Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ipband-0.8.1/error.c
Examining data/ipband-0.8.1/pcapfunc.c
Examining data/ipband-0.8.1/hash.h
Examining data/ipband-0.8.1/utils.c
Examining data/ipband-0.8.1/hash.c
Examining data/ipband-0.8.1/packets.c
Examining data/ipband-0.8.1/popen.c
Examining data/ipband-0.8.1/reports.c
Examining data/ipband-0.8.1/init.c
Examining data/ipband-0.8.1/ipband.h
Examining data/ipband-0.8.1/main.c

FINAL RESULTS:

data/ipband-0.8.1/error.c:69:2:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
	vsprintf(buf, fmt, ap);
data/ipband-0.8.1/error.c:71:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buf+strlen(buf), ": %s", strerror(errno_save));
data/ipband-0.8.1/init.c:391:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	if (6 != sscanf(str,"%d.%d.%d.%d%s%f",&p[0],&p[1],&p[2],&p[3], buf,&bwidth) ) {
data/ipband-0.8.1/init.c:505:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy  (arg_cpy, arg_in);
data/ipband-0.8.1/popen.c:67:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	   strcpy(argv[i], ptr);
data/ipband-0.8.1/popen.c:126:3:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execvp(argv[0], argv);  /* search in $PATH */
data/ipband-0.8.1/popen.c:128:3:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execv(argv[0], argv);
data/ipband-0.8.1/reports.c:312:18:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	   if( repfile) vfprintf(repfile,cp,va);
data/ipband-0.8.1/reports.c:318:19:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	   if( sendmail) vfprintf(sendmail,cp,va);
data/ipband-0.8.1/reports.c:360:4:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			vfprintf(htmlfile,cp,va);
data/ipband-0.8.1/init.c:78:27:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while(-1 != (optchar=getopt(argc,argv,"a:Ab:c:Cd:Ff:hJ:l:L:m:M:o:w:Pr:t:T:v")))
data/ipband-0.8.1/error.c:66:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[MAXLINE];
data/ipband-0.8.1/hash.c:203:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(t->data, data, ndata);	
data/ipband-0.8.1/hash.c:221:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(t->key, key, nkey);
data/ipband-0.8.1/hash.c:222:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(t->data, data, ndata);
data/ipband-0.8.1/hash.c:271:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		  memcpy(list+(*cp),&t,sizeof(hlist_t *));
data/ipband-0.8.1/init.c:85:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			cycle_m = atoi(optarg);
data/ipband-0.8.1/init.c:107:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			debug_m = atoi(optarg);
data/ipband-0.8.1/init.c:124:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			lenadj_m = atoi(optarg);
data/ipband-0.8.1/init.c:128:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			mask_m = atoi(optarg);
data/ipband-0.8.1/init.c:157:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			rcycle_m = atoi(optarg);
data/ipband-0.8.1/init.c:161:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			top_m = atoi(optarg);
data/ipband-0.8.1/init.c:207:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf1[20], buf2[20];
data/ipband-0.8.1/init.c:210:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf1,"%08x",iplist_m[2*i  ]);
data/ipband-0.8.1/init.c:211:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf2,"%08x",iplist_m[2*i+1]);
data/ipband-0.8.1/init.c:251:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[512];
data/ipband-0.8.1/init.c:255:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fin = fopen (filename, "r");
data/ipband-0.8.1/init.c:267:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		debug_m = atoi(val);
data/ipband-0.8.1/init.c:292:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		cycle_m = atoi(val);
data/ipband-0.8.1/init.c:301:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		rcycle_m = atoi(val);
data/ipband-0.8.1/init.c:322:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		mask_m = atoi(val);
data/ipband-0.8.1/init.c:325:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		top_m = atoi(val);
data/ipband-0.8.1/init.c:328:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		lenadj_m = atoi(val);
data/ipband-0.8.1/init.c:356:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[512];
data/ipband-0.8.1/init.c:358:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fin = fopen (filename, "r");
data/ipband-0.8.1/init.c:408:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *) key,"%08x",netip);
data/ipband-0.8.1/init.c:529:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			net = atoi(netstr);
data/ipband-0.8.1/main.c:132:3:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		open("/dev/null",O_RDWR);
data/ipband-0.8.1/packets.c:61:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *) key_src,"%08x",ip_src);
data/ipband-0.8.1/packets.c:62:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *) key_dst,"%08x",ip_dst);
