Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libnet-interface-perl-1.016/ni_get_set.c
Examining data/libnet-interface-perl-1.016/ni_malloc.c
Examining data/libnet-interface-perl-1.016/ni_linuxproc.c
Examining data/libnet-interface-perl-1.016/ni_util.c
Examining data/libnet-interface-perl-1.016/miniSocketXS.c
Examining data/libnet-interface-perl-1.016/ni_in6_classify.c
Examining data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c
Examining data/libnet-interface-perl-1.016/ni_funct.h
Examining data/libnet-interface-perl-1.016/ni_strlcpy.c
Examining data/libnet-interface-perl-1.016/defaults.h
Examining data/libnet-interface-perl-1.016/ni_strlcpy.h
Examining data/libnet-interface-perl-1.016/ni_memcmp.c
Examining data/libnet-interface-perl-1.016/ni_getifaddrs.c
Examining data/libnet-interface-perl-1.016/ppport.h
Examining data/libnet-interface-perl-1.016/ni_memcmp.h
Examining data/libnet-interface-perl-1.016/inet_aton.c
Examining data/libnet-interface-perl-1.016/ni_in6_ifreq.c
Examining data/libnet-interface-perl-1.016/ni_lifreq.c
Examining data/libnet-interface-perl-1.016/ni_fixups.h
Examining data/libnet-interface-perl-1.016/ni_af_inetcommon.c
Examining data/libnet-interface-perl-1.016/ni_ifreq.c
Parsing failed to find end of parameter list; semicolon terminated it in ("mtu %d",((struct ifdata *)ifr->ni_data)->ifi_mtu;
#endif
printf("\n\t");
if (ioctl(fd,SIOCGIFADDR,ifr) != -1 ) {
#ifdef HAVE_GETNAMEINFO
if (getnameinfo(&ifr->ni_saddr,LOCAL_SIZEOF_SOCK
Examining data/libnet-interface-perl-1.016/ni_SMI-NUMBERS.c
Examining data/libnet-interface-perl-1.016/localconf.h
FINAL RESULTS:
data/libnet-interface-perl-1.016/miniSocketXS.c:120:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
* so let's use this sprintf() workaround everywhere.
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:131:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"/dev/%s",&ifr->ni_ifr_name);
data/libnet-interface-perl-1.016/ni_ifreq.c:180:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf,inet_ntoa(ifr->ni_sin.sin_addr));
data/libnet-interface-perl-1.016/ni_in6_ifreq.c:224:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf,inet_ntoa(ifr->ni_sin.sin_addr));
data/libnet-interface-perl-1.016/ni_in6_ifreq.c:245:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf,inet_ntop(AF_INET6,&ifr->ni_sin6.sin6_addr,namebuf,NI_MAXHOST));
data/libnet-interface-perl-1.016/ni_lifreq.c:279:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf,inet_ntoa(sin->sin_addr));
data/libnet-interface-perl-1.016/ni_lifreq.c:289:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf,inet_ntoa(sin->sin_addr));
data/libnet-interface-perl-1.016/ni_lifreq.c:300:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf,inet_ntop(AF_INET6,&sin6->sin6_addr,namebuf,NI_MAXHOST));
data/libnet-interface-perl-1.016/ni_linuxproc.c:157:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(txt,"%s:%s:%s:%s:%s:%s:%s:%s",
data/libnet-interface-perl-1.016/miniSocketXS.c:123:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addr_str, "%d.%d.%d.%d",
data/libnet-interface-perl-1.016/ni_af_inetcommon.c:102:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define NI_RESTORE_COPYS memcpy(&ifr->ni_saddr,©6,LOCAL_SIZEOF_SOCKADDR_IN6)
data/libnet-interface-perl-1.016/ni_af_inetcommon.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(©6,&ifr->ni_saddr,LOCAL_SIZEOF_SOCKADDR_IN6);
data/libnet-interface-perl-1.016/ni_af_inetcommon.c:165:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char copy[sizeof(struct sockaddr_storage) + IFNAMSIZ];
data/libnet-interface-perl-1.016/ni_af_inetcommon.c:171:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cifr,*oifr,inc); /* copy the current ifreq struct */
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ +5], dlpbuf[DL_MAXIMUM];
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:87:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifr->ni_char,&physaddr.current_pa[0]);
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:101:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/nit",0)) >= 0) {
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:115:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(&ifr->ni_ifr_name,O_RDONLY)) >= 0) {
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifr->ni_char,&ioctl_arg.value.s[0],6);
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:132:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name,O_RDWR)) < 0) {
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:149:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ppa < 0 || (fd = open(name,O_RDWR)) < 0) {
