src/main.c Examining data/dhcpstarv-0.2.2/src/main.h Examining data/dhcpstarv-0.2.2/src/request.c Examining data/dhcpstarv-0.2.2/src/request.h Examining data/dhcpstarv-0.2.2/src/sock.c Examining data/dhcpstarv-0.2.2/src/sock.h Examining data/dhcpstarv-0.2.2/src/udp.c Examining data/dhcpstarv-0.2.2/src/udp.h Examining data/dhcpstarv-0.2.2/src/utils.c Examining data/dhcpstarv-0.2.2/src/utils.h FINAL RESULTS: data/dhcpstarv-0.2.2/src/log.c:42:2: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(time_format, format, sizeof(time_format)); data/dhcpstarv-0.2.2/src/log.c:60:2: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(time_format, format, sizeof(time_format)); data/dhcpstarv-0.2.2/src/log.c:80:3: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(time_format, format, sizeof(time_format)); data/dhcpstarv-0.2.2/src/log.c:101:3: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(time_format, "(debug) ", sizeof(time_format)); data/dhcpstarv-0.2.2/src/log.c:102:3: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(time_format, format, sizeof(time_format)); data/dhcpstarv-0.2.2/src/log.c:45:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(time_format, ap); data/dhcpstarv-0.2.2/src/log.c:63:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, time_format, ap); data/dhcpstarv-0.2.2/src/log.c:83:3: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(time_format, ap); data/dhcpstarv-0.2.2/src/log.c:105:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, time_format, ap); data/dhcpstarv-0.2.2/src/utils.c:79:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, (i == 0) ? "%02x" : ":%02x", mac[i]); data/dhcpstarv-0.2.2/src/utils.c:80:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp_mac, tmp); data/dhcpstarv-0.2.2/src/main.c:228:22: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while (-1 != (opt = getopt_long(argc, argv, "d:e:i:hpv", long_opts, &optind))) { data/dhcpstarv-0.2.2/src/main.c:296:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/dhcpstarv-0.2.2/src/debug.c:111:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char optvalue[255]; data/dhcpstarv-0.2.2/src/dhcp.c:62:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->options + i, value, len); data/dhcpstarv-0.2.2/src/dhcp.c:163:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, msg->options + index, (optlen < *len) ? optlen : *len); data/dhcpstarv-0.2.2/src/dhcp.c:194:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dhcp->chaddr, lease->mac, sizeof(lease->mac)); data/dhcpstarv-0.2.2/src/dhcp.c:195:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dhcp->options, dhcp_magic, sizeof(dhcp_magic)); data/dhcpstarv-0.2.2/src/dhcp.c:224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&msg->chaddr, lease->mac, sizeof(lease->mac)); data/dhcpstarv-0.2.2/src/dhcp.c:225:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->options, dhcp_magic, sizeof(dhcp_magic)); data/dhcpstarv-0.2.2/src/dhcp.c:321:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, &dhcp->options[i + 2], (len > bufsize) ? bufsize : len); data/dhcpstarv-0.2.2/src/dhcp.c:350:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&msg->chaddr, lease->mac, sizeof(lease->mac)); data/dhcpstarv-0.2.2/src/dhcp.c:351:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->options, dhcp_magic, sizeof(dhcp_magic)); data/dhcpstarv-0.2.2/src/ether.c:92:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, ifr.ifr_hwaddr.sa_data, data/dhcpstarv-0.2.2/src/leases.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char domain_name[MAX_DOMAIN_NAME]; /* domain name */ data/dhcpstarv-0.2.2/src/log.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_format[LOG_STR_BUFFER_SIZE]; data/dhcpstarv-0.2.2/src/log.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_format[LOG_STR_BUFFER_SIZE]; data/dhcpstarv-0.2.2/src/log.c:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_format[LOG_STR_BUFFER_SIZE]; data/dhcpstarv-0.2.2/src/log.c:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_format[LOG_STR_BUFFER_SIZE]; data/dhcpstarv-0.2.2/src/main.c:49:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ifmac[6]; data/dhcpstarv-0.2.2/src/main.c:133:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mac, vendor_mac_prefix, sizeof(vendor_mac_prefix)); data/dhcpstarv-0.2.2/src/main.c:134:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mac + sizeof(vendor_mac_prefix), (unsigned char*) &random_value, data/dhcpstarv-0.2.2/src/main.c:280:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[DHCP_HLEN_ETHER]; data/dhcpstarv-0.2.2/src/main.h:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[50]; data/dhcpstarv-0.2.2/src/main.h:41:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char ifmac[6]; data/dhcpstarv-0.2.2/src/request.c:53:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lladdr->sll_addr, brd_mac, sizeof(brd_mac)); data/dhcpstarv-0.2.2/src/request.c:69:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1024]; data/dhcpstarv-0.2.2/src/request.c:126:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[50]; data/dhcpstarv-0.2.2/src/sock.c:121:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[8196]; data/dhcpstarv-0.2.2/src/sock.c:168:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dhcp, recv_dhcp, sizeof(struct dhcp_packet)); data/dhcpstarv-0.2.2/src/udp.c:137:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(udpdata, data, datalen); data/dhcpstarv-0.2.2/src/utils.c:30:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmp_mac[50]; data/dhcpstarv-0.2.2/src/utils.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[50]; data/dhcpstarv-0.2.2/src/utils.c:93:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmpmac[6]; data/dhcpstarv-0.2.2/src/utils.c:111:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mac, tmpmac, enough ? sizeof(tmpmac) : macsize); data/dhcpstarv-0.2.2/src/ether.c:63:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); data/dhcpstarv-0.2.2/src/ether.c:87:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); data/dhcpstarv-0.2.2/src/ether.c:112:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); data/dhcpstarv-0.2.2/src/main.c:247:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opts.ifname, optarg, sizeof(opts.ifname)); data/dhcpstarv-0.2.2/src/request.c:198:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, get_ip_str(lease->client_addr), sizeof(tmp)); data/dhcpstarv-0.2.2/src/sock.c:146:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read_bytes = read(sock, buffer, sizeof(buffer)); ANALYSIS SUMMARY: Hits = 51 Lines analyzed = 2604 in approximately 0.11 seconds (24477 lines/second) Physical Source Lines of Code (SLOC) = 1583 Hits@level = [0] 42 [1] 6 [2] 32 [3] 2 [4] 6 [5] 5 Hits@level+ = [0+] 93 [1+] 51 [2+] 45 [3+] 13 [4+] 11 [5+] 5 Hits/KSLOC@level+ = [0+] 58.7492 [1+] 32.2173 [2+] 28.427 [3+] 8.21226 [4+] 6.94883 [5+] 3.15856 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.