Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libnet-ip-xs-perl-0.21/inet_pton.c
Examining data/libnet-ip-xs-perl-0.21/n128.c
Examining data/libnet-ip-xs-perl-0.21/object.h
Examining data/libnet-ip-xs-perl-0.21/functions.h
Examining data/libnet-ip-xs-perl-0.21/object.c
Examining data/libnet-ip-xs-perl-0.21/functions.c
Examining data/libnet-ip-xs-perl-0.21/inet_pton.h
Examining data/libnet-ip-xs-perl-0.21/n128.h
FINAL RESULTS:
data/libnet-ip-xs-perl-0.21/functions.c:166:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(netip_Error, 512, Error, args);
data/libnet-ip-xs-perl-0.21/functions.c:1933:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, numbuf);
data/libnet-ip-xs-perl-0.21/functions.c:2545:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s - %s", ip1buf,
data/libnet-ip-xs-perl-0.21/functions.c:2628:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, ip);
data/libnet-ip-xs-perl-0.21/functions.c:2674:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, mybuf);
data/libnet-ip-xs-perl-0.21/object.c:65:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(errtmp, 512, Error, args);
data/libnet-ip-xs-perl-0.21/functions.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char netip_Error[512];
data/libnet-ip-xs-perl-0.21/functions.c:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netip_Error, Error, len);
data/libnet-ip-xs-perl-0.21/functions.c:178:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NI_ip_uchars_to_n128(unsigned char uchars[16], n128_t *num)
data/libnet-ip-xs-perl-0.21/functions.c:199:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NI_ip_uchars_to_ulong(unsigned char uchars[4])
data/libnet-ip-xs-perl-0.21/functions.c:392:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu", num_ulong);
data/libnet-ip-xs-perl-0.21/functions.c:671:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ip, sizeof(*ip));
data/libnet-ip-xs-perl-0.21/functions.c:992:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPV6_BITSTR_LEN];
data/libnet-ip-xs-perl-0.21/functions.c:1186:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu.%lu.%lu.%lu", (n >> 24) & 0xFF,
data/libnet-ip-xs-perl-0.21/functions.c:1204:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
data/libnet-ip-xs-perl-0.21/functions.c:1350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char range[4];
data/libnet-ip-xs-perl-0.21/functions.c:1431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempip[IPV6_BITSTR_LEN];
data/libnet-ip-xs-perl-0.21/functions.c:1432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char range[4];
data/libnet-ip-xs-perl-0.21/functions.c:1623:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prefixes[128];
data/libnet-ip-xs-perl-0.21/functions.c:1653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prefixes[128];
data/libnet-ip-xs-perl-0.21/functions.c:1695:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *addr_args[4];
data/libnet-ip-xs-perl-0.21/functions.c:1771:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv4[4];
data/libnet-ip-xs-perl-0.21/functions.c:1834:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv4[4];
data/libnet-ip-xs-perl-0.21/functions.c:1859:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv6[16];
data/libnet-ip-xs-perl-0.21/functions.c:1918:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[5];
data/libnet-ip-xs-perl-0.21/functions.c:1919:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv4[4];
data/libnet-ip-xs-perl-0.21/functions.c:1932:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbuf, "%u.", ipv4[i]);
data/libnet-ip-xs-perl-0.21/functions.c:1936:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "in-addr.arpa.");
data/libnet-ip-xs-perl-0.21/functions.c:1961:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv6[16];
data/libnet-ip-xs-perl-0.21/functions.c:1976:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%x.", ((ipv6[index] >> shift) & 0xF));
data/libnet-ip-xs-perl-0.21/functions.c:1979:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "ip6.arpa.");
data/libnet-ip-xs-perl-0.21/functions.c:2154:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipnum[16];
data/libnet-ip-xs-perl-0.21/functions.c:2346:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipnum[4];
data/libnet-ip-xs-perl-0.21/functions.c:2387:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipnum[16];
data/libnet-ip-xs-perl-0.21/functions.c:2536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip1buf[MAX_IPV6_STR_LEN];
data/libnet-ip-xs-perl-0.21/functions.c:2537:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip2buf[MAX_IPV6_STR_LEN];
data/libnet-ip-xs-perl-0.21/functions.c:2607:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv6[16];
data/libnet-ip-xs-perl-0.21/functions.c:2609:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mybuf[5];
data/libnet-ip-xs-perl-0.21/functions.c:2672:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mybuf, "%x",
data/libnet-ip-xs-perl-0.21/functions.c:2724:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipbuf, prefix, len);
data/libnet-ip-xs-perl-0.21/functions.c:2773:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, typestr, len);
data/libnet-ip-xs-perl-0.21/functions.c:2784:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "PUBLIC", 6);
data/libnet-ip-xs-perl-0.21/functions.c:2853:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bitstr1[IPV6_BITSTR_LEN];
data/libnet-ip-xs-perl-0.21/functions.c:2854:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bitstr2[IPV6_BITSTR_LEN];
