Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/iptraf-ng-1.2.1/src/addproto.h
Examining data/iptraf-ng-1.2.1/src/arphdr.h
Examining data/iptraf-ng-1.2.1/src/attrs.h
Examining data/iptraf-ng-1.2.1/src/built-in.h
Examining data/iptraf-ng-1.2.1/src/capt-mmap-v2.c
Examining data/iptraf-ng-1.2.1/src/capt-mmap-v2.h
Examining data/iptraf-ng-1.2.1/src/capt-mmap-v3.c
Examining data/iptraf-ng-1.2.1/src/capt-mmap-v3.h
Examining data/iptraf-ng-1.2.1/src/capt-recvmmsg.c
Examining data/iptraf-ng-1.2.1/src/capt-recvmmsg.h
Examining data/iptraf-ng-1.2.1/src/capt-recvmsg.c
Examining data/iptraf-ng-1.2.1/src/capt-recvmsg.h
Examining data/iptraf-ng-1.2.1/src/capt.c
Examining data/iptraf-ng-1.2.1/src/capt.h
Examining data/iptraf-ng-1.2.1/src/capture-pkt.c
Examining data/iptraf-ng-1.2.1/src/cidr.c
Examining data/iptraf-ng-1.2.1/src/cidr.h
Examining data/iptraf-ng-1.2.1/src/counters.c
Examining data/iptraf-ng-1.2.1/src/counters.h
Examining data/iptraf-ng-1.2.1/src/deskman.c
Examining data/iptraf-ng-1.2.1/src/deskman.h
Examining data/iptraf-ng-1.2.1/src/detstats.c
Examining data/iptraf-ng-1.2.1/src/detstats.h
Examining data/iptraf-ng-1.2.1/src/dirs.h
Examining data/iptraf-ng-1.2.1/src/error.c
Examining data/iptraf-ng-1.2.1/src/error.h
Examining data/iptraf-ng-1.2.1/src/fltdefs.h
Examining data/iptraf-ng-1.2.1/src/fltedit.c
Examining data/iptraf-ng-1.2.1/src/fltedit.h
Examining data/iptraf-ng-1.2.1/src/fltmgr.c
Examining data/iptraf-ng-1.2.1/src/fltmgr.h
Examining data/iptraf-ng-1.2.1/src/fltselect.c
Examining data/iptraf-ng-1.2.1/src/fltselect.h
Examining data/iptraf-ng-1.2.1/src/getpath.c
Examining data/iptraf-ng-1.2.1/src/getpath.h
Examining data/iptraf-ng-1.2.1/src/hostmon.c
Examining data/iptraf-ng-1.2.1/src/hostmon.h
Examining data/iptraf-ng-1.2.1/src/ifaces.c
Examining data/iptraf-ng-1.2.1/src/ifaces.h
Examining data/iptraf-ng-1.2.1/src/ifstats.c
Examining data/iptraf-ng-1.2.1/src/ifstats.h
Examining data/iptraf-ng-1.2.1/src/ipfilter.c
Examining data/iptraf-ng-1.2.1/src/ipfilter.h
Examining data/iptraf-ng-1.2.1/src/ipfrag.c
Examining data/iptraf-ng-1.2.1/src/ipfrag.h
Examining data/iptraf-ng-1.2.1/src/iptraf-ng-compat.h
Examining data/iptraf-ng-1.2.1/src/iptraf.c
Examining data/iptraf-ng-1.2.1/src/itrafmon.c
Examining data/iptraf-ng-1.2.1/src/itrafmon.h
Examining data/iptraf-ng-1.2.1/src/landesc.c
Examining data/iptraf-ng-1.2.1/src/landesc.h
Examining data/iptraf-ng-1.2.1/src/list.h
Examining data/iptraf-ng-1.2.1/src/log.c
Examining data/iptraf-ng-1.2.1/src/log.h
Examining data/iptraf-ng-1.2.1/src/logvars.h
Examining data/iptraf-ng-1.2.1/src/options.c
Examining data/iptraf-ng-1.2.1/src/options.h
Examining data/iptraf-ng-1.2.1/src/othptab.c
Examining data/iptraf-ng-1.2.1/src/othptab.h
Examining data/iptraf-ng-1.2.1/src/packet.c
Examining data/iptraf-ng-1.2.1/src/packet.h
Examining data/iptraf-ng-1.2.1/src/parse-options.c
Examining data/iptraf-ng-1.2.1/src/parse-options.h
Examining data/iptraf-ng-1.2.1/src/parseproto.c
Examining data/iptraf-ng-1.2.1/src/parseproto.h
Examining data/iptraf-ng-1.2.1/src/pktsize.c
Examining data/iptraf-ng-1.2.1/src/pktsize.h
Examining data/iptraf-ng-1.2.1/src/promisc.c
Examining data/iptraf-ng-1.2.1/src/promisc.h
Examining data/iptraf-ng-1.2.1/src/rate.c
Examining data/iptraf-ng-1.2.1/src/rate.h
Examining data/iptraf-ng-1.2.1/src/revname.c
Examining data/iptraf-ng-1.2.1/src/revname.h
Examining data/iptraf-ng-1.2.1/src/rvnamed.c
Examining data/iptraf-ng-1.2.1/src/rvnamed.h
Examining data/iptraf-ng-1.2.1/src/serv.c
Examining data/iptraf-ng-1.2.1/src/serv.h
Examining data/iptraf-ng-1.2.1/src/servname.c
Examining data/iptraf-ng-1.2.1/src/servname.h
Examining data/iptraf-ng-1.2.1/src/sockaddr.c
Examining data/iptraf-ng-1.2.1/src/sockaddr.h
Examining data/iptraf-ng-1.2.1/src/tcptable.c
Examining data/iptraf-ng-1.2.1/src/tcptable.h
Examining data/iptraf-ng-1.2.1/src/timer.c
Examining data/iptraf-ng-1.2.1/src/timer.h
Examining data/iptraf-ng-1.2.1/src/tui/input.c
Examining data/iptraf-ng-1.2.1/src/tui/input.h
Examining data/iptraf-ng-1.2.1/src/tui/labels.c
Examining data/iptraf-ng-1.2.1/src/tui/labels.h
Examining data/iptraf-ng-1.2.1/src/tui/listbox.c
Examining data/iptraf-ng-1.2.1/src/tui/listbox.h
Examining data/iptraf-ng-1.2.1/src/tui/menurt.c
Examining data/iptraf-ng-1.2.1/src/tui/menurt.h
Examining data/iptraf-ng-1.2.1/src/tui/msgboxes.c
Examining data/iptraf-ng-1.2.1/src/tui/msgboxes.h
Examining data/iptraf-ng-1.2.1/src/tui/winops.c
Examining data/iptraf-ng-1.2.1/src/tui/winops.h
Examining data/iptraf-ng-1.2.1/src/usage.c
Examining data/iptraf-ng-1.2.1/src/wrapper.c
FINAL RESULTS:
data/iptraf-ng-1.2.1/src/iptraf.c:328:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(dir, 0, 0) == -1)
data/iptraf-ng-1.2.1/src/detstats.c:78:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(target_logname, current_logfile);
data/iptraf-ng-1.2.1/src/fltedit.c:524:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ffile.filename, fntemp);
data/iptraf-ng-1.2.1/src/fltmgr.c:334:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(description, descfield.list->buf);
data/iptraf-ng-1.2.1/src/hostmon.c:91:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(target_logname, current_logfile);
data/iptraf-ng-1.2.1/src/hostmon.c:266:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptemp->un.desc.desc, desc->hd_desc);
data/iptraf-ng-1.2.1/src/ifaces.c:70:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, iface);
data/iptraf-ng-1.2.1/src/ifaces.c:93:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, iface);
data/iptraf-ng-1.2.1/src/ifaces.c:117:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, iface);
data/iptraf-ng-1.2.1/src/ifaces.c:141:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, iface);
data/iptraf-ng-1.2.1/src/ifaces.c:165:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, iface);
data/iptraf-ng-1.2.1/src/ifaces.c:193:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, iface);
data/iptraf-ng-1.2.1/src/ifaces.c:259:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifname);
data/iptraf-ng-1.2.1/src/ifstats.c:75:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(target_logname, GSTATLOG);
data/iptraf-ng-1.2.1/src/ifstats.c:197:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(itmp->ifname, ifname);
data/iptraf-ng-1.2.1/src/ifstats.c:544:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_logfile, GSTATLOG);
data/iptraf-ng-1.2.1/src/ifstats.c:719:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifname, ptmp->ifname);
data/iptraf-ng-1.2.1/src/ipfilter.c:168:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->s_fqdn, WILDCARD);
data/iptraf-ng-1.2.1/src/ipfilter.c:170:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->s_fqdn, fieldptr->buf);
data/iptraf-ng-1.2.1/src/ipfilter.c:182:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->s_mask, WILDCARD);
