Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libnet-ip-xs-perl-0.21/inet_pton.c Examining data/libnet-ip-xs-perl-0.21/n128.c Examining data/libnet-ip-xs-perl-0.21/object.h Examining data/libnet-ip-xs-perl-0.21/functions.h Examining data/libnet-ip-xs-perl-0.21/object.c Examining data/libnet-ip-xs-perl-0.21/functions.c Examining data/libnet-ip-xs-perl-0.21/inet_pton.h Examining data/libnet-ip-xs-perl-0.21/n128.h FINAL RESULTS: data/libnet-ip-xs-perl-0.21/functions.c:166:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(netip_Error, 512, Error, args); data/libnet-ip-xs-perl-0.21/functions.c:1933:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, numbuf); data/libnet-ip-xs-perl-0.21/functions.c:2545:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s - %s", ip1buf, data/libnet-ip-xs-perl-0.21/functions.c:2628:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, ip); data/libnet-ip-xs-perl-0.21/functions.c:2674:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, mybuf); data/libnet-ip-xs-perl-0.21/object.c:65:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(errtmp, 512, Error, args); data/libnet-ip-xs-perl-0.21/functions.c:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char netip_Error[512]; data/libnet-ip-xs-perl-0.21/functions.c:141:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(netip_Error, Error, len); data/libnet-ip-xs-perl-0.21/functions.c:178:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. NI_ip_uchars_to_n128(unsigned char uchars[16], n128_t *num) data/libnet-ip-xs-perl-0.21/functions.c:199:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. NI_ip_uchars_to_ulong(unsigned char uchars[4]) data/libnet-ip-xs-perl-0.21/functions.c:392:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%lu", num_ulong); data/libnet-ip-xs-perl-0.21/functions.c:671:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ip, sizeof(*ip)); data/libnet-ip-xs-perl-0.21/functions.c:992:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IPV6_BITSTR_LEN]; data/libnet-ip-xs-perl-0.21/functions.c:1186:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%lu.%lu.%lu.%lu", (n >> 24) & 0xFF, data/libnet-ip-xs-perl-0.21/functions.c:1204:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", data/libnet-ip-xs-perl-0.21/functions.c:1350:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char range[4]; data/libnet-ip-xs-perl-0.21/functions.c:1431:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempip[IPV6_BITSTR_LEN]; data/libnet-ip-xs-perl-0.21/functions.c:1432:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char range[4]; data/libnet-ip-xs-perl-0.21/functions.c:1623:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *prefixes[128]; data/libnet-ip-xs-perl-0.21/functions.c:1653:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *prefixes[128]; data/libnet-ip-xs-perl-0.21/functions.c:1695:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *addr_args[4]; data/libnet-ip-xs-perl-0.21/functions.c:1771:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipv4[4]; data/libnet-ip-xs-perl-0.21/functions.c:1834:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipv4[4]; data/libnet-ip-xs-perl-0.21/functions.c:1859:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipv6[16]; data/libnet-ip-xs-perl-0.21/functions.c:1918:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[5]; data/libnet-ip-xs-perl-0.21/functions.c:1919:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipv4[4]; data/libnet-ip-xs-perl-0.21/functions.c:1932:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numbuf, "%u.", ipv4[i]); data/libnet-ip-xs-perl-0.21/functions.c:1936:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "in-addr.arpa."); data/libnet-ip-xs-perl-0.21/functions.c:1961:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipv6[16]; data/libnet-ip-xs-perl-0.21/functions.c:1976:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%x.", ((ipv6[index] >> shift) & 0xF)); data/libnet-ip-xs-perl-0.21/functions.c:1979:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "ip6.arpa."); data/libnet-ip-xs-perl-0.21/functions.c:2154:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipnum[16]; data/libnet-ip-xs-perl-0.21/functions.c:2346:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipnum[4]; data/libnet-ip-xs-perl-0.21/functions.c:2387:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipnum[16]; data/libnet-ip-xs-perl-0.21/functions.c:2536:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip1buf[MAX_IPV6_STR_LEN]; data/libnet-ip-xs-perl-0.21/functions.c:2537:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip2buf[MAX_IPV6_STR_LEN]; data/libnet-ip-xs-perl-0.21/functions.c:2607:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipv6[16]; data/libnet-ip-xs-perl-0.21/functions.c:2609:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[5]; data/libnet-ip-xs-perl-0.21/functions.c:2672:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mybuf, "%x", data/libnet-ip-xs-perl-0.21/functions.c:2724:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipbuf, prefix, len); data/libnet-ip-xs-perl-0.21/functions.c:2773:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, typestr, len); data/libnet-ip-xs-perl-0.21/functions.c:2784:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, "PUBLIC", 6); data/libnet-ip-xs-perl-0.21/functions.c:2853:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitstr1[IPV6_BITSTR_LEN]; data/libnet-ip-xs-perl-0.21/functions.c:2854:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitstr2[IPV6_BITSTR_LEN]; data/libnet-ip-xs-perl-0.21/functions.h:85:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned long NI_ip_uchars_to_ulong(unsigned char uchars[4]); data/libnet-ip-xs-perl-0.21/functions.h:86:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void NI_ip_uchars_to_n128(unsigned char uchars[16], n128_t *num); data/libnet-ip-xs-perl-0.21/inet_pton.c:67:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[NS_INADDRSZ], *tp; data/libnet-ip-xs-perl-0.21/inet_pton.c:100:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, tmp, NS_INADDRSZ); data/libnet-ip-xs-perl-0.21/inet_pton.c:124:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; data/libnet-ip-xs-perl-0.21/inet_pton.