Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jool-4.1.4/src/usr/iptables/libxt_JOOL_SIIT.c
Examining data/jool-4.1.4/src/usr/iptables/common.c
Examining data/jool-4.1.4/src/usr/iptables/libxt_JOOL.c
Examining data/jool-4.1.4/src/usr/nat64/main-nat64.c
Examining data/jool-4.1.4/src/usr/nl/denylist4.h
Examining data/jool-4.1.4/src/usr/nl/instance.h
Examining data/jool-4.1.4/src/usr/nl/attribute.c
Examining data/jool-4.1.4/src/usr/nl/address.h
Examining data/jool-4.1.4/src/usr/nl/bib.c
Examining data/jool-4.1.4/src/usr/nl/global.c
Examining data/jool-4.1.4/src/usr/nl/bib.h
Examining data/jool-4.1.4/src/usr/nl/global.h
Examining data/jool-4.1.4/src/usr/nl/pool4.h
Examining data/jool-4.1.4/src/usr/nl/file.h
Examining data/jool-4.1.4/src/usr/nl/eamt.c
Examining data/jool-4.1.4/src/usr/nl/session.c
Examining data/jool-4.1.4/src/usr/nl/pool4.c
Examining data/jool-4.1.4/src/usr/nl/stats.h
Examining data/jool-4.1.4/src/usr/nl/attribute.h
Examining data/jool-4.1.4/src/usr/nl/eamt.h
Examining data/jool-4.1.4/src/usr/nl/session.h
Examining data/jool-4.1.4/src/usr/nl/stats.c
Examining data/jool-4.1.4/src/usr/nl/json.h
Examining data/jool-4.1.4/src/usr/nl/core.c
Examining data/jool-4.1.4/src/usr/nl/instance.c
Examining data/jool-4.1.4/src/usr/nl/joold.h
Examining data/jool-4.1.4/src/usr/nl/wrapper-config.c
Examining data/jool-4.1.4/src/usr/nl/wrapper-global.c
Examining data/jool-4.1.4/src/usr/nl/joold.c
Examining data/jool-4.1.4/src/usr/nl/address.c
Examining data/jool-4.1.4/src/usr/nl/denylist4.c
Examining data/jool-4.1.4/src/usr/nl/file.c
Examining data/jool-4.1.4/src/usr/nl/wrapper-types.c
Examining data/jool-4.1.4/src/usr/nl/common.h
Examining data/jool-4.1.4/src/usr/nl/common.c
Examining data/jool-4.1.4/src/usr/nl/core.h
Examining data/jool-4.1.4/src/usr/nl/json.c
Examining data/jool-4.1.4/src/usr/util/file.h
Examining data/jool-4.1.4/src/usr/util/cJSON.c
Examining data/jool-4.1.4/src/usr/util/result.c
Examining data/jool-4.1.4/src/usr/util/result.h
Examining data/jool-4.1.4/src/usr/util/str_utils.h
Examining data/jool-4.1.4/src/usr/util/file.c
Examining data/jool-4.1.4/src/usr/util/cJSON.h
Examining data/jool-4.1.4/src/usr/util/str_utils.c
Examining data/jool-4.1.4/src/usr/siit/main-siit.c
Examining data/jool-4.1.4/src/usr/argp/dns.c
Examining data/jool-4.1.4/src/usr/argp/main.c
Examining data/jool-4.1.4/src/usr/argp/requirements.h
Examining data/jool-4.1.4/src/usr/argp/command.h
Examining data/jool-4.1.4/src/usr/argp/requirements.c
Examining data/jool-4.1.4/src/usr/argp/userspace-types.c
Examining data/jool-4.1.4/src/usr/argp/wargp.c
Examining data/jool-4.1.4/src/usr/argp/log.c
Examining data/jool-4.1.4/src/usr/argp/wargp.h
Examining data/jool-4.1.4/src/usr/argp/xlator_type.h
Examining data/jool-4.1.4/src/usr/argp/dns.h
Examining data/jool-4.1.4/src/usr/argp/log.h
Examining data/jool-4.1.4/src/usr/argp/main.h
Examining data/jool-4.1.4/src/usr/argp/userspace-types.h
Examining data/jool-4.1.4/src/usr/argp/xlator_type.c
Examining data/jool-4.1.4/src/usr/argp/command.c
Examining data/jool-4.1.4/src/usr/argp/wargp/denylist4.h
Examining data/jool-4.1.4/src/usr/argp/wargp/instance.h
Examining data/jool-4.1.4/src/usr/argp/wargp/address.h
Examining data/jool-4.1.4/src/usr/argp/wargp/bib.c
Examining data/jool-4.1.4/src/usr/argp/wargp/global.c
Examining data/jool-4.1.4/src/usr/argp/wargp/bib.h
Examining data/jool-4.1.4/src/usr/argp/wargp/global.h
Examining data/jool-4.1.4/src/usr/argp/wargp/pool4.h