data/iptraf-ng-1.2.1/src/ipfilter.c:189:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->s_mask, fieldptr->buf);
data/iptraf-ng-1.2.1/src/ipfilter.c:205:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->d_fqdn, WILDCARD);
data/iptraf-ng-1.2.1/src/ipfilter.c:207:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->d_fqdn, fieldptr->buf);
data/iptraf-ng-1.2.1/src/ipfilter.c:220:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->d_mask, WILDCARD);
data/iptraf-ng-1.2.1/src/ipfilter.c:227:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->d_mask, fieldptr->buf);
data/iptraf-ng-1.2.1/src/iptraf-ng-compat.h:70:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/iptraf-ng-1.2.1/src/iptraf-ng-compat.h:78:46: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define __printf(x, y) __attribute__((format(printf, (x), (y))))
data/iptraf-ng-1.2.1/src/iptraf.c:324:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(dir, F_OK) != 0) {
data/iptraf-ng-1.2.1/src/itrafmon.c:41:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(target_logname, current_logfile);
data/iptraf-ng-1.2.1/src/landesc.c:39:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mac_hex, "%s%s%s%s%s%s", a, b, c, d, e, f);
data/iptraf-ng-1.2.1/src/log.c:124:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fd, msg, vararg);
data/iptraf-ng-1.2.1/src/othptab.c:42:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msgbuffer, protname);
data/iptraf-ng-1.2.1/src/othptab.c:44:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgbuffer, entry->iface);
data/iptraf-ng-1.2.1/src/othptab.c:46:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgbuffer, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:49:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, " source MAC address %s;",
data/iptraf-ng-1.2.1/src/othptab.c:51:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgbuffer, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:58:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, " from %s:%s to %s:%s",
data/iptraf-ng-1.2.1/src/othptab.c:62:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, " from %s to %s",
data/iptraf-ng-1.2.1/src/othptab.c:65:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, " from %s to %s ", entry->smacaddr,
data/iptraf-ng-1.2.1/src/othptab.c:68:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgbuffer, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:71:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, "; %s", description);
data/iptraf-ng-1.2.1/src/othptab.c:72:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgbuffer, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:76:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, " (%s)", additional);
data/iptraf-ng-1.2.1/src/othptab.c:77:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgbuffer, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:274:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_entry->iface, ifname);
data/iptraf-ng-1.2.1/src/othptab.c:409:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:428:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, "%s", rarp_mac_addr);
data/iptraf-ng-1.2.1/src/othptab.c:429:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:438:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgstring, "Non-IP (%s)", packet_type);
data/iptraf-ng-1.2.1/src/othptab.c:443:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(protname, msgstring);
data/iptraf-ng-1.2.1/src/othptab.c:445:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:449:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, " from %s to %s on %s",
data/iptraf-ng-1.2.1/src/othptab.c:452:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:503:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(protname, "%s", protptr->p_aliases[0]);
data/iptraf-ng-1.2.1/src/othptab.c:707:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(additional, "a=%lu r=%s", entry->un.ospf.area,
data/iptraf-ng-1.2.1/src/othptab.c:713:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msgstring, protname);
data/iptraf-ng-1.2.1/src/othptab.c:717:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, description);
data/iptraf-ng-1.2.1/src/othptab.c:721:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, "(%s) ", additional);
data/iptraf-ng-1.2.1/src/othptab.c:722:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:726:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:729:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:732:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratchpad, "from %.40s:%s to %.40s:%s", entry->s_fqdn,
data/iptraf-ng-1.2.1/src/othptab.c:740:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:745:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, scratchpad);
data/iptraf-ng-1.2.1/src/othptab.c:748:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgstring, entry->iface);
data/iptraf-ng-1.2.1/src/pktsize.c:49:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(target_logname, current_logfile);
data/iptraf-ng-1.2.1/src/promisc.c:73:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->ifname, dev);
data/iptraf-ng-1.2.1/src/rvnamed.c:92:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ccsa.sun_path, CHILDSOCKNAME);
data/iptraf-ng-1.2.1/src/rvnamed.c:138:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(atime, ctime(&now));
data/iptraf-ng-1.2.1/src/rvnamed.c:191:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(csa.sun_path, CHILDSOCKNAME);
data/iptraf-ng-1.2.1/src/serv.c:84:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(target_logname, current_logfile);
data/iptraf-ng-1.2.1/src/tcptable.c:246:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry->oth_connection->d_fqdn, entry->s_fqdn);
data/iptraf-ng-1.2.1/src/tcptable.c:252:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry->oth_connection->s_fqdn, entry->d_fqdn);
data/iptraf-ng-1.2.1/src/tcptable.c:368:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_entry->ifname, ifname);
data/iptraf-ng-1.2.1/src/tcptable.c:369:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_entry->oth_connection->ifname, ifname);
data/iptraf-ng-1.2.1/src/tcptable.c:388:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_entry->oth_connection->s_sname, new_entry->d_sname);
data/iptraf-ng-1.2.1/src/tcptable.c:389:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_entry->oth_connection->d_sname, new_entry->s_sname);
data/iptraf-ng-1.2.1/src/tcptable.c:391:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_entry->oth_connection->d_fqdn, new_entry->s_fqdn);
data/iptraf-ng-1.2.1/src/tcptable.c:392:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_entry->oth_connection->s_fqdn, new_entry->d_fqdn);