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipv4[16]; data/libnet-ip-xs-perl-0.21/inet_pton.c:187:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipv4, curtok, diff); data/libnet-ip-xs-perl-0.21/inet_pton.c:237:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, tmp, NS_IN6ADDRSZ); data/libnet-ip-xs-perl-0.21/n128.c:177:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(*dst)); data/libnet-ip-xs-perl-0.21/n128.c:581:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[40]; data/libnet-ip-xs-perl-0.21/object.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errtmp[512]; data/libnet-ip-xs-perl-0.21/object.c:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[MAX_IPV6_STR_LEN]; data/libnet-ip-xs-perl-0.21/object.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[MAX_IPV6_STR_LEN]; data/libnet-ip-xs-perl-0.21/object.c:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binbuf1[IPV6_BITSTR_LEN]; data/libnet-ip-xs-perl-0.21/object.c:167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binbuf2[IPV6_BITSTR_LEN]; data/libnet-ip-xs-perl-0.21/object.c:168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char maskbuf[IPV6_BITSTR_LEN]; data/libnet-ip-xs-perl-0.21/object.c:169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixbuf[MAX_IPV6_STR_LEN]; data/libnet-ip-xs-perl-0.21/object.c:170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *prefixes[MAX_PREFIXES]; data/libnet-ip-xs-perl-0.21/object.c:337:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(begin, raw_begin, 16); data/libnet-ip-xs-perl-0.21/object.c:362:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(end, raw_end, 16); data/libnet-ip-xs-perl-0.21/object.c:474:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuf[MAX_IPV6_STR_LEN]; data/libnet-ip-xs-perl-0.21/object.c:518:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "4294967296"); data/libnet-ip-xs-perl-0.21/object.c:520:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%lu", end - begin + 1); data/libnet-ip-xs-perl-0.21/object.c:545:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "340282366920938463463374607431768211456"); data/libnet-ip-xs-perl-0.21/object.c:581:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%lu", (unsigned long) NI_hv_get_uv(ipo, "xs_v4_ip0", 9)); data/libnet-ip-xs-perl-0.21/object.c:645:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "0x%lx", (unsigned long) NI_hv_get_uv(ipo, "xs_v4_ip0", 9)); data/libnet-ip-xs-perl-0.21/object.c:969:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%lu", end); data/libnet-ip-xs-perl-0.21/object.c:1068:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binbuf[130]; data/libnet-ip-xs-perl-0.21/object.c:1069:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[45]; data/libnet-ip-xs-perl-0.21/object.c:1243:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[90]; data/libnet-ip-xs-perl-0.21/object.c:1364:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf + len, " - "); data/libnet-ip-xs-perl-0.21/object.c:1400:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf + len, " - "); data/libnet-ip-xs-perl-0.21/object.c:1418:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[(2 * (MAX_IPV6_STR_LEN - 1)) + 4]; data/libnet-ip-xs-perl-0.21/functions.c:137:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(Error); data/libnet-ip-xs-perl-0.21/functions.c:356:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ip_int_str); data/libnet-ip-xs-perl-0.21/functions.c:366:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = n128_set_str_decimal(&num, ip_int_str, strlen(ip_int_str)); data/libnet-ip-xs-perl-0.21/functions.c:388:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(bitstr); data/libnet-ip-xs-perl-0.21/functions.c:419:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libnet-ip-xs-perl-0.21/functions.c:506:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libnet-ip-xs-perl-0.21/functions.c:535:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str + i) == 0) { data/libnet-ip-xs-perl-0.21/functions.c:722:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, bitstr, len); data/libnet-ip-xs-perl-0.21/functions.c:772:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(b) != (strlen(e))) { data/libnet-ip-xs-perl-0.21/functions.c:772:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(b) != (strlen(e))) { data/libnet-ip-xs-perl-0.21/functions.c:936:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b1_len = strlen(begin_1); data/libnet-ip-xs-perl-0.21/functions.c:937:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b2_len = strlen(begin_2); data/libnet-ip-xs-perl-0.21/functions.c:939:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!