data/libnet-ip-xs-perl-0.21/functions.h:85:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned long NI_ip_uchars_to_ulong(unsigned char uchars[4]);
data/libnet-ip-xs-perl-0.21/functions.h:86:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void NI_ip_uchars_to_n128(unsigned char uchars[16], n128_t *num);
data/libnet-ip-xs-perl-0.21/inet_pton.c:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[NS_INADDRSZ], *tp;
data/libnet-ip-xs-perl-0.21/inet_pton.c:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, NS_INADDRSZ);
data/libnet-ip-xs-perl-0.21/inet_pton.c:124:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
data/libnet-ip-xs-perl-0.21/inet_pton.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv4[16];
data/libnet-ip-xs-perl-0.21/inet_pton.c:187:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipv4, curtok, diff);
data/libnet-ip-xs-perl-0.21/inet_pton.c:237:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, NS_IN6ADDRSZ);
data/libnet-ip-xs-perl-0.21/n128.c:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(*dst));
data/libnet-ip-xs-perl-0.21/n128.c:581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/libnet-ip-xs-perl-0.21/object.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtmp[512];
data/libnet-ip-xs-perl-0.21/object.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[MAX_IPV6_STR_LEN];
data/libnet-ip-xs-perl-0.21/object.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAX_IPV6_STR_LEN];
data/libnet-ip-xs-perl-0.21/object.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binbuf1[IPV6_BITSTR_LEN];
data/libnet-ip-xs-perl-0.21/object.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binbuf2[IPV6_BITSTR_LEN];
data/libnet-ip-xs-perl-0.21/object.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maskbuf[IPV6_BITSTR_LEN];
data/libnet-ip-xs-perl-0.21/object.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefixbuf[MAX_IPV6_STR_LEN];
data/libnet-ip-xs-perl-0.21/object.c:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prefixes[MAX_PREFIXES];
data/libnet-ip-xs-perl-0.21/object.c:337:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(begin, raw_begin, 16);
data/libnet-ip-xs-perl-0.21/object.c:362:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(end, raw_end, 16);
data/libnet-ip-xs-perl-0.21/object.c:474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mybuf[MAX_IPV6_STR_LEN];
data/libnet-ip-xs-perl-0.21/object.c:518:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "4294967296");
data/libnet-ip-xs-perl-0.21/object.c:520:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu", end - begin + 1);
data/libnet-ip-xs-perl-0.21/object.c:545:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "340282366920938463463374607431768211456");
data/libnet-ip-xs-perl-0.21/object.c:581:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu", (unsigned long) NI_hv_get_uv(ipo, "xs_v4_ip0", 9));
data/libnet-ip-xs-perl-0.21/object.c:645:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%lx", (unsigned long) NI_hv_get_uv(ipo, "xs_v4_ip0", 9));
data/libnet-ip-xs-perl-0.21/object.c:969:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu", end);
data/libnet-ip-xs-perl-0.21/object.c:1068:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binbuf[130];
data/libnet-ip-xs-perl-0.21/object.c:1069:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[45];
data/libnet-ip-xs-perl-0.21/object.c:1243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[90];
data/libnet-ip-xs-perl-0.21/object.c:1364:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + len, " - ");
data/libnet-ip-xs-perl-0.21/object.c:1400:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + len, " - ");
data/libnet-ip-xs-perl-0.21/object.c:1418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[(2 * (MAX_IPV6_STR_LEN - 1)) + 4];
data/libnet-ip-xs-perl-0.21/functions.c:137:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(Error);
data/libnet-ip-xs-perl-0.21/functions.c:356:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ip_int_str);
data/libnet-ip-xs-perl-0.21/functions.c:366:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = n128_set_str_decimal(&num, ip_int_str, strlen(ip_int_str));
data/libnet-ip-xs-perl-0.21/functions.c:388:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bitstr);
data/libnet-ip-xs-perl-0.21/functions.c:419:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libnet-ip-xs-perl-0.21/functions.c:506:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libnet-ip-xs-perl-0.21/functions.c:535:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str + i) == 0) {
data/libnet-ip-xs-perl-0.21/functions.c:722:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, bitstr, len);
data/libnet-ip-xs-perl-0.21/functions.c:772:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(b) != (strlen(e))) {
data/libnet-ip-xs-perl-0.21/functions.c:772:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(b) != (strlen(e))) {
data/libnet-ip-xs-perl-0.21/functions.c:936:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b1_len = strlen(begin_1);
data/libnet-ip-xs-perl-0.21/functions.c:937:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b2_len = strlen(begin_2);
data/libnet-ip-xs-perl-0.21/functions.c:939:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!( (b1_len == (int) strlen(end_1))
data/libnet-ip-xs-perl-0.21/functions.c:940:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (b2_len == (int) strlen(end_2))
data/libnet-ip-xs-perl-0.21/functions.c:1060:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iplen = strlen(bitstr);
data/libnet-ip-xs-perl-0.21/functions.c:1157:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bin1_len = strlen(bitstr_1);
