Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/iprange-1.0.4+ds/iprange.c Examining data/iprange-1.0.4+ds/iprange.h Examining data/iprange-1.0.4+ds/ipset.c Examining data/iprange-1.0.4+ds/ipset.h Examining data/iprange-1.0.4+ds/ipset_binary.c Examining data/iprange-1.0.4+ds/ipset_binary.h Examining data/iprange-1.0.4+ds/ipset_combine.c Examining data/iprange-1.0.4+ds/ipset_combine.h Examining data/iprange-1.0.4+ds/ipset_common.c Examining data/iprange-1.0.4+ds/ipset_common.h Examining data/iprange-1.0.4+ds/ipset_copy.c Examining data/iprange-1.0.4+ds/ipset_copy.h Examining data/iprange-1.0.4+ds/ipset_diff.c Examining data/iprange-1.0.4+ds/ipset_diff.h Examining data/iprange-1.0.4+ds/ipset_exclude.c Examining data/iprange-1.0.4+ds/ipset_exclude.h Examining data/iprange-1.0.4+ds/ipset_load.c Examining data/iprange-1.0.4+ds/ipset_load.h Examining data/iprange-1.0.4+ds/ipset_merge.c Examining data/iprange-1.0.4+ds/ipset_merge.h Examining data/iprange-1.0.4+ds/ipset_optimize.c Examining data/iprange-1.0.4+ds/ipset_optimize.h Examining data/iprange-1.0.4+ds/ipset_print.c Examining data/iprange-1.0.4+ds/ipset_print.h Examining data/iprange-1.0.4+ds/ipset_reduce.c Examining data/iprange-1.0.4+ds/ipset_reduce.h FINAL RESULTS: data/iprange-1.0.4+ds/ipset_binary.c:125:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, BINARY_HEADER_V10); data/iprange-1.0.4+ds/ipset_load.c:520:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(d->hostname, hostname); data/iprange-1.0.4+ds/iprange.c:359:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int j, min_prefix = atoi(argv[++i]); data/iprange-1.0.4+ds/iprange.c:395:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_prefix = atoi(argv[++i]); data/iprange-1.0.4+ds/iprange.c:526:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dns_threads_max = atoi(argv[++i]); data/iprange-1.0.4+ds/iprange.c:582:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(root->filename, "combined ipset"); data/iprange-1.0.4+ds/iprange.c:628:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if(root->next) strcpy(root->filename, "ipset A"); data/iprange-1.0.4+ds/iprange.c:632:26: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if(second->next) strcpy(root->filename, "ipset B"); data/iprange-1.0.4+ds/iprange.h:111:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). prefix = atoi(prefixstr); data/iprange-1.0.4+ds/ipset.h:9:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX+1]; data/iprange-1.0.4+ds/ipset.h:90:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP2STR_MAX_LEN + 1]; data/iprange-1.0.4+ds/ipset_binary.c:11:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_LINE + 1], *s; data/iprange-1.0.4+ds/ipset_binary.c:40:8: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atol(&s[12]) != sizeof(network_addr_t)) { data/iprange-1.0.4+ds/ipset_binary.c:41:98: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fprintf(stderr, "%s: %s: invalid record size %ld (expected %lu)\n", PROG, ips->filename, atol(&s[12]), (unsigned long)sizeof(network_addr_t)); data/iprange-1.0.4+ds/ipset_combine.c:19:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ips->netaddrs[0], &ips1->netaddrs[0], ips1->entries * sizeof(network_addr_t)); data/iprange-1.0.4+ds/ipset_combine.c:20:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ips->netaddrs[ips1->entries], &ips2->netaddrs[0], ips2->entries * sizeof(network_addr_t)); data/iprange-1.0.4+ds/ipset_copy.c:19:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ips->netaddrs[0], &ips1->netaddrs[0], ips1->entries * sizeof(network_addr_t)); data/iprange-1.0.4+ds/ipset_load.c:404:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[MAX_INPUT_ELEMENT + 1] = ""; data/iprange-1.0.4+ds/ipset_load.c:428:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP2STR_MAX_LEN + 1]; data/iprange-1.0.4+ds/ipset_load.c:592:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAX_LINE + 1], ipstr[MAX_INPUT_ELEMENT + 1], ipstr2[MAX_INPUT_ELEMENT + 1]; data/iprange-1.0.4+ds/ipset_load.c:598:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/iprange-1.0.4+ds/ipset_merge.c:18:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&to->netaddrs[to->entries], &add->netaddrs[0], add->entries * sizeof(network_addr_t)); data/iprange-1.0.4+ds/ipset_print.c:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP2STR_MAX_LEN + 1]; data/iprange-1.0.4+ds/ipset_print.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP2STR_MAX_LEN + 1]; data/iprange-1.0.4+ds/ipset_print.c:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP2STR_MAX_LEN + 1]; data/iprange-1.0.4+ds/ipset_print.c:82:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP2STR_MAX_LEN + 1]; data/iprange-1.0.4+ds/ipset_print.c:160:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP2STR_MAX_LEN + 1]; data/iprange-1.0.4+ds/ipset_print.c:168:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP2STR_MAX_LEN + 1]; data/iprange-1.0.4+ds/iprange.c:347:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(root->filename, argv[++i], FILENAME_MAX); data/iprange-1.0.4+ds/iprange.c:353:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(second->filename, argv[++i], FILENAME_MAX); data/iprange-1.0.4+ds/ipset.c:32:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ips->filename, (filename && *filename)?filename:"stdin", FILENAME_MAX); data/iprange-1.0.4+ds/ipset_load.c:517:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d = malloc(sizeof(DNSREQ) + strlen(hostname) + 1); ANALYSIS SUMMARY: Hits = 32 Lines analyzed = 3044 in approximately 0.17 seconds (17894 lines/second) Physical Source Lines of Code (SLOC) = 2050 Hits@level = [0] 143 [1] 4 [2] 26 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 175 [1+] 32 [2+] 28 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 85.3659 [1+] 15.6098 [2+] 13.6585 [3+] 0.97561 [4+] 0.97561 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.