Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dhcpstarv-0.2.2/src/debug.c
Examining data/dhcpstarv-0.2.2/src/debug.h
Examining data/dhcpstarv-0.2.2/src/dhcp.c
Examining data/dhcpstarv-0.2.2/src/dhcp.h
Examining data/dhcpstarv-0.2.2/src/ether.c
Examining data/dhcpstarv-0.2.2/src/ether.h
Examining data/dhcpstarv-0.2.2/src/ip.c
Examining data/dhcpstarv-0.2.2/src/ip.h
Examining data/dhcpstarv-0.2.2/src/leases.c
Examining data/dhcpstarv-0.2.2/src/leases.h
Examining data/dhcpstarv-0.2.2/src/log.c
Examining data/dhcpstarv-0.2.2/src/log.h
Examining data/dhcpstarv-0.2.2/src/main.c
Examining data/dhcpstarv-0.2.2/src/main.h
Examining data/dhcpstarv-0.2.2/src/request.c
Examining data/dhcpstarv-0.2.2/src/request.h
Examining data/dhcpstarv-0.2.2/src/sock.c
Examining data/dhcpstarv-0.2.2/src/sock.h
Examining data/dhcpstarv-0.2.2/src/udp.c
Examining data/dhcpstarv-0.2.2/src/udp.h
Examining data/dhcpstarv-0.2.2/src/utils.c
Examining data/dhcpstarv-0.2.2/src/utils.h
FINAL RESULTS:
data/dhcpstarv-0.2.2/src/log.c:42:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(time_format, format, sizeof(time_format));
data/dhcpstarv-0.2.2/src/log.c:60:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(time_format, format, sizeof(time_format));
data/dhcpstarv-0.2.2/src/log.c:80:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(time_format, format, sizeof(time_format));
data/dhcpstarv-0.2.2/src/log.c:101:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(time_format, "(debug) ", sizeof(time_format));
data/dhcpstarv-0.2.2/src/log.c:102:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(time_format, format, sizeof(time_format));
data/dhcpstarv-0.2.2/src/log.c:45:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(time_format, ap);
data/dhcpstarv-0.2.2/src/log.c:63:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, time_format, ap);
data/dhcpstarv-0.2.2/src/log.c:83:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(time_format, ap);
data/dhcpstarv-0.2.2/src/log.c:105:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, time_format, ap);
data/dhcpstarv-0.2.2/src/utils.c:79:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp, (i == 0) ? "%02x" : ":%02x", mac[i]);
data/dhcpstarv-0.2.2/src/utils.c:80:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp_mac, tmp);
data/dhcpstarv-0.2.2/src/main.c:228:22: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (-1 != (opt = getopt_long(argc, argv, "d:e:i:hpv", long_opts, &optind))) {
data/dhcpstarv-0.2.2/src/main.c:296:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/dhcpstarv-0.2.2/src/debug.c:111:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char optvalue[255];
data/dhcpstarv-0.2.2/src/dhcp.c:62:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->options + i, value, len);
data/dhcpstarv-0.2.2/src/dhcp.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, msg->options + index, (optlen < *len) ? optlen : *len);
data/dhcpstarv-0.2.2/src/dhcp.c:194:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dhcp->chaddr, lease->mac, sizeof(lease->mac));
data/dhcpstarv-0.2.2/src/dhcp.c:195:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dhcp->options, dhcp_magic, sizeof(dhcp_magic));
data/dhcpstarv-0.2.2/src/dhcp.c:224:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg->chaddr, lease->mac, sizeof(lease->mac));
data/dhcpstarv-0.2.2/src/dhcp.c:225:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->options, dhcp_magic, sizeof(dhcp_magic));
data/dhcpstarv-0.2.2/src/dhcp.c:321:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &dhcp->options[i + 2], (len > bufsize) ? bufsize : len);
data/dhcpstarv-0.2.2/src/dhcp.c:350:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg->chaddr, lease->mac, sizeof(lease->mac));
data/dhcpstarv-0.2.2/src/dhcp.c:351:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->options, dhcp_magic, sizeof(dhcp_magic));
data/dhcpstarv-0.2.2/src/ether.c:92:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, ifr.ifr_hwaddr.sa_data,
data/dhcpstarv-0.2.2/src/leases.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain_name[MAX_DOMAIN_NAME]; /* domain name */
data/dhcpstarv-0.2.2/src/log.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_format[LOG_STR_BUFFER_SIZE];
data/dhcpstarv-0.2.2/src/log.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_format[LOG_STR_BUFFER_SIZE];
data/dhcpstarv-0.2.2/src/log.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_format[LOG_STR_BUFFER_SIZE];
data/dhcpstarv-0.2.2/src/log.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_format[LOG_STR_BUFFER_SIZE];
data/dhcpstarv-0.2.2/src/main.c:49:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ifmac[6];
data/dhcpstarv-0.2.2/src/main.c:133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, vendor_mac_prefix, sizeof(vendor_mac_prefix));
data/dhcpstarv-0.2.2/src/main.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac + sizeof(vendor_mac_prefix), (unsigned char*) &random_value,
data/dhcpstarv-0.2.2/src/main.c:280:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[DHCP_HLEN_ETHER];
data/dhcpstarv-0.2.2/src/main.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[50];
data/dhcpstarv-0.2.2/src/main.h:41:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char ifmac[6];
data/dhcpstarv-0.2.2/src/request.c:53:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lladdr->sll_addr, brd_mac, sizeof(brd_mac));
data/dhcpstarv-0.2.2/src/request.c:69:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024];
data/dhcpstarv-0.2.2/src/request.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[50];
data/dhcpstarv-0.2.2/src/sock.c:121:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[8196];
data/dhcpstarv-0.2.2/src/sock.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dhcp, recv_dhcp, sizeof(struct dhcp_packet));
data/dhcpstarv-0.2.2/src/udp.c:137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(udpdata, data, datalen);
data/dhcpstarv-0.2.2/src/utils.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp_mac[50];
data/dhcpstarv-0.2.2/src/utils.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[50];
data/dhcpstarv-0.2.2/src/utils.c:93:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmpmac[6];
data/dhcpstarv-0.2.2/src/utils.c:111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, tmpmac, enough ? sizeof(tmpmac) : macsize);
data/dhcpstarv-0.2.2/src/ether.c:63:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/dhcpstarv-0.2.2/src/ether.c:87:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/dhcpstarv-0.2.2/src/ether.c:112:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/dhcpstarv-0.2.2/src/main.c:247:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opts.ifname, optarg, sizeof(opts.ifname));
data/dhcpstarv-0.2.2/src/request.c:198:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, get_ip_str(lease->client_addr), sizeof(tmp));
data/dhcpstarv-0.2.2/src/sock.c:146:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_bytes = read(sock, buffer, sizeof(buffer));
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 2604 in approximately 0.11 seconds (24477 lines/second)
Physical Source Lines of Code (SLOC) = 1583
Hits@level = [0] 42 [1] 6 [2] 32 [3] 2 [4] 6 [5] 5
Hits@level+ = [0+] 93 [1+] 51 [2+] 45 [3+] 13 [4+] 11 [5+] 5
Hits/KSLOC@level+ = [0+] 58.7492 [1+] 32.2173 [2+] 28.427 [3+] 8.21226 [4+] 6.94883 [5+] 3.15856
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.