( (b1_len == (int) strlen(end_1)) data/libnet-ip-xs-perl-0.21/functions.c:940:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (b2_len == (int) strlen(end_2)) data/libnet-ip-xs-perl-0.21/functions.c:1060:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iplen = strlen(bitstr); data/libnet-ip-xs-perl-0.21/functions.c:1157:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bin1_len = strlen(bitstr_1); data/libnet-ip-xs-perl-0.21/functions.c:1158:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bin2_len = strlen(bitstr_2); data/libnet-ip-xs-perl-0.21/functions.c:1255:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(bitstr); data/libnet-ip-xs-perl-0.21/functions.c:1307:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen(ip1); data/libnet-ip-xs-perl-0.21/functions.c:1308:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(ip2); data/libnet-ip-xs-perl-0.21/functions.c:1392:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(new_prefix, "/"); data/libnet-ip-xs-perl-0.21/functions.c:1394:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(new_prefix, range, res); data/libnet-ip-xs-perl-0.21/functions.c:1480:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(new_prefix, "/"); data/libnet-ip-xs-perl-0.21/functions.c:1482:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(new_prefix, range, res); data/libnet-ip-xs-perl-0.21/functions.c:1528:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(begin) != strlen(end)) { data/libnet-ip-xs-perl-0.21/functions.c:1528:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(begin) != strlen(end)) { data/libnet-ip-xs-perl-0.21/functions.c:1545:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n128_set_str_binary(&begin_n128, begin, strlen(begin)); data/libnet-ip-xs-perl-0.21/functions.c:1546:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n128_set_str_binary(&end_n128, end, strlen(end)); data/libnet-ip-xs-perl-0.21/functions.c:1595:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(*prefixes); data/libnet-ip-xs-perl-0.21/functions.c:1602:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, *prefixes, len); data/libnet-ip-xs-perl-0.21/functions.c:1707:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(addr_args[i]) != 32) { data/libnet-ip-xs-perl-0.21/functions.c:1721:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(addr_args[i]) != 128) { data/libnet-ip-xs-perl-0.21/functions.c:1727:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n128_set_str_binary(&b1_n128, b1, strlen(b1)); data/libnet-ip-xs-perl-0.21/functions.c:1728:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n128_set_str_binary(&e1_n128, e1, strlen(e1)); data/libnet-ip-xs-perl-0.21/functions.c:1729:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n128_set_str_binary(&b2_n128, b2, strlen(b2)); data/libnet-ip-xs-perl-0.21/functions.c:1730:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n128_set_str_binary(&e2_n128, e2, strlen(e2)); data/libnet-ip-xs-perl-0.21/functions.c:2048:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (endptr != (slash + strlen(slash))) { data/libnet-ip-xs-perl-0.21/functions.c:2110:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (endptr != (slash + strlen(slash))) { data/libnet-ip-xs-perl-0.21/functions.c:2399:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = n128_set_str_decimal(&addnum, num, strlen(num)); data/libnet-ip-xs-perl-0.21/functions.c:2568:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ip) > (MAX_IPV4_RANGE_STR_LEN - 1)) { data/libnet-ip-xs-perl-0.21/functions.c:2577:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = ip + (strlen(ip) + 1); data/libnet-ip-xs-perl-0.21/functions.c:2590:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, ip, buflen); data/libnet-ip-xs-perl-0.21/functions.c:2667:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ":"); data/libnet-ip-xs-perl-0.21/functions.c:2670:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ":"); data/libnet-ip-xs-perl-0.21/functions.c:2676:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ":"); data/libnet-ip-xs-perl-0.21/functions.c:2814:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mask_len = strlen(mask); data/libnet-ip-xs-perl-0.21/functions.c:2904:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(c); data/libnet-ip-xs-perl-0.21/functions.c:2909:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, c, len); data/libnet-ip-xs-perl-0.21/n128.c:589:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufp, str, len); data/libnet-ip-xs-perl-0.21/n128.c:608:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ps_len = strlen(ps); data/libnet-ip-xs-perl-0.21/object.c:629:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HV_MY_STORE_PV(ipo, "intformat", 9, buf, strlen(buf)); data/libnet-ip-xs-perl-0.21/object.c:697:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HV_MY_STORE_PV(ipo, "hexformat", 9, buf, strlen(buf)); data/libnet-ip-xs-perl-0.21/object.c:727:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n128_set_str_binary(&dec, binmask, strlen(binmask)); data/libnet-ip-xs-perl-0.21/object.c:729:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HV_MY_STORE_PV(ipo, "hexmask", 7, buf, strlen(buf)); data/libnet-ip-xs-perl-0.21/object.c:1363:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/libnet-ip-xs-perl-0.21/object.c:1399:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/libnet-ip-xs-perl-0.21/object.c:1441:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = n128_set_str_decimal(&num_n128, num, strlen(num)); ANALYSIS SUMMARY: Hits = 134 Lines analyzed = 5897 in approximately 0.18 seconds (32232 lines/second) Physical Source Lines of Code (SLOC) = 3765 Hits@level = [0] 16 [1] 57 [2] 71 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 150 [1+] 134 [2+] 77 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 39.8406 [1+] 35.591 [2+] 20.4515 [3+] 1.59363 [4+] 1.59363 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.