Examining data/jool-4.1.4/src/usr/argp/wargp/file.h
Examining data/jool-4.1.4/src/usr/argp/wargp/eamt.c
Examining data/jool-4.1.4/src/usr/argp/wargp/session.c
Examining data/jool-4.1.4/src/usr/argp/wargp/pool4.c
Examining data/jool-4.1.4/src/usr/argp/wargp/stats.h
Examining data/jool-4.1.4/src/usr/argp/wargp/eamt.h
Examining data/jool-4.1.4/src/usr/argp/wargp/session.h
Examining data/jool-4.1.4/src/usr/argp/wargp/stats.c
Examining data/jool-4.1.4/src/usr/argp/wargp/instance.c
Examining data/jool-4.1.4/src/usr/argp/wargp/joold.h
Examining data/jool-4.1.4/src/usr/argp/wargp/joold.c
Examining data/jool-4.1.4/src/usr/argp/wargp/address.c
Examining data/jool-4.1.4/src/usr/argp/wargp/denylist4.c
Examining data/jool-4.1.4/src/usr/argp/wargp/file.c
Examining data/jool-4.1.4/src/usr/joold/modsocket.c
Examining data/jool-4.1.4/src/usr/joold/log.c
Examining data/jool-4.1.4/src/usr/joold/joold.c
Examining data/jool-4.1.4/src/usr/joold/log.h
Examining data/jool-4.1.4/src/usr/joold/netsocket.h
Examining data/jool-4.1.4/src/usr/joold/netsocket.c
Examining data/jool-4.1.4/src/usr/joold/modsocket.h
Examining data/jool-4.1.4/src/common/global.c
Examining data/jool-4.1.4/src/common/global.h
Examining data/jool-4.1.4/src/common/types.h
Examining data/jool-4.1.4/src/common/config.h
Examining data/jool-4.1.4/src/common/stats.h
Examining data/jool-4.1.4/src/common/iptables.h
Examining data/jool-4.1.4/src/common/session.h
Examining data/jool-4.1.4/src/common/types.c
Examining data/jool-4.1.4/src/common/constants.h
Examining data/jool-4.1.4/src/common/xlat.h
Examining data/jool-4.1.4/src/common/config.c
Examining data/jool-4.1.4/src/mod/nat64/jool.c
Examining data/jool-4.1.4/src/mod/common/icmp_wrapper.h
Examining data/jool-4.1.4/src/mod/common/atomic_config.c
Examining data/jool-4.1.4/src/mod/common/trace.h
Examining data/jool-4.1.4/src/mod/common/linux_version.h
Examining data/jool-4.1.4/src/mod/common/route.h
Examining data/jool-4.1.4/src/mod/common/address.h
Examining data/jool-4.1.4/src/mod/common/address_xlat.c
Examining data/jool-4.1.4/src/mod/common/atomic_config.h
Examining data/jool-4.1.4/src/mod/common/timer.h
Examining data/jool-4.1.4/src/mod/common/skbuff.c
Examining data/jool-4.1.4/src/mod/common/wkmalloc.c
Examining data/jool-4.1.4/src/mod/common/types.h
Examining data/jool-4.1.4/src/mod/common/db/denylist4.h
Examining data/jool-4.1.4/src/mod/common/db/rfc6791v4.c
Examining data/jool-4.1.4/src/mod/common/db/rfc6791v4.h
Examining data/jool-4.1.4/src/mod/common/db/global.c
Examining data/jool-4.1.4/src/mod/common/db/global.h
Examining data/jool-4.1.4/src/mod/common/db/eam.h
Examining data/jool-4.1.4/src/mod/common/db/bib/pkt_queue.h
Examining data/jool-4.1.4/src/mod/common/db/bib/db.c
Examining data/jool-4.1.4/src/mod/common/db/bib/entry.c
Examining data/jool-4.1.4/src/mod/common/db/bib/pkt_queue.c
Examining data/jool-4.1.4/src/mod/common/db/bib/db.h
Examining data/jool-4.1.4/src/mod/common/db/bib/entry.h
Examining data/jool-4.1.4/src/mod/common/db/denylist4.c
Examining data/jool-4.1.4/src/mod/common/db/rbtree.h
Examining data/jool-4.1.4/src/mod/common/db/rfc6791v6.h
Examining data/jool-4.1.4/src/mod/common/db/rfc6791v6.c
Examining data/jool-4.1.4/src/mod/common/db/pool4/db.c
Examining data/jool-4.1.4/src/mod/common/db/pool4/empty.c
Examining data/jool-4.1.4/src/mod/common/db/pool4/rfc6056.h
Examining data/jool-4.1.4/src/mod/common/db/pool4/rfc6056.c