data/ipband-0.8.1/packets.c:156:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	   memcpy (key+ 0, ip->srcip, 4);
data/ipband-0.8.1/packets.c:157:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	   memcpy (key+ 4, ip->dstip, 4);
data/ipband-0.8.1/packets.c:158:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	   memcpy (key+ 8, ip->srcpt, 2);
data/ipband-0.8.1/packets.c:159:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	   memcpy (key+10, ip->dstpt, 2);
data/ipband-0.8.1/packets.c:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	   memcpy (key+ 0, ip->dstip, 4);
data/ipband-0.8.1/packets.c:162:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	   memcpy (key+ 4, ip->srcip, 4);
data/ipband-0.8.1/packets.c:163:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	   memcpy (key+ 8, ip->dstpt, 2);
data/ipband-0.8.1/packets.c:164:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	   memcpy (key+10, ip->srcpt, 2);
data/ipband-0.8.1/packets.c:167:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	   memcpy (key+12, ip->prot,  1);
data/ipband-0.8.1/pcapfunc.c:28:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char   ebuf[PCAP_ERRBUF_SIZE];
data/ipband-0.8.1/reports.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    ip1[16], ip2[16], uprots[4];
data/ipband-0.8.1/reports.c:115:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (ip1, "%u.%u.%u.%u",
data/ipband-0.8.1/reports.c:117:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (ip2, "%u.%u.%u.%u",
data/ipband-0.8.1/reports.c:257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char 		buffer[512];
data/ipband-0.8.1/reports.c:270:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			   if ( (ffoot = fopen (mailfoot_m, "r")) ){
data/ipband-0.8.1/reports.c:286:41:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (strcmp("-",repfname_m)) repfile = fopen (repfname_m, "a");
data/ipband-0.8.1/reports.c:347:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				htmlfile = fopen (htmlfname_m, "w");
data/ipband-0.8.1/utils.c:56:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[20];
data/ipband-0.8.1/utils.c:65:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (buf, "%d.%d.%d.%d", p[3], p[2], p[1], p[0]);
data/ipband-0.8.1/error.c:71:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sprintf(buf+strlen(buf), ": %s", strerror(errno_save));
data/ipband-0.8.1/error.c:72:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(buf, "\n");
data/ipband-0.8.1/init.c:316:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if( *mtastring_m == '\"' && mtastring_m[strlen(mtastring_m)-1] == '\"' ){
data/ipband-0.8.1/init.c:318:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		mtastring_m[strlen(mtastring_m)-1] = '\0';	
data/ipband-0.8.1/init.c:387:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char   		*buf   = (char *) malloc(strlen(str)+1);
data/ipband-0.8.1/init.c:478:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *arg_cpy = (char *) malloc (strlen(arg_in)+1);
data/ipband-0.8.1/init.c:479:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *ipstr   = (char *) malloc (strlen(arg_in)+1);
data/ipband-0.8.1/init.c:480:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *netstr  = (char *) malloc (strlen(arg_in)+1);
data/ipband-0.8.1/init.c:592:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(strlen(mailto_m) == 0 || strlen(mtastring_m) == 0) ) {
data/ipband-0.8.1/init.c:592:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(strlen(mailto_m) == 0 || strlen(mtastring_m) == 0) ) {
data/ipband-0.8.1/popen.c:62:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	   if((*(argv+i) = (char*)malloc((strlen(ptr)+1) * sizeof(char))) == NULL) {
data/ipband-0.8.1/reports.c:79:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  lastch = strlen(exc_str) - 1;
data/ipband-0.8.1/reports.c:127:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strlen(srvcs)) srvcs = get_service(pt2,prot);
data/ipband-0.8.1/reports.c:132:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strlen(srvcs)) srvcs = get_service(pt2,prot);
data/ipband-0.8.1/utils.c:92:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	str = str + strlen(str) - 1;
data/ipband-0.8.1/utils.c:123:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	while (equal && *a) {
data/ipband-0.8.1/utils.c:130:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (equal) return 0;

ANALYSIS SUMMARY:

Hits = 76
Lines analyzed = 2908 in approximately 0.15 seconds (20023 lines/second)
Physical Source Lines of Code (SLOC) = 1718
Hits@level = [0] 112 [1]  17 [2]  48 [3]   1 [4]  10 [5]   0
Hits@level+ = [0+] 188 [1+]  76 [2+]  59 [3+]  11 [4+]  10 [5+]   0
Hits/KSLOC@level+ = [0+] 109.43 [1+] 44.2375 [2+] 34.3423 [3+] 6.40279 [4+] 5.82072 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.