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:151:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/dlpi",O_RDWR)) < 0)
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:172:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifr->ni_ifr_name,(dlpbuf + dlpi->dl_addr_offset),6);
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:214:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifr->ni_ifr_name,(dlpbuf + dlpp->dl_addr_offset),6);
data/libnet-interface-perl-1.016/ni_funct.h:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ni_ifr_name[IFNAMSIZ];
data/libnet-interface-perl-1.016/ni_funct.h:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifr_char[2];
data/libnet-interface-perl-1.016/ni_funct.h:186:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ifr_uchar[2];
data/libnet-interface-perl-1.016/ni_funct.h:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lifreq_pad[NI_LIFREQ_PAD];
data/libnet-interface-perl-1.016/ni_get_set.c:137:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifr6.lin6_addr,&ifr->ni_sin6.sin6_addr,LOCAL_SIZEOF_SOCKADDR_IN6);
data/libnet-interface-perl-1.016/ni_getifaddrs.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostaddr[40];
data/libnet-interface-perl-1.016/ni_ifreq.c:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[NI_MAXHOST];
data/libnet-interface-perl-1.016/ni_in6_ifreq.c:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifr6,ifr,IFNAMSIZ + LOCAL_SIZEOF_SOCKADDR_IN6); /* copy name & family */
data/libnet-interface-perl-1.016/ni_in6_ifreq.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[NI_MAXHOST];
data/libnet-interface-perl-1.016/ni_in6_ifreq.c:239:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(©6,&ifr->ni_saddr,LOCAL_SIZEOF_SOCKADDR_IN6);
data/libnet-interface-perl-1.016/ni_in6_ifreq.c:240:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define NI_RESTORE_COPYS memcpy(&ifr->ni_saddr,©6,LOCAL_SIZEOF_SOCKADDR_IN6)
data/libnet-interface-perl-1.016/ni_in6_ifreq.c:272:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lifetime,&ifr->ni_lifetime,sizeof(struct in6_addrlifetime));
data/libnet-interface-perl-1.016/ni_lifreq.c:233:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[6] = {0x0,0x0,0x0,0xfa,0x11,0xed};
data/libnet-interface-perl-1.016/ni_lifreq.c:234:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char altmac[6], * macp;
data/libnet-interface-perl-1.016/ni_lifreq.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[NI_MAXHOST];
data/libnet-interface-perl-1.016/ni_linuxproc.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[20];
data/libnet-interface-perl-1.016/ni_linuxproc.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chp[8][5];
data/libnet-interface-perl-1.016/ni_linuxproc.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _pad[4];
data/libnet-interface-perl-1.016/ni_linuxproc.c:124:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(_PATH_PROCNET_IFINET6, "r")) == NULL)
data/libnet-interface-perl-1.016/ni_linuxproc.c:155:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
lx_hex2txt(char * txt, char (*chp)[5])
data/libnet-interface-perl-1.016/ni_linuxproc.c:155:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
lx_hex2txt(char * txt, char (*chp)[5])
data/libnet-interface-perl-1.016/ni_linuxproc.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostaddr[40];
data/libnet-interface-perl-1.016/ni_linuxproc.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastname[IFNAMSIZ];
data/libnet-interface-perl-1.016/ni_linuxproc.c:302:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostaddr[40];
data/libnet-interface-perl-1.016/ni_util.c:51:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(newmp,memp,size);
data/libnet-interface-perl-1.016/ni_util.c:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifr,ifrp,sizeof(struct ifreq));
data/libnet-interface-perl-1.016/miniSocketXS.c:128:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ST(0) = sv_2mortal(newSVpvn(addr_str, strlen(addr_str)));
data/libnet-interface-perl-1.016/ni_fallbackhwaddr.c:134:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(name);
data/libnet-interface-perl-1.016/ni_linuxproc.c:130:12: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
while (fscanf(fd, "%4s%4s%4s%4s%4s%4s%4s%4s %02x %02x %02x %02x %20s\n",
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 5532 in approximately 0.19 seconds (29266 lines/second)
Physical Source Lines of Code (SLOC) = 3363
Hits@level = [0] 145 [1] 3 [2] 41 [3] 0 [4] 9 [5] 0
Hits@level+ = [0+] 198 [1+] 53 [2+] 50 [3+] 9 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 58.876 [1+] 15.7597 [2+] 14.8677 [3+] 2.67618 [4+] 2.67618 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.