Examining data/jool-4.1.4/src/mod/common/db/pool4/db.h
Examining data/jool-4.1.4/src/mod/common/db/pool4/empty.h
Examining data/jool-4.1.4/src/mod/common/db/rbtree.c
Examining data/jool-4.1.4/src/mod/common/db/eam.c
Examining data/jool-4.1.4/src/mod/common/rtrie.h
Examining data/jool-4.1.4/src/mod/common/translation_state.h
Examining data/jool-4.1.4/src/mod/common/error_pool.h
Examining data/jool-4.1.4/src/mod/common/init.h
Examining data/jool-4.1.4/src/mod/common/address_xlat.h
Examining data/jool-4.1.4/src/mod/common/trace.c
Examining data/jool-4.1.4/src/mod/common/stats.h
Examining data/jool-4.1.4/src/mod/common/kernel_hook_iptables.c
Examining data/jool-4.1.4/src/mod/common/rfc6052.c
Examining data/jool-4.1.4/src/mod/common/nl/denylist4.h
Examining data/jool-4.1.4/src/mod/common/nl/instance.h
Examining data/jool-4.1.4/src/mod/common/nl/atomic_config.c
Examining data/jool-4.1.4/src/mod/common/nl/attribute.c
Examining data/jool-4.1.4/src/mod/common/nl/address.h
Examining data/jool-4.1.4/src/mod/common/nl/bib.c
Examining data/jool-4.1.4/src/mod/common/nl/atomic_config.h
Examining data/jool-4.1.4/src/mod/common/nl/global.c
Examining data/jool-4.1.4/src/mod/common/nl/bib.h
Examining data/jool-4.1.4/src/mod/common/nl/global.h
Examining data/jool-4.1.4/src/mod/common/nl/pool4.h
Examining data/jool-4.1.4/src/mod/common/nl/nl_core.h
Examining data/jool-4.1.4/src/mod/common/nl/session.c
Examining data/jool-4.1.4/src/mod/common/nl/pool4.c
Examining data/jool-4.1.4/src/mod/common/nl/stats.h
Examining data/jool-4.1.4/src/mod/common/nl/nl_common.c
Examining data/jool-4.1.4/src/mod/common/nl/attribute.h
Examining data/jool-4.1.4/src/mod/common/nl/session.h
Examining data/jool-4.1.4/src/mod/common/nl/stats.c
Examining data/jool-4.1.4/src/mod/common/nl/nl_core.c
Examining data/jool-4.1.4/src/mod/common/nl/instance.c
Examining data/jool-4.1.4/src/mod/common/nl/joold.h
Examining data/jool-4.1.4/src/mod/common/nl/eam.h
Examining data/jool-4.1.4/src/mod/common/nl/joold.c
Examining data/jool-4.1.4/src/mod/common/nl/nl_handler.c
Examining data/jool-4.1.4/src/mod/common/nl/address.c
Examining data/jool-4.1.4/src/mod/common/nl/denylist4.c
Examining data/jool-4.1.4/src/mod/common/nl/nl_handler.h
Examining data/jool-4.1.4/src/mod/common/nl/nl_common.h
Examining data/jool-4.1.4/src/mod/common/nl/eam.c
Examining data/jool-4.1.4/src/mod/common/stats.c
Examining data/jool-4.1.4/src/mod/common/icmp_wrapper.c
Examining data/jool-4.1.4/src/mod/common/ipv6_hdr_iterator.c
Examining data/jool-4.1.4/src/mod/common/core.c
Examining data/jool-4.1.4/src/mod/common/wkmalloc.h
Examining data/jool-4.1.4/src/mod/common/init.c
Examining data/jool-4.1.4/src/mod/common/log.c
Examining data/jool-4.1.4/src/mod/common/joold.h
Examining data/jool-4.1.4/src/mod/common/packet.h
Examining data/jool-4.1.4/src/mod/common/skbuff.h
Examining data/jool-4.1.4/src/mod/common/wrapper-config.c
Examining data/jool-4.1.4/src/mod/common/ipv6_hdr_iterator.h
Examining data/jool-4.1.4/src/mod/common/timer.c
Examining data/jool-4.1.4/src/mod/common/wrapper-global.c
Examining data/jool-4.1.4/src/mod/common/xlator.c
Examining data/jool-4.1.4/src/mod/common/kernel_hook.h
Examining data/jool-4.1.4/src/mod/common/joold.c
Examining data/jool-4.1.4/src/mod/common/types.c
Examining data/jool-4.1.4/src/mod/common/dev.h
Examining data/jool-4.1.4/src/mod/common/address.c
Examining data/jool-4.1.4/src/mod/common/rfc6052.h
Examining data/jool-4.1.4/src/mod/common/route_out.c