data/iptraf-ng-1.2.1/src/tcptable.c:599:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tableentry->smacaddr, newmacaddr);
data/iptraf-ng-1.2.1/src/tcptable.c:602:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tableentry->smacaddr, newmacaddr);
data/iptraf-ng-1.2.1/src/tcptable.c:699:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgstring,
data/iptraf-ng-1.2.1/src/tcptable.c:844:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stat, (tableentry->stat & FLAG_SYN) ? "S" : "-");
data/iptraf-ng-1.2.1/src/tcptable.c:845:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stat, (tableentry->stat & FLAG_PSH) ? "P" : "-");
data/iptraf-ng-1.2.1/src/tcptable.c:846:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stat, (tableentry->stat & FLAG_ACK) ? "A" : "-");
data/iptraf-ng-1.2.1/src/tcptable.c:847:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stat, (tableentry->stat & FLAG_URG) ? "U" : "-");
data/iptraf-ng-1.2.1/src/tcptable.c:1122:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf,
data/iptraf-ng-1.2.1/src/tui/menurt.c:63:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tnode->option, item);
data/iptraf-ng-1.2.1/src/tui/menurt.c:64:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tnode->desc, desc);
data/iptraf-ng-1.2.1/src/tui/menurt.c:67:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_option, item);
data/iptraf-ng-1.2.1/src/tui/menurt.c:69:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thekey, strtok(NULL, "^"));
data/iptraf-ng-1.2.1/src/tui/menurt.c:71:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(menu->shortcuts, thekey);
data/iptraf-ng-1.2.1/src/tui/menurt.c:112:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curoption, itemptr->option);
data/iptraf-ng-1.2.1/src/usage.c:10:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), err, params);
data/iptraf-ng-1.2.1/src/getpath.c:32:39: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dirtype != T_LOCKDIR) && (ptr = getenv(env)) != NULL)
data/iptraf-ng-1.2.1/src/iptraf.c:429:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((getenv("TERM") == NULL) && (!daemonized))
data/iptraf-ng-1.2.1/src/parse-options.c:137:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, shortopts, longopts, NULL);
data/iptraf-ng-1.2.1/src/arphdr.h:18:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
data/iptraf-ng-1.2.1/src/arphdr.h:19:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ar_sip[4]; /* sender IP address */
data/iptraf-ng-1.2.1/src/arphdr.h:20:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
data/iptraf-ng-1.2.1/src/arphdr.h:21:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ar_tip[4]; /* target IP address */
data/iptraf-ng-1.2.1/src/capture-pkt.c:43:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(ofilename, "wb");
data/iptraf-ng-1.2.1/src/detstats.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[TIME_TARGET_MAX];
data/iptraf-ng-1.2.1/src/detstats.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bps_string[64];
data/iptraf-ng-1.2.1/src/detstats.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pps_string[64];
data/iptraf-ng-1.2.1/src/detstats.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iptraf-ng-1.2.1/src/fltdefs.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_fqdn[45];
data/iptraf-ng-1.2.1/src/fltdefs.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_fqdn[45];
data/iptraf-ng-1.2.1/src/fltdefs.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_mask[20];
data/iptraf-ng-1.2.1/src/fltdefs.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_mask[20];
data/iptraf-ng-1.2.1/src/fltdefs.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protolist[70];
data/iptraf-ng-1.2.1/src/fltedit.c:46:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pfd = open(filename, O_RDONLY);
data/iptraf-ng-1.2.1/src/fltedit.c:100:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pfd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR);
data/iptraf-ng-1.2.1/src/fltedit.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_portstr1[8];
data/iptraf-ng-1.2.1/src/fltedit.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_portstr1[8];
data/iptraf-ng-1.2.1/src/fltedit.c:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_portstr2[8];
data/iptraf-ng-1.2.1/src/fltedit.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_portstr2[8];
data/iptraf-ng-1.2.1/src/fltedit.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inexstr[2];
data/iptraf-ng-1.2.1/src/fltedit.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matchop[2];
data/iptraf-ng-1.2.1/src/fltedit.c:428:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_portstr1, "%u", fe->hp.sport1);
data/iptraf-ng-1.2.1/src/fltedit.c:429:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s_portstr2, "%u", fe->hp.sport2);
data/iptraf-ng-1.2.1/src/fltedit.c:430:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(d_portstr1, "%u", fe->hp.dport1);
data/iptraf-ng-1.2.1/src/fltedit.c:431:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(d_portstr2, "%u", fe->hp.dport2);
data/iptraf-ng-1.2.1/src/fltedit.c:493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fntemp[14];
data/iptraf-ng-1.2.1/src/fltedit.c:507:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(get_path(T_WORKDIR, fntemp), O_CREAT | O_WRONLY | O_TRUNC,
data/iptraf-ng-1.2.1/src/fltedit.c:518:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(OTHIPFLNAME, O_CREAT | O_WRONLY | O_APPEND, S_IRUSR | S_IWUSR);
data/iptraf-ng-1.2.1/src/fltedit.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FLT_FILENAME_MAX];
data/iptraf-ng-1.2.1/src/fltmgr.c:49:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m, "%lu", n);
data/iptraf-ng-1.2.1/src/fltmgr.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsg[45];
data/iptraf-ng-1.2.1/src/fltmgr.c:75:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((he->h_addr_list)[0], &result, he->h_length);
data/iptraf-ng-1.2.1/src/fltmgr.c:100:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pfd = open(OTHIPFLNAME, O_RDONLY);
data/iptraf-ng-1.2.1/src/fltmgr.c:199:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(OTHIPFLNAME, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
data/iptraf-ng-1.2.1/src/fltmgr.c:265:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filterfile[160];
data/iptraf-ng-1.2.1/src/fltmgr.h:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[35];
data/iptraf-ng-1.2.1/src/fltmgr.h:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[40];
data/iptraf-ng-1.2.1/src/fltselect.c:169:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pfd = open(FLTSTATEFILE, O_RDONLY); /* open filter state file */
data/iptraf-ng-1.2.1/src/fltselect.c:195:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(FLTSTATEFILE, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR);
