Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libnet-tclink-perl-3.4.0/tclink.h Examining data/libnet-tclink-perl-3.4.0/tclink.c FINAL RESULTS: data/libnet-tclink-perl-3.4.0/tclink.c:181:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, src); data/libnet-tclink-perl-3.4.0/tclink.c:197:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst+dlen, src); data/libnet-tclink-perl-3.4.0/tclink.c:774:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "BEGIN\nversion=%s\n", tclink_version); data/libnet-tclink-perl-3.4.0/tclink.c:916:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, tclink_version); data/libnet-tclink-perl-3.4.0/tclink.c:491:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/libnet-tclink-perl-3.4.0/tclink.c:100:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cert_data[TC_CERT_SIZE]={ data/libnet-tclink-perl-3.4.0/tclink.c:444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[512]; data/libnet-tclink-perl-3.4.0/tclink.c:474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *addr_list[4]; int addr[3]; data/libnet-tclink-perl-3.4.0/tclink.c:764:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[TC_BUFF_MAX], destbuf[TC_LINE_MAX]; data/libnet-tclink-perl-3.4.0/tclink.c:765:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[1024]; data/libnet-tclink-perl-3.4.0/tclink.c:785:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). host_hash = atoi(p->value); data/libnet-tclink-perl-3.4.0/tclink.c:805:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf+strlen(buf), "pass=%d\ntime=%ld\n", c->pass, time(0) - c->start_time); data/libnet-tclink-perl-3.4.0/tclink.c:179:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(src); data/libnet-tclink-perl-3.4.0/tclink.c:183:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, src, size - 1); data/libnet-tclink-perl-3.4.0/tclink.c:190:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int dlen = strlen(dst); data/libnet-tclink-perl-3.4.0/tclink.c:191:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(src); data/libnet-tclink-perl-3.4.0/tclink.c:199:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst+dlen, src, avail - 1); data/libnet-tclink-perl-3.4.0/tclink.c:618:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (SSL_write(c->ssl, string, strlen(string)) < 0) data/libnet-tclink-perl-3.4.0/tclink.c:632:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fd_set read; data/libnet-tclink-perl-3.4.0/tclink.c:643:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(buffer, eol, strlen(eol)+1); data/libnet-tclink-perl-3.4.0/tclink.c:644:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(destbuf); data/libnet-tclink-perl-3.4.0/tclink.c:652:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FD_ZERO(&read); FD_SET(c->sd, &read); data/libnet-tclink-perl-3.4.0/tclink.c:652:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FD_ZERO(&read); FD_SET(c->sd, &read); data/libnet-tclink-perl-3.4.0/tclink.c:657:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (select(c->sd + 1, &read, NULL, &error, &tv) < 1) data/libnet-tclink-perl-3.4.0/tclink.c:661:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (FD_ISSET(c->sd, &read)) data/libnet-tclink-perl-3.4.0/tclink.c:663:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buffer_end = strlen(buffer); data/libnet-tclink-perl-3.4.0/tclink.c:805:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buf+strlen(buf), "pass=%d\ntime=%ld\n", c->pass, time(0) - c->start_time); data/libnet-tclink-perl-3.4.0/tclink.c:871:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newlen = strlen(add); data/libnet-tclink-perl-3.4.0/tclink.c:875:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf + *len, add, newlen); ANALYSIS SUMMARY: Hits = 29 Lines analyzed = 988 in approximately 0.06 seconds (16301 lines/second) Physical Source Lines of Code (SLOC) = 673 Hits@level = [0] 0 [1] 17 [2] 7 [3] 1 [4] 4 [5] 0 Hits@level+ = [0+] 29 [1+] 29 [2+] 12 [3+] 5 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 43.0906 [1+] 43.0906 [2+] 17.8306 [3+] 7.42942 [4+] 5.94354 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.