Examining data/jool-4.1.4/src/mod/common/packet.c
Examining data/jool-4.1.4/src/mod/common/wrapper-types.c
Examining data/jool-4.1.4/src/mod/common/rcu.h
Examining data/jool-4.1.4/src/mod/common/dev.c
Examining data/jool-4.1.4/src/mod/common/log.h
Examining data/jool-4.1.4/src/mod/common/rfc7915/core.c
Examining data/jool-4.1.4/src/mod/common/rfc7915/4to6.c
Examining data/jool-4.1.4/src/mod/common/rfc7915/6to4.c
Examining data/jool-4.1.4/src/mod/common/rfc7915/6to4.h
Examining data/jool-4.1.4/src/mod/common/rfc7915/common.h
Examining data/jool-4.1.4/src/mod/common/rfc7915/common.c
Examining data/jool-4.1.4/src/mod/common/rfc7915/core.h
Examining data/jool-4.1.4/src/mod/common/rfc7915/4to6.h
Examining data/jool-4.1.4/src/mod/common/nf_wrapper.h
Examining data/jool-4.1.4/src/mod/common/rtrie.c
Examining data/jool-4.1.4/src/mod/common/error_pool.c
Examining data/jool-4.1.4/src/mod/common/xlator.h
Examining data/jool-4.1.4/src/mod/common/core.h
Examining data/jool-4.1.4/src/mod/common/steps/send_packet.h
Examining data/jool-4.1.4/src/mod/common/steps/handling_hairpinning_nat64.c
Examining data/jool-4.1.4/src/mod/common/steps/filtering_and_updating.c
Examining data/jool-4.1.4/src/mod/common/steps/compute_outgoing_tuple.h
Examining data/jool-4.1.4/src/mod/common/steps/compute_outgoing_tuple.c
Examining data/jool-4.1.4/src/mod/common/steps/handling_hairpinning_siit.h
Examining data/jool-4.1.4/src/mod/common/steps/determine_incoming_tuple.c
Examining data/jool-4.1.4/src/mod/common/steps/send_packet.c
Examining data/jool-4.1.4/src/mod/common/steps/determine_incoming_tuple.h
Examining data/jool-4.1.4/src/mod/common/steps/compute_outgoing_tuple_siit.c
Examining data/jool-4.1.4/src/mod/common/steps/handling_hairpinning_nat64.h
Examining data/jool-4.1.4/src/mod/common/steps/handling_hairpinning_siit.c
Examining data/jool-4.1.4/src/mod/common/steps/filtering_and_updating.h
Examining data/jool-4.1.4/src/mod/common/kernel_hook_netfilter.c
Examining data/jool-4.1.4/src/mod/common/translation_state.c
Examining data/jool-4.1.4/src/mod/siit/jool_siit.c
FINAL RESULTS:
data/jool-4.1.4/src/mod/common/error_pool.c:107:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer_pointer, node->msg);
data/jool-4.1.4/src/mod/common/log.c:46:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, 256, format, args);
data/jool-4.1.4/src/mod/common/log.h:104:61: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void log_err(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/jool-4.1.4/src/mod/common/nl/attribute.c:74:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out, nla_data(attr));
data/jool-4.1.4/src/mod/common/nl/nl_handler.c:241:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jool_family.name, JOOLNL_FAMILY);
data/jool-4.1.4/src/mod/common/wkmalloc.c:56:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(kmn_name(entry), name);
data/jool-4.1.4/src/mod/common/xlator.c:356:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jool->iname, iname);
data/jool-4.1.4/src/usr/argp/log.c:13:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/jool-4.1.4/src/usr/argp/log.c:26:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/jool-4.1.4/src/usr/argp/log.h:7:55: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define CHECK_FORMAT(str, args) __attribute__((format(printf, str, args)))
data/jool-4.1.4/src/usr/argp/main.c:632:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(JOOL_VERSION_STR "\n");