data/iptraf-ng-1.2.1/src/fltselect.h:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FLT_FILENAME_MAX];
data/iptraf-ng-1.2.1/src/getpath.c:12:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[PATH_MAX];
data/iptraf-ng-1.2.1/src/hostmon.c:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eth_addr[ETH_ALEN];
data/iptraf-ng-1.2.1/src/hostmon.c:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascaddr[18];
data/iptraf-ng-1.2.1/src/hostmon.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[65];
data/iptraf-ng-1.2.1/src/hostmon.c:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/iptraf-ng-1.2.1/src/hostmon.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[TIME_TARGET_MAX];
data/iptraf-ng-1.2.1/src/hostmon.c:129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_in[32];
data/iptraf-ng-1.2.1/src/hostmon.c:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_out[32];
data/iptraf-ng-1.2.1/src/hostmon.c:235:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "%02x:%02x:%02x:%02x:%02x:%02x",
data/iptraf-ng-1.2.1/src/hostmon.c:256:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ptemp->un.desc.eth_addr), addr, ETH_ALEN);
data/iptraf-ng-1.2.1/src/hostmon.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/iptraf-ng-1.2.1/src/hostmon.c:810:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch_saddr[ETH_ALEN];
data/iptraf-ng-1.2.1/src/hostmon.c:811:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch_daddr[ETH_ALEN];
data/iptraf-ng-1.2.1/src/hostmon.c:819:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratch_saddr, pkt->ethhdr->h_source, ETH_ALEN);
data/iptraf-ng-1.2.1/src/hostmon.c:820:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratch_daddr, pkt->ethhdr->h_dest, ETH_ALEN);
data/iptraf-ng-1.2.1/src/hostmon.c:824:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratch_saddr, pkt->fddihdr->saddr, FDDI_K_ALEN);
data/iptraf-ng-1.2.1/src/hostmon.c:825:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratch_daddr, pkt->fddihdr->daddr, FDDI_K_ALEN);
data/iptraf-ng-1.2.1/src/ifaces.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[161];
data/iptraf-ng-1.2.1/src/ifaces.c:25:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen("/proc/net/dev", "r");
data/iptraf-ng-1.2.1/src/ifaces.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[161];
data/iptraf-ng-1.2.1/src/ifstats.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/iptraf-ng-1.2.1/src/ifstats.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[TIME_TARGET_MAX];
data/iptraf-ng-1.2.1/src/ifstats.c:96:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iptraf-ng-1.2.1/src/ifstats.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/iptraf-ng-1.2.1/src/ifstats.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iptraf-ng-1.2.1/src/ifstats.c:603:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iptraf-ng-1.2.1/src/ipfilter.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgstr[60];
data/iptraf-ng-1.2.1/src/iptraf.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_name[PATH_MAX];
data/iptraf-ng-1.2.1/src/iptraf.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/iptraf-ng-1.2.1/src/iptraf.c:299:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(IPTRAF_PIDFILE, O_WRONLY|O_CREAT, 0644);
data/iptraf-ng-1.2.1/src/iptraf.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(long) * 3 + 2];
data/iptraf-ng-1.2.1/src/iptraf.c:314:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(buf, "%lu\n", (long) getpid());
data/iptraf-ng-1.2.1/src/itrafmon.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/iptraf-ng-1.2.1/src/itrafmon.c:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifnamebuf[IFNAMSIZ];
data/iptraf-ng-1.2.1/src/itrafmon.c:720:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgstring[80];
data/iptraf-ng-1.2.1/src/itrafmon.c:721:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msgstring, "first packet");
data/iptraf-ng-1.2.1/src/itrafmon.c:723:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgstring, " (SYN)");
data/iptraf-ng-1.2.1/src/landesc.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[3], b[3], c[3], d[3], e[3], f[3];
data/iptraf-ng-1.2.1/src/landesc.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_hex[13];
data/iptraf-ng-1.2.1/src/landesc.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac[18] = { 0 };
data/iptraf-ng-1.2.1/src/landesc.c:94:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->hd_mac, mac, sizeof(mac));
data/iptraf-ng-1.2.1/src/landesc.c:141:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/iptraf-ng-1.2.1/src/landesc.c:148:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/etc/ethers", "r");
data/iptraf-ng-1.2.1/src/landesc.c:162:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(ETHFILE, "w");
data/iptraf-ng-1.2.1/src/landesc.c:164:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(FDDIFILE, "w");
data/iptraf-ng-1.2.1/src/landesc.c:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descline[80];
data/iptraf-ng-1.2.1/src/landesc.h:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hd_mac[18];
data/iptraf-ng-1.2.1/src/log.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_logname[TARGET_LOGNAME_MAX];
data/iptraf-ng-1.2.1/src/log.c:25:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_logfile[TARGET_LOGNAME_MAX];
data/iptraf-ng-1.2.1/src/log.c:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[80];
data/iptraf-ng-1.2.1/src/log.c:88:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd = fopen(logfilename, "a");
data/iptraf-ng-1.2.1/src/log.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[TIME_TARGET_MAX];
data/iptraf-ng-1.2.1/src/log.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[TIME_TARGET_MAX];
data/iptraf-ng-1.2.1/src/log.c:122:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(DAEMONLOG, "a");
data/iptraf-ng-1.2.1/src/log.c:132:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd = fopen(name, "a");
data/iptraf-ng-1.2.1/src/logvars.h:5:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char target_logname[160];
data/iptraf-ng-1.2.1/src/logvars.h:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char current_logfile[160];
data/iptraf-ng-1.2.1/src/options.c:133:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(CONFIGFILE, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR);
data/iptraf-ng-1.2.1/src/options.c:169:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(CONFIGFILE, O_RDONLY);
data/iptraf-ng-1.2.1/src/othptab.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuffer[MSGSTRING_MAX];
data/iptraf-ng-1.2.1/src/othptab.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratchpad[MSGSTRING_MAX];
data/iptraf-ng-1.2.1/src/othptab.c:43:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgbuffer, "; ");