data/libnet-ip-xs-perl-0.21/functions.c:1158:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bin2_len = strlen(bitstr_2);
data/libnet-ip-xs-perl-0.21/functions.c:1255:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(bitstr);
data/libnet-ip-xs-perl-0.21/functions.c:1307:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(ip1);
data/libnet-ip-xs-perl-0.21/functions.c:1308:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(ip2);
data/libnet-ip-xs-perl-0.21/functions.c:1392:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_prefix, "/");
data/libnet-ip-xs-perl-0.21/functions.c:1394:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_prefix, range, res);
data/libnet-ip-xs-perl-0.21/functions.c:1480:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_prefix, "/");
data/libnet-ip-xs-perl-0.21/functions.c:1482:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_prefix, range, res);
data/libnet-ip-xs-perl-0.21/functions.c:1528:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(begin) != strlen(end)) {
data/libnet-ip-xs-perl-0.21/functions.c:1528:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(begin) != strlen(end)) {
data/libnet-ip-xs-perl-0.21/functions.c:1545:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n128_set_str_binary(&begin_n128, begin, strlen(begin));
data/libnet-ip-xs-perl-0.21/functions.c:1546:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n128_set_str_binary(&end_n128, end, strlen(end));
data/libnet-ip-xs-perl-0.21/functions.c:1595:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*prefixes);
data/libnet-ip-xs-perl-0.21/functions.c:1602:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, *prefixes, len);
data/libnet-ip-xs-perl-0.21/functions.c:1707:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(addr_args[i]) != 32) {
data/libnet-ip-xs-perl-0.21/functions.c:1721:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(addr_args[i]) != 128) {
data/libnet-ip-xs-perl-0.21/functions.c:1727:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n128_set_str_binary(&b1_n128, b1, strlen(b1));
data/libnet-ip-xs-perl-0.21/functions.c:1728:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n128_set_str_binary(&e1_n128, e1, strlen(e1));
data/libnet-ip-xs-perl-0.21/functions.c:1729:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n128_set_str_binary(&b2_n128, b2, strlen(b2));
data/libnet-ip-xs-perl-0.21/functions.c:1730:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n128_set_str_binary(&e2_n128, e2, strlen(e2));
data/libnet-ip-xs-perl-0.21/functions.c:2048:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (endptr != (slash + strlen(slash))) {
data/libnet-ip-xs-perl-0.21/functions.c:2110:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (endptr != (slash + strlen(slash))) {
data/libnet-ip-xs-perl-0.21/functions.c:2399:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = n128_set_str_decimal(&addnum, num, strlen(num));
data/libnet-ip-xs-perl-0.21/functions.c:2568:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ip) > (MAX_IPV4_RANGE_STR_LEN - 1)) {
data/libnet-ip-xs-perl-0.21/functions.c:2577:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = ip + (strlen(ip) + 1);
data/libnet-ip-xs-perl-0.21/functions.c:2590:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ip, buflen);
data/libnet-ip-xs-perl-0.21/functions.c:2667:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ":");
data/libnet-ip-xs-perl-0.21/functions.c:2670:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ":");
data/libnet-ip-xs-perl-0.21/functions.c:2676:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ":");
data/libnet-ip-xs-perl-0.21/functions.c:2814:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mask_len = strlen(mask);
data/libnet-ip-xs-perl-0.21/functions.c:2904:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(c);
data/libnet-ip-xs-perl-0.21/functions.c:2909:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, c, len);
data/libnet-ip-xs-perl-0.21/n128.c:589:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bufp, str, len);
data/libnet-ip-xs-perl-0.21/n128.c:608:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ps_len = strlen(ps);
data/libnet-ip-xs-perl-0.21/object.c:629:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HV_MY_STORE_PV(ipo, "intformat", 9, buf, strlen(buf));
data/libnet-ip-xs-perl-0.21/object.c:697:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HV_MY_STORE_PV(ipo, "hexformat", 9, buf, strlen(buf));
data/libnet-ip-xs-perl-0.21/object.c:727:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n128_set_str_binary(&dec, binmask, strlen(binmask));
data/libnet-ip-xs-perl-0.21/object.c:729:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HV_MY_STORE_PV(ipo, "hexmask", 7, buf, strlen(buf));
data/libnet-ip-xs-perl-0.21/object.c:1363:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libnet-ip-xs-perl-0.21/object.c:1399:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libnet-ip-xs-perl-0.21/object.c:1441:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = n128_set_str_decimal(&num_n128, num, strlen(num));
ANALYSIS SUMMARY:
Hits = 134
Lines analyzed = 5897 in approximately 0.18 seconds (32232 lines/second)
Physical Source Lines of Code (SLOC) = 3765
Hits@level = [0] 16 [1] 57 [2] 71 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 150 [1+] 134 [2+] 77 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 39.8406 [1+] 35.591 [2+] 20.4515 [3+] 1.59363 [4+] 1.59363 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.