data/jool-4.1.4/src/usr/argp/wargp/instance.c:47:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(field->value, str);
data/jool-4.1.4/src/usr/iptables/common.c:27:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->iname, INAME_DEFAULT);
data/jool-4.1.4/src/usr/iptables/common.c:70:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, INAME_VALIDATE_ERRMSG "\n");
data/jool-4.1.4/src/usr/iptables/common.c:73:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->iname, optarg);
data/jool-4.1.4/src/usr/nl/core.c:64:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hdr->iname, iname ? iname : "default");
data/jool-4.1.4/src/usr/nl/instance.c:48:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry->iname, nla_get_string(attrs[JNLAIE_INAME]));
data/jool-4.1.4/src/usr/util/result.c:39:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(result.msg, MAX_STR_LEN, msg, args);
data/jool-4.1.4/src/usr/util/str_utils.c:275:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_copy, str);
data/jool-4.1.4/src/usr/util/str_utils.c:318:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_copy, str);
data/jool-4.1.4/src/usr/util/str_utils.c:361:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_copy, str);
data/jool-4.1.4/src/usr/util/str_utils.c:401:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_copy, str);
data/jool-4.1.4/src/usr/util/str_utils.c:437:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_copy, str);
data/jool-4.1.4/src/usr/util/str_utils.c:466:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_copy, str);
data/jool-4.1.4/src/usr/argp/main.c:645:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+?Vi:f:", OPTIONS, NULL)) != -1) {
data/jool-4.1.4/src/common/config.h:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[INAME_MAX_SIZE];
data/jool-4.1.4/src/common/config.h:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[INAME_MAX_SIZE];
data/jool-4.1.4/src/common/global.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[TIMEOUT_BUFLEN];
data/jool-4.1.4/src/common/global.c:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[INET6_ADDRSTRLEN];
data/jool-4.1.4/src/common/iptables.h:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[INAME_MAX_SIZE];
data/jool-4.1.4/src/mod/common/db/global.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(config->plateaus.values, &PLATEAUS, sizeof(PLATEAUS));
data/jool-4.1.4/src/mod/common/db/pool4/db.c:1108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(masks + 1, table + 1,
data/jool-4.1.4/src/mod/common/ipv6_hdr_iterator.c:8:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iterator, &defaults, sizeof(defaults));
data/jool-4.1.4/src/mod/common/nl/attribute.c:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, nla_data(attr), sizeof(*out));
data/jool-4.1.4/src/mod/common/nl/attribute.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, nla_data(attr), sizeof(*out));
data/jool-4.1.4/src/mod/common/nl/nl_core.c:42:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->hdr, get_jool_hdr(info), sizeof(*response->hdr));
data/jool-4.1.4/src/mod/common/rfc7915/4to6.c:872:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr6, ipv6_hdr(first), HDRS_LEN);
data/jool-4.1.4/src/mod/common/rfc7915/4to6.c:1166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(©_hdr, in_icmp, sizeof(*in_icmp));
data/jool-4.1.4/src/mod/common/rfc7915/4to6.c:1519:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tcp_out, tcp_in, pkt_l4hdr_len(in));