data/iptraf-ng-1.2.1/src/othptab.c:45:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scratchpad, "; %u bytes;", entry->pkt_length);
data/iptraf-ng-1.2.1/src/othptab.c:259:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_entry->un.arp.src_ip_address.s_addr,
data/iptraf-ng-1.2.1/src/othptab.c:261:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_entry->un.arp.dest_ip_address.s_addr,
data/iptraf-ng-1.2.1/src/othptab.c:266:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(new_entry->un.rarp.src_mac_address),
data/iptraf-ng-1.2.1/src/othptab.c:268:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(new_entry->un.rarp.dest_mac_address),
data/iptraf-ng-1.2.1/src/othptab.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protname[SHORTSTRING_MAX];
data/iptraf-ng-1.2.1/src/othptab.c:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[SHORTSTRING_MAX];
data/iptraf-ng-1.2.1/src/othptab.c:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char additional[MSGSTRING_MAX];
data/iptraf-ng-1.2.1/src/othptab.c:362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgstring[MSGSTRING_MAX];
data/iptraf-ng-1.2.1/src/othptab.c:363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratchpad[2 * MSGSTRING_MAX];
data/iptraf-ng-1.2.1/src/othptab.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rarp_mac_addr[18];
data/iptraf-ng-1.2.1/src/othptab.c:396:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgstring, "ARP ");
data/iptraf-ng-1.2.1/src/othptab.c:399:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgstring, "request for ");
data/iptraf-ng-1.2.1/src/othptab.c:403:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgstring, "reply from ");
data/iptraf-ng-1.2.1/src/othptab.c:413:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgstring, "RARP ");
data/iptraf-ng-1.2.1/src/othptab.c:417:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgstring, "request for ");
data/iptraf-ng-1.2.1/src/othptab.c:422:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgstring, "reply from ");
data/iptraf-ng-1.2.1/src/othptab.c:435:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgstring, "Non-IP (0x%x)",
data/iptraf-ng-1.2.1/src/othptab.c:444:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scratchpad, " (%u bytes)", entry->pkt_length);
data/iptraf-ng-1.2.1/src/othptab.c:465:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(protname, "UDP");
data/iptraf-ng-1.2.1/src/othptab.c:469:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(protname, "ICMP");
data/iptraf-ng-1.2.1/src/othptab.c:473:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(protname, "OSPF");
data/iptraf-ng-1.2.1/src/othptab.c:477:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(protname, "IGP");
data/iptraf-ng-1.2.1/src/othptab.c:481:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(protname, "IGMP");
data/iptraf-ng-1.2.1/src/othptab.c:485:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(protname, "IGRP");
data/iptraf-ng-1.2.1/src/othptab.c:489:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(protname, "GRE");
data/iptraf-ng-1.2.1/src/othptab.c:493:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(protname, "ICMPv6");
data/iptraf-ng-1.2.1/src/othptab.c:497:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(protname, "IPv6 tun");
data/iptraf-ng-1.2.1/src/othptab.c:505:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(protname, "IP protocol");
data/iptraf-ng-1.2.1/src/othptab.c:514:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "echo rply");
data/iptraf-ng-1.2.1/src/othptab.c:517:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "echo req");
data/iptraf-ng-1.2.1/src/othptab.c:520:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "dest unrch");
data/iptraf-ng-1.2.1/src/othptab.c:523:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "ntwk");
data/iptraf-ng-1.2.1/src/othptab.c:526:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "host");
data/iptraf-ng-1.2.1/src/othptab.c:529:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "proto");
data/iptraf-ng-1.2.1/src/othptab.c:532:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "port");
data/iptraf-ng-1.2.1/src/othptab.c:535:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "DF set");
data/iptraf-ng-1.2.1/src/othptab.c:538:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "src rte fail");
data/iptraf-ng-1.2.1/src/othptab.c:541:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "net unkn");
data/iptraf-ng-1.2.1/src/othptab.c:544:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "host unkn");
data/iptraf-ng-1.2.1/src/othptab.c:547:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "src isltd");
data/iptraf-ng-1.2.1/src/othptab.c:550:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "net comm denied");
data/iptraf-ng-1.2.1/src/othptab.c:553:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "host comm denied");
data/iptraf-ng-1.2.1/src/othptab.c:556:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "net unrch for TOS");
data/iptraf-ng-1.2.1/src/othptab.c:559:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional,
data/iptraf-ng-1.2.1/src/othptab.c:563:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "pkt fltrd");
data/iptraf-ng-1.2.1/src/othptab.c:566:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "prec violtn");
data/iptraf-ng-1.2.1/src/othptab.c:569:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "prec cutoff");
data/iptraf-ng-1.2.1/src/othptab.c:575:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "src qnch");
data/iptraf-ng-1.2.1/src/othptab.c:578:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "redirct");
data/iptraf-ng-1.2.1/src/othptab.c:581:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "time excd");
data/iptraf-ng-1.2.1/src/othptab.c:584:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "param prob");
data/iptraf-ng-1.2.1/src/othptab.c:587:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "timestmp req");
data/iptraf-ng-1.2.1/src/othptab.c:590:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "info req");
data/iptraf-ng-1.2.1/src/othptab.c:593:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "info rep");
data/iptraf-ng-1.2.1/src/othptab.c:596:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "addr mask req");
data/iptraf-ng-1.2.1/src/othptab.c:599:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "addr mask rep");
data/iptraf-ng-1.2.1/src/othptab.c:602:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "bad/unkn");
data/iptraf-ng-1.2.1/src/othptab.c:608:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "dest unrch");
data/iptraf-ng-1.2.1/src/othptab.c:611:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "no route");
data/iptraf-ng-1.2.1/src/othptab.c:614:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "admin");
