Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ip4r-2.4.1/src/ip4r.c
Examining data/ip4r-2.4.1/src/ip4r_funcs.h
Examining data/ip4r-2.4.1/src/ip4r_module.c
Examining data/ip4r-2.4.1/src/ip6r.c
Examining data/ip4r-2.4.1/src/ip6r_funcs.h
Examining data/ip4r-2.4.1/src/ipaddr.c
Examining data/ip4r-2.4.1/src/ipr.h
Examining data/ip4r-2.4.1/src/ipr_internal.h
Examining data/ip4r-2.4.1/src/iprange.c
Examining data/ip4r-2.4.1/src/raw_io.c
FINAL RESULTS:
data/ip4r-2.4.1/src/ip4r.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IP4_STRING_MAX];
data/ip4r-2.4.1/src/ip4r.c:51:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, pos);
data/ip4r-2.4.1/src/ip4r.c:76:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, pos);
data/ip4r-2.4.1/src/ip4r.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[IP4_STRING_MAX];
data/ip4r-2.4.1/src/ip4r.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[IP4_STRING_MAX];
data/ip4r-2.4.1/src/ip4r.c:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IP4_STRING_MAX];
data/ip4r-2.4.1/src/ip4r.c:230:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, VARDATA_ANY(txt), tlen);
data/ip4r-2.4.1/src/ip4r.c:753:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IP4R_STRING_MAX];
data/ip4r-2.4.1/src/ip4r.c:759:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, VARDATA_ANY(txt), tlen);
data/ip4r-2.4.1/src/ip4r.c:880:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, VARBITBYTES(val));
data/ip4r-2.4.1/src/ip4r.c:904:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/ip4r-2.4.1/src/ip4r.c:920:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(VARBITS(res), buf, VARBITBYTES(res));
data/ip4r-2.4.1/src/ip6r.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IP6_STRING_MAX];
data/ip4r-2.4.1/src/ip6r.c:50:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, pos);
data/ip4r-2.4.1/src/ip6r.c:75:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, pos);
data/ip4r-2.4.1/src/ip6r.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[IP6_STRING_MAX];
data/ip4r-2.4.1/src/ip6r.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[IP6_STRING_MAX];
data/ip4r-2.4.1/src/ip6r.c:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IP6_STRING_MAX];
data/ip4r-2.4.1/src/ip6r.c:244:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, VARDATA_ANY(txt), tlen);
data/ip4r-2.4.1/src/ip6r.c:833:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IP6R_STRING_MAX];
data/ip4r-2.4.1/src/ip6r.c:839:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, VARDATA_ANY(txt), tlen);
data/ip4r-2.4.1/src/ip6r.c:955:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, VARBITBYTES(val));
data/ip4r-2.4.1/src/ip6r.c:978:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/ip4r-2.4.1/src/ip6r.c:991:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(VARBITS(res), buf, VARBITBYTES(res));
data/ip4r-2.4.1/src/ipaddr.c:170:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(VARDATA(ret), str, len);
data/ip4r-2.4.1/src/ipaddr.c:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IP6_STRING_MAX];
data/ip4r-2.4.1/src/ipaddr.c:361:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, VARDATA_ANY(txt), tlen);
data/ip4r-2.4.1/src/ipr.h:87:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out->ip4, VARDATA_ANY(in), sizeof(IP4));
data/ip4r-2.4.1/src/ipr.h:90:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out->ip6, VARDATA_ANY(in), sizeof(IP6));
data/ip4r-2.4.1/src/ipr.h:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(VARDATA(out), val, sz);
data/ip4r-2.4.1/src/iprange.c:83:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out->ip4r, ptr, sizeof(IP4R));
data/ip4r-2.4.1/src/iprange.c:89:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->ip6r.lower.bits, ptr, sizeof(uint64));
data/ip4r-2.4.1/src/iprange.c:99:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out->ip6r.lower, ptr, sizeof(IP6));
data/ip4r-2.4.1/src/iprange.c:106:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out->ip6r, ptr, sizeof(IP6R));
data/ip4r-2.4.1/src/iprange.c:126:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &val->ip4r, sizeof(IP4R));
data/ip4r-2.4.1/src/iprange.c:136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, val->ip6r.lower.bits, sizeof(uint64));
data/ip4r-2.4.1/src/iprange.c:142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &val->ip6r.lower, sizeof(IP6));
data/ip4r-2.4.1/src/iprange.c:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &val->ip6r, sizeof(IP6R));
data/ip4r-2.4.1/src/iprange.c:473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IP6R_STRING_MAX];
data/ip4r-2.4.1/src/iprange.c:477:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, VARDATA_ANY(txt), tlen);
data/ip4r-2.4.1/src/iprange.c:752:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/ip4r-2.4.1/src/iprange.c:790:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(VARBITS(res), buf, VARBITBYTES(res));
data/ip4r-2.4.1/src/raw_io.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255") + 2];
data/ip4r-2.4.1/src/iprange.c:207:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(out,"-");
ANALYSIS SUMMARY:
Hits = 44
Lines analyzed = 8395 in approximately 0.27 seconds (30776 lines/second)
Physical Source Lines of Code (SLOC) = 6556
Hits@level = [0] 28 [1] 1 [2] 43 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 72 [1+] 44 [2+] 43 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 10.9823 [1+] 6.71141 [2+] 6.55888 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.