data/jool-4.1.4/src/mod/common/rfc7915/4to6.c:1527:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcp_copy, tcp_in, sizeof(*tcp_in));
data/jool-4.1.4/src/mod/common/rfc7915/4to6.c:1553:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(udp_out, udp_in, pkt_l4hdr_len(in));
data/jool-4.1.4/src/mod/common/rfc7915/4to6.c:1562:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&udp_copy, udp_in, sizeof(*udp_in));
data/jool-4.1.4/src/mod/common/rfc7915/6to4.c:823:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(©_hdr, in_icmp, sizeof(*in_icmp));
data/jool-4.1.4/src/mod/common/rfc7915/6to4.c:1096:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tcp_out, tcp_in, pkt_l4hdr_len(in));
data/jool-4.1.4/src/mod/common/rfc7915/6to4.c:1104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcp_copy, tcp_in, sizeof(*tcp_in));
data/jool-4.1.4/src/mod/common/rfc7915/6to4.c:1130:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(udp_out, udp_in, pkt_l4hdr_len(in));
data/jool-4.1.4/src/mod/common/rfc7915/6to4.c:1138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&udp_copy, udp_in, sizeof(*udp_in));
data/jool-4.1.4/src/mod/common/rtrie.c:47:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inode->key.bytes, key->bytes, key_len);
data/jool-4.1.4/src/mod/common/rtrie.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(leaf + 1, content, content_len);
data/jool-4.1.4/src/mod/common/rtrie.c:455:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, node + 1, trie->value_size);
data/jool-4.1.4/src/mod/common/skbuff.c:322:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[10], *payload;
data/jool-4.1.4/src/mod/common/translation_state.c:35:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state->jool, jool, sizeof(*jool));
data/jool-4.1.4/src/mod/common/xlator.c:462:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ops, netfilter_hooks, sizeof(netfilter_hooks));
data/jool-4.1.4/src/mod/common/xlator.c:486:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, &new->jool, sizeof(new->jool));
data/jool-4.1.4/src/mod/common/xlator.c:642:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new->jool, jool, sizeof(*jool));
data/jool-4.1.4/src/mod/common/xlator.c:782:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, &instance->jool, sizeof(*result));
data/jool-4.1.4/src/mod/common/xlator.c:828:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, &instance->jool, sizeof(*result));
data/jool-4.1.4/src/mod/common/xlator.h:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[INAME_MAX_SIZE];
data/jool-4.1.4/src/usr/argp/dns.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[NI_MAXHOST], service[NI_MAXSERV];
data/jool-4.1.4/src/usr/argp/dns.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostaddr[INET6_ADDRSTRLEN];
data/jool-4.1.4/src/usr/argp/dns.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[NI_MAXHOST], service[NI_MAXSERV];
data/jool-4.1.4/src/usr/argp/wargp/address.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[INET6_ADDRSTRLEN];
data/jool-4.1.4/src/usr/argp/wargp/eamt.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6_str[INET6_ADDRSTRLEN];
data/jool-4.1.4/src/usr/argp/wargp/instance.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[INAME_MAX_SIZE];
data/jool-4.1.4/src/usr/argp/wargp/session.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeout[TIMEOUT_BUFLEN];