data/iptraf-ng-1.2.1/src/othptab.c:618:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "not neigh");
data/iptraf-ng-1.2.1/src/othptab.c:621:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "not beyondsp");
data/iptraf-ng-1.2.1/src/othptab.c:625:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "unreach addr");
data/iptraf-ng-1.2.1/src/othptab.c:628:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(additional, "no port");
data/iptraf-ng-1.2.1/src/othptab.c:633:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "pkt too big");
data/iptraf-ng-1.2.1/src/othptab.c:636:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "time exceeded");
data/iptraf-ng-1.2.1/src/othptab.c:639:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "param prob");
data/iptraf-ng-1.2.1/src/othptab.c:642:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "echo req");
data/iptraf-ng-1.2.1/src/othptab.c:645:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "echo rply");
data/iptraf-ng-1.2.1/src/othptab.c:648:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "router sol");
data/iptraf-ng-1.2.1/src/othptab.c:651:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "router adv");
data/iptraf-ng-1.2.1/src/othptab.c:655:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "mbrship query");
data/iptraf-ng-1.2.1/src/othptab.c:660:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "mbrship report");
data/iptraf-ng-1.2.1/src/othptab.c:665:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "mbrship reduc");
data/iptraf-ng-1.2.1/src/othptab.c:669:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "neigh sol");
data/iptraf-ng-1.2.1/src/othptab.c:672:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "neigh adv");
data/iptraf-ng-1.2.1/src/othptab.c:675:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "redirect");
data/iptraf-ng-1.2.1/src/othptab.c:678:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "bad/unkn");
data/iptraf-ng-1.2.1/src/othptab.c:684:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(protname, "v2");
data/iptraf-ng-1.2.1/src/othptab.c:687:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(protname, "v3");
data/iptraf-ng-1.2.1/src/othptab.c:692:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "hlo");
data/iptraf-ng-1.2.1/src/othptab.c:695:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "DB desc");
data/iptraf-ng-1.2.1/src/othptab.c:698:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "LSR");
data/iptraf-ng-1.2.1/src/othptab.c:701:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "LSU");
data/iptraf-ng-1.2.1/src/othptab.c:704:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "LSA");
data/iptraf-ng-1.2.1/src/othptab.c:711:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(description, "fragment");
data/iptraf-ng-1.2.1/src/othptab.c:725:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scratchpad, "%u ", entry->protocol);
data/iptraf-ng-1.2.1/src/othptab.c:728:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scratchpad, "(%u bytes) ", entry->pkt_length);
data/iptraf-ng-1.2.1/src/othptab.c:736:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scratchpad, "from %.40s to %.40s", entry->s_fqdn,
data/iptraf-ng-1.2.1/src/othptab.c:747:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msgstring, " on ");
data/iptraf-ng-1.2.1/src/othptab.h:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smacaddr[18]; /* FIXME: use dynamicly allocated space */
data/iptraf-ng-1.2.1/src/othptab.h:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmacaddr[18];
data/iptraf-ng-1.2.1/src/othptab.h:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_fqdn[100];
data/iptraf-ng-1.2.1/src/othptab.h:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_fqdn[100];
data/iptraf-ng-1.2.1/src/othptab.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface[IFNAMSIZ];
data/iptraf-ng-1.2.1/src/othptab.h:38:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_sname[15];
data/iptraf-ng-1.2.1/src/othptab.h:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_sname[15];
data/iptraf-ng-1.2.1/src/othptab.h:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char routerid[16];
data/iptraf-ng-1.2.1/src/othptab.h:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_mac_address[6];
data/iptraf-ng-1.2.1/src/othptab.h:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_mac_address[6];
data/iptraf-ng-1.2.1/src/parseproto.c:19:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rtoken[32];
data/iptraf-ng-1.2.1/src/parseproto.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toktmp[6];
data/iptraf-ng-1.2.1/src/parseproto.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prototmp1[6];
data/iptraf-ng-1.2.1/src/parseproto.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prototmp2[6];
data/iptraf-ng-1.2.1/src/parseproto.c:51:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bad_token[6];
data/iptraf-ng-1.2.1/src/pktsize.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[TIME_TARGET_MAX];
data/iptraf-ng-1.2.1/src/promisc.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/iptraf-ng-1.2.1/src/promisc.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[IFNAMSIZ];
data/iptraf-ng-1.2.1/src/rvnamed.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqdn[45];
data/iptraf-ng-1.2.1/src/rvnamed.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[TIME_TARGET_MAX] = "";
data/iptraf-ng-1.2.1/src/rvnamed.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmsg[160];
data/iptraf-ng-1.2.1/src/rvnamed.c:174:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(RVNDLOGFILE, "a");
data/iptraf-ng-1.2.1/src/rvnamed.c:177:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen("/dev/null", "a");
data/iptraf-ng-1.2.1/src/rvnamed.c:282:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logmsg,
data/iptraf-ng-1.2.1/src/rvnamed.h:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqdn[45];
data/iptraf-ng-1.2.1/src/serv.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servname[11];
data/iptraf-ng-1.2.1/src/serv.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[TIME_TARGET_MAX];
data/iptraf-ng-1.2.1/src/serv.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bps_string[64];
data/iptraf-ng-1.2.1/src/serv.c:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iptraf-ng-1.2.1/src/serv.c:1122:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(PORTFILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
data/iptraf-ng-1.2.1/src/serv.c:1199:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(PORTFILE, O_RDONLY);
data/iptraf-ng-1.2.1/src/serv.c:1238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listtext[20];
data/iptraf-ng-1.2.1/src/servname.c:29:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(target, "%u", port);
data/iptraf-ng-1.2.1/src/servname.c:32:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(target, "%u", port);
