Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dnstop-20120611/lookup3.c
Examining data/dnstop-20120611/known_tlds.h
Examining data/dnstop-20120611/inX_addr.h
Examining data/dnstop-20120611/inX_addr.c
Examining data/dnstop-20120611/hashtbl.h
Examining data/dnstop-20120611/hashtbl.c
Examining data/dnstop-20120611/dnstop.c
FINAL RESULTS:
data/dnstop-20120611/dnstop.c:1916:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
print_func = printf;
data/dnstop-20120611/dnstop.c:1813:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/dnstop-20120611/dnstop.c:1818:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((x = getopt(argc, argv, "46ab:B:f:i:l:n:pPr:QRvVX")) != -1) {
data/dnstop-20120611/dnstop.c:220:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *qtypes_buf[T_MAX];
data/dnstop-20120611/dnstop.c:221:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *rcodes_buf[RC_MAX];
data/dnstop-20120611/dnstop.c:222:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *opcodes_buf[OP_MAX];
data/dnstop-20120611/dnstop.c:333:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
entropy_fd = open("/dev/urandom", 0);
data/dnstop-20120611/dnstop.c:335:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
entropy_fd = open("/dev/random", 0);
data/dnstop-20120611/dnstop.c:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/dnstop-20120611/dnstop.c:368:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[INET6_ADDRSTRLEN];
data/dnstop-20120611/dnstop.c:522:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name + no, buf + (*off), len);
data/dnstop-20120611/dnstop.c:561:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qname[MAX_QNAME_SZ];
data/dnstop-20120611/dnstop.c:575:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&us, buf + 00, 2);
data/dnstop-20120611/dnstop.c:578:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&us, buf + 2, 2);
data/dnstop-20120611/dnstop.c:592:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&us, buf + 4, 2);
data/dnstop-20120611/dnstop.c:595:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&us, buf + 6, 2);
data/dnstop-20120611/dnstop.c:598:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&us, buf + 8, 2);
data/dnstop-20120611/dnstop.c:601:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&us, buf + 10, 2);
data/dnstop-20120611/dnstop.c:618:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&us, buf + offset, 2);
data/dnstop-20120611/dnstop.c:620:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&us, buf + offset + 2, 2);
data/dnstop-20120611/dnstop.c:1078:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/dnstop-20120611/dnstop.c:1149:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/dnstop-20120611/dnstop.c:1178:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/dnstop-20120611/dnstop.c:1269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt1[64];
data/dnstop-20120611/dnstop.c:1270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt2[64];
data/dnstop-20120611/dnstop.c:1574:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char q[128];
data/dnstop-20120611/dnstop.c:1586:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i |= ((atoi(t) & 0xff) << 24);
data/dnstop-20120611/dnstop.c:1634:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sld[10];
data/dnstop-20120611/dnstop.c:1803:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/dnstop-20120611/dnstop.c:1836:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_level = atoi(optarg);
data/dnstop-20120611/dnstop.c:1854:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hash_buckets = atoi(optarg);
data/dnstop-20120611/dnstop.c:1863:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
redraw_interval = atoi(optarg);
data/dnstop-20120611/inX_addr.c:11:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char v4_in_v6_prefix[12] = {0,0,0,0,0,0,0,0,0,0,0xFF,0xFF};
data/dnstop-20120611/inX_addr.c:43:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, v4_in_v6_prefix, 12);
data/dnstop-20120611/inX_addr.c:119:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, v4_in_v6_prefix, 12);
data/dnstop-20120611/inX_addr.c:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst->_.in4, src, sizeof(*src));
data/dnstop-20120611/inX_addr.c:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst->in6, src, sizeof(*src));
data/dnstop-20120611/dnstop.c:350:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(entropy_fd, buf, 4);
data/dnstop-20120611/dnstop.c:355:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(entropy_fd, buf, 16);
data/dnstop-20120611/dnstop.c:393:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return hashendian(s, strlen(s), 0);
data/dnstop-20120611/dnstop.c:419:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int h1 = hashendian(sa->str, strlen(sa->str), h0);
data/dnstop-20120611/dnstop.c:610:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qname, ".");
data/dnstop-20120611/dnstop.c:1256:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return &buf[strlen(buf) - n];
data/dnstop-20120611/dnstop.c:1262:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int W1 = strlen(col1);
data/dnstop-20120611/dnstop.c:1263:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int W2 = col2 ? strlen(col2) : 0;
data/dnstop-20120611/dnstop.c:1278:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (W1 < strlen(t))
data/dnstop-20120611/dnstop.c:1279:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W1 = strlen(t);
data/dnstop-20120611/dnstop.c:1301:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (W2 < strlen(t))
data/dnstop-20120611/dnstop.c:1302:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
W2 = strlen(t);
data/dnstop-20120611/dnstop.c:1578:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(q, fd->qname, sizeof(q) - 1);
data/dnstop-20120611/dnstop.c:1608:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fo = strlen(F);
data/dnstop-20120611/dnstop.c:1609:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t qo = strlen(Q);
data/dnstop-20120611/dnstop.c:1640:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sld, s, sizeof(sld));
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 3676 in approximately 0.11 seconds (34917 lines/second)
Physical Source Lines of Code (SLOC) = 3065
Hits@level = [0] 58 [1] 16 [2] 34 [3] 2 [4] 1 [5] 0
Hits@level+ = [0+] 111 [1+] 53 [2+] 37 [3+] 3 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 36.2153 [1+] 17.292 [2+] 12.0718 [3+] 0.978793 [4+] 0.326264 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.