data/jool-4.1.4/src/usr/joold/log.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/jool-4.1.4/src/usr/joold/netsocket.c:472:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JOOLD_MAX_PAYLOAD];
data/jool-4.1.4/src/usr/nl/attribute.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, nla_data(attr), sizeof(*addr));
data/jool-4.1.4/src/usr/nl/attribute.c:109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, nla_data(attr), sizeof(*addr));
data/jool-4.1.4/src/usr/nl/bib.c:37:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&args->last, &entry, sizeof(entry));
data/jool-4.1.4/src/usr/nl/denylist4.c:37:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&args->last, &entry, sizeof(entry));
data/jool-4.1.4/src/usr/nl/instance.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&args->last, &entry, sizeof(entry));
data/jool-4.1.4/src/usr/nl/pool4.c:37:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&args->last, &entry, sizeof(entry));
data/jool-4.1.4/src/usr/nl/session.c:37:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&args->last, &entry, sizeof(entry));
data/jool-4.1.4/src/usr/util/cJSON.c:210:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char firstByteMark[7] = {
data/jool-4.1.4/src/usr/util/file.c:20:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(file_name, "rb");
data/jool-4.1.4/src/usr/util/str_utils.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_copy[STR_MAX_LEN];
data/jool-4.1.4/src/usr/util/str_utils.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_copy[STR_MAX_LEN];
data/jool-4.1.4/src/usr/util/str_utils.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_copy[STR_MAX_LEN];
data/jool-4.1.4/src/usr/util/str_utils.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_copy[STR_MAX_LEN];
data/jool-4.1.4/src/mod/common/error_pool.c:76:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_size += strlen(msg);
data/jool-4.1.4/src/mod/common/error_pool.c:108:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_pointer += strlen(node->msg);
data/jool-4.1.4/src/mod/common/wkmalloc.c:50:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry = kmalloc(sizeof(struct kmalloc_entry) + strlen(name) + 1,
data/jool-4.1.4/src/usr/argp/main.c:377:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(option->label, prefix, strlen(prefix)) == 0) {
data/jool-4.1.4/src/usr/util/str_utils.c:175:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tail + 1) < 3)
data/jool-4.1.4/src/usr/util/str_utils.c:269:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) + 1 > STR_MAX_LEN) {
data/jool-4.1.4/src/usr/util/str_utils.c:312:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) + 1 > STR_MAX_LEN) {
data/jool-4.1.4/src/usr/util/str_utils.c:355:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) + 1 > STR_MAX_LEN) {
data/jool-4.1.4/src/usr/util/str_utils.c:395:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) + 1 > STR_MAX_LEN) {
data/jool-4.1.4/src/usr/util/str_utils.c:433:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_copy = malloc(strlen(str) + 1);
ANALYSIS SUMMARY:
Hits = 90
Lines analyzed = 34125 in approximately 0.85 seconds (40206 lines/second)
Physical Source Lines of Code (SLOC) = 24123
Hits@level = [0] 273 [1] 10 [2] 55 [3] 1 [4] 24 [5] 0
Hits@level+ = [0+] 363 [1+] 90 [2+] 80 [3+] 25 [4+] 24 [5+] 0
Hits/KSLOC@level+ = [0+] 15.0479 [1+] 3.73088 [2+] 3.31634 [3+] 1.03636 [4+] 0.994901 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.