data/iptraf-ng-1.2.1/src/sockaddr.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[NI_MAXHOST];
data/iptraf-ng-1.2.1/src/sockaddr.c:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, sizeof(struct sockaddr_storage));
data/iptraf-ng-1.2.1/src/tcptable.c:468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[32];
data/iptraf-ng-1.2.1/src/tcptable.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgstring[MSGSTRING_MAX];
data/iptraf-ng-1.2.1/src/tcptable.c:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flowrate1[64];
data/iptraf-ng-1.2.1/src/tcptable.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flowrate2[64];
data/iptraf-ng-1.2.1/src/tcptable.c:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgstring[MSGSTRING_MAX];
data/iptraf-ng-1.2.1/src/tcptable.c:571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newmacaddr[18];
data/iptraf-ng-1.2.1/src/tcptable.c:698:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flowrate[64];
data/iptraf-ng-1.2.1/src/tcptable.c:714:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flowrate1[64];
data/iptraf-ng-1.2.1/src/tcptable.c:715:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flowrate2[64];
data/iptraf-ng-1.2.1/src/tcptable.c:760:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stat[7] = "";
data/iptraf-ng-1.2.1/src/tcptable.c:836:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stat, "TMOU");
data/iptraf-ng-1.2.1/src/tcptable.c:838:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stat, "DONE");
data/iptraf-ng-1.2.1/src/tcptable.c:840:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stat, "CLOS");
data/iptraf-ng-1.2.1/src/tcptable.c:842:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stat, "RSET");
data/iptraf-ng-1.2.1/src/tcptable.c:1092:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[MSGSTRING_MAX];
data/iptraf-ng-1.2.1/src/tcptable.c:1115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[MSGSTRING_MAX];
data/iptraf-ng-1.2.1/src/tcptable.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_fqdn[45]; /* fully-qualified domain names */
data/iptraf-ng-1.2.1/src/tcptable.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_fqdn[45];
data/iptraf-ng-1.2.1/src/tcptable.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smacaddr[18];
data/iptraf-ng-1.2.1/src/tcptable.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_sname[11]; /* Service names, maxlen=10 */
data/iptraf-ng-1.2.1/src/tcptable.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_sname[11];
data/iptraf-ng-1.2.1/src/tcptable.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/iptraf-ng-1.2.1/src/tui/listbox.h:7:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAX_TEXT_LENGTH];
data/iptraf-ng-1.2.1/src/tui/menurt.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_option[OPTIONSTRLEN_MAX];
data/iptraf-ng-1.2.1/src/tui/menurt.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thekey[2];
data/iptraf-ng-1.2.1/src/tui/menurt.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curoption[OPTIONSTRLEN_MAX];
data/iptraf-ng-1.2.1/src/tui/menurt.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[OPTIONSTRLEN_MAX];
data/iptraf-ng-1.2.1/src/tui/menurt.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[OPTIONSTRLEN_MAX];
data/iptraf-ng-1.2.1/src/tui/menurt.h:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[DESCSTRLEN_MAX];
data/iptraf-ng-1.2.1/src/tui/menurt.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortcuts[SHORTCUTSTRLEN_MAX];
data/iptraf-ng-1.2.1/src/usage.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[4096];
data/iptraf-ng-1.2.1/src/usage.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_with_err[1024];
data/iptraf-ng-1.2.1/src/usage.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_error[256], *err;
data/iptraf-ng-1.2.1/src/detstats.c:661:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(current_logfile, "");
data/iptraf-ng-1.2.1/src/fltedit.c:55:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
br = read(pfd, &(fe->hp), sizeof(struct hostparams));
data/iptraf-ng-1.2.1/src/fltedit.c:567:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, get_path(T_WORKDIR, ffe->filename),
data/iptraf-ng-1.2.1/src/fltmgr.c:109:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
br = read(pfd, &(ptemp->ffe), sizeof(struct filterfileent));
data/iptraf-ng-1.2.1/src/fltmgr.c:269:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filterfile, ftmp->ffe.filename, 40);
data/iptraf-ng-1.2.1/src/fltselect.c:175:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
br = read(pfd, &ofilter, sizeof(struct filterstate));
data/iptraf-ng-1.2.1/src/hostmon.c:257:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ptemp->un.desc.desc, "");
data/iptraf-ng-1.2.1/src/hostmon.c:895:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_logfile,
data/iptraf-ng-1.2.1/src/hostmon.c:991:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(current_logfile, "");
data/iptraf-ng-1.2.1/src/ifaces.c:46:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ifname, "");
data/iptraf-ng-1.2.1/src/ifaces.c:49:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/iptraf-ng-1.2.1/src/ifaces.c:53:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifname, skip_whitespace(strtok(buf, ":")), n);
data/iptraf-ng-1.2.1/src/ifaces.c:55:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ifname, "");
data/iptraf-ng-1.2.1/src/ifaces.c:236:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifname, ifr.ifr_name, IFNAMSIZ);
data/iptraf-ng-1.2.1/src/ifstats.c:654:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(current_logfile, "");
data/iptraf-ng-1.2.1/src/ifstats.c:687:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ptmp->ifname, "All interfaces", sizeof(ptmp->ifname));
data/iptraf-ng-1.2.1/src/ifstats.c:717:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ifname, "");
data/iptraf-ng-1.2.1/src/ipfilter.c:184:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->s_mask,
data/iptraf-ng-1.2.1/src/ipfilter.c:222:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->d_mask,
data/iptraf-ng-1.2.1/src/ipfilter.c:285:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->protolist, cptr, 60);
data/iptraf-ng-1.2.1/src/ipfilter.c:337:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ofilter.filename,
data/iptraf-ng-1.2.1/src/iptraf.c:63:2: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/iptraf-ng-1.2.1/src/iptraf.c:84:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(dir_entry->d_name, prefix, strlen(prefix))
data/iptraf-ng-1.2.1/src/iptraf.c:391:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(current_logfile, "");
data/iptraf-ng-1.2.1/src/iptraf.c:407:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_logfile, L_opt, 80);
data/iptraf-ng-1.2.1/src/iptraf.c:409:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_logfile, get_path(T_LOGDIR, L_opt), 80);
data/iptraf-ng-1.2.1/src/iptraf.c:491:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(current_logfile, "");
data/iptraf-ng-1.2.1/src/itrafmon.c:792:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_logfile,
data/iptraf-ng-1.2.1/src/itrafmon.c:929:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(current_logfile, "");
data/iptraf-ng-1.2.1/src/landesc.c:26:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mac) != 17)
data/iptraf-ng-1.2.1/src/landesc.c:31:16: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int success = sscanf(mac, "%02s:%02s:%02s:%02s:%02s:%02s",
data/iptraf-ng-1.2.1/src/landesc.c:55:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/iptraf-ng-1.2.1/src/landesc.c:66:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mac, line, 17);
data/iptraf-ng-1.2.1/src/log.c:74:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target, fieldlist.list->buf, 48);
data/iptraf-ng-1.2.1/src/log.c:94:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(target_logname, "");
data/iptraf-ng-1.2.1/src/log.c:100:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(atime, ctime(&now), 26);
data/iptraf-ng-1.2.1/src/log.c:101:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atime[strlen(atime) - 1] = '\0';
data/iptraf-ng-1.2.1/src/options.c:174:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &options, sizeof(struct OPTIONS));
data/iptraf-ng-1.2.1/src/othptab.c:69:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(scratchpad, "");
data/iptraf-ng-1.2.1/src/othptab.c:74:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(scratchpad, "");
data/iptraf-ng-1.2.1/src/othptab.c:459:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(additional, "");
data/iptraf-ng-1.2.1/src/othptab.c:460:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(description, "");
data/iptraf-ng-1.2.1/src/othptab.c:714:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(msgstring, " ");
data/iptraf-ng-1.2.1/src/othptab.c:718:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(msgstring, " ");
data/iptraf-ng-1.2.1/src/parseproto.c:59:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prototmp1, get_next_token(cptr), sizeof(prototmp1) - 1);
data/iptraf-ng-1.2.1/src/parseproto.c:65:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(toktmp, get_next_token(cptr), sizeof(toktmp) - 1);
data/iptraf-ng-1.2.1/src/parseproto.c:71:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prototmp2, get_next_token(cptr), sizeof(prototmp2) - 1);
data/iptraf-ng-1.2.1/src/parseproto.c:78:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bad_token, "-");
data/iptraf-ng-1.2.1/src/parseproto.c:88:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bad_token, prototmp2, sizeof(bad_token));
data/iptraf-ng-1.2.1/src/parseproto.c:96:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bad_token, prototmp2, sizeof(bad_token));
data/iptraf-ng-1.2.1/src/parseproto.c:104:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(toktmp, get_next_token(cptr), sizeof(toktmp) - 1);
data/iptraf-ng-1.2.1/src/parseproto.c:107:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bad_token, toktmp, sizeof(bad_token));
data/iptraf-ng-1.2.1/src/parseproto.c:119:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bad_token, toktmp, sizeof(bad_token));
data/iptraf-ng-1.2.1/src/parseproto.c:130:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bad_token, prototmp1, sizeof(bad_token));
data/iptraf-ng-1.2.1/src/parseproto.c:134:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bad_token, prototmp1, sizeof(bad_token));
data/iptraf-ng-1.2.1/src/pktsize.c:360:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(current_logfile, "");
data/iptraf-ng-1.2.1/src/revname.c:261:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target, rpkt.fqdn, target_size - 1);
data/iptraf-ng-1.2.1/src/rvnamed.c:97:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(ccsa.sun_family) + strlen(ccsa.sun_path));
data/iptraf-ng-1.2.1/src/rvnamed.c:139:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atime[strlen(atime) - 1] = '\0';
data/iptraf-ng-1.2.1/src/rvnamed.c:202:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(csa.sun_family) + strlen(csa.sun_path)) < 0) {
data/iptraf-ng-1.2.1/src/rvnamed.c:232:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fromaddr.sun_path);
data/iptraf-ng-1.2.1/src/rvnamed.c:255:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hostlist[hi].fqdn, rvnpacket.fqdn, sizeof(hostlist[hi].fqdn));
data/iptraf-ng-1.2.1/src/rvnamed.c:297:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rvnpacket.fqdn,
data/iptraf-ng-1.2.1/src/serv.c:1028:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(current_logfile, "");
data/iptraf-ng-1.2.1/src/serv.c:1206:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
br = read(fd, &(ptemp->port_min), sizeof(unsigned int));
data/iptraf-ng-1.2.1/src/serv.c:1207:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
br = read(fd, &(ptemp->port_max), sizeof(unsigned int));
data/iptraf-ng-1.2.1/src/servname.c:27:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target, sve->s_name, maxlen);
data/iptraf-ng-1.2.1/src/tcptable.c:57:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(ifname); i++)
data/iptraf-ng-1.2.1/src/tui/input.c:52:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newfield->tlen = strlen(initstr);
data/iptraf-ng-1.2.1/src/tui/input.c:54:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newfield->buf, initstr, len);
data/iptraf-ng-1.2.1/src/tui/listbox.c:55:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ptmp->text, text, MAX_TEXT_LENGTH - 1);
data/iptraf-ng-1.2.1/src/tui/menurt.c:24:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(menu->shortcuts, "");
data/iptraf-ng-1.2.1/src/tui/menurt.c:74:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(menu->shortcuts, "^"); /* mark shortcut position for seps */
data/iptraf-ng-1.2.1/src/tui/menurt.c:121:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(padding, "");
data/iptraf-ng-1.2.1/src/tui/menurt.c:123:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ctr = strlen(itemptr->option); ctr <= menu->x1 - 1; ctr++)
data/iptraf-ng-1.2.1/src/tui/menurt.c:124:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(padding, " ");
ANALYSIS SUMMARY:
Hits = 436
Lines analyzed = 16681 in approximately 0.48 seconds (35066 lines/second)
Physical Source Lines of Code (SLOC) = 12516
Hits@level = [0] 132 [1] 76 [2] 263 [3] 3 [4] 93 [5] 1
Hits@level+ = [0+] 568 [1+] 436 [2+] 360 [3+] 97 [4+] 94 [5+] 1
Hits/KSLOC@level+ = [0+] 45.3819 [1+] 34.8354 [2+] 28.7632 [3+] 7.75008 [4+] 7.51039 [5+] 0.0798977
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.