Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libnetfilter-conntrack-1.0.8/tests/test_filter.c
Examining data/libnetfilter-conntrack-1.0.8/tests/test_connlabel.c
Examining data/libnetfilter-conntrack-1.0.8/tests/test_api.c
Examining data/libnetfilter-conntrack-1.0.8/tests/ct_stress.c
Examining data/libnetfilter-conntrack-1.0.8/tests/ct_events_reliable.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-event.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-dump.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-get.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-flush.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-event.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump-labels.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-del.c
Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-create.c
Examining data/libnetfilter-conntrack-1.0.8/utils/expect_get.c
Examining data/libnetfilter-conntrack-1.0.8/utils/expect_flush.c
Examining data/libnetfilter-conntrack-1.0.8/utils/expect_events.c
Examining data/libnetfilter-conntrack-1.0.8/utils/expect_dump.c
Examining data/libnetfilter-conntrack-1.0.8/utils/expect_delete.c
Examining data/libnetfilter-conntrack-1.0.8/utils/expect_create_userspace.c
Examining data/libnetfilter-conntrack-1.0.8/utils/expect_create_nat.c
Examining data/libnetfilter-conntrack-1.0.8/utils/expect_create.c
Examining data/libnetfilter-conntrack-1.0.8/utils/ctexp_events.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_update.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_master.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_grp_create.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_get.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_flush.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_filter.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_events.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_dump_filter.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_dump.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_delete.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_create_nat.c
Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_create.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/parse_mnl.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/build_mnl.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/snprintf_xml.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/snprintf_default.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/snprintf.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/build.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/setter.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/getter.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/compare.c
Examining data/libnetfilter-conntrack-1.0.8/src/expect/api.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/stack.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/grp.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/filter_dump.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/compare.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_xml.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/build_mnl.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/build.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/labels.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/getter.c
Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/api.c
Examining data/libnetfilter-conntrack-1.0.8/src/callback.c
Examining data/libnetfilter-conntrack-1.0.8/src/main.c
Examining data/libnetfilter-conntrack-1.0.8/include/internal/stack.h
Examining data/libnetfilter-conntrack-1.0.8/include/internal/types.h
Examining data/libnetfilter-conntrack-1.0.8/include/internal/object.h
Examining data/libnetfilter-conntrack-1.0.8/include/internal/internal.h
Examining data/libnetfilter-conntrack-1.0.8/include/internal/prototypes.h
Examining data/libnetfilter-conntrack-1.0.8/include/internal/linux_list.h
Examining data/libnetfilter-conntrack-1.0.8/include/internal/extern.h
Examining data/libnetfilter-conntrack-1.0.8/include/internal/bitops.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv6.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv4.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_icmp.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_udp.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/linux_nf_conntrack_common.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack.h
FINAL RESULTS:
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:317:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = snprintf(buf + offset, len, fmt, name);
data/libnetfilter-conntrack-1.0.8/tests/ct_stress.c:32:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(t);
data/libnetfilter-conntrack-1.0.8/tests/ct_stress.c:33:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/libnetfilter-conntrack-1.0.8/tests/test_api.c:492:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-create.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-del.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump-labels.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump-labels.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-event.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-event.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-flush.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-get.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-get.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c:138:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cbargs.bit = atoi(argv[1]);
data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-dump.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-dump.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-event.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-event.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const l3proto2str[AF_MAX];
data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:23:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const proto2str[IPPROTO_MAX];
data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const states[TCP_CONNTRACK_MAX];
data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:25:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const sctp_states[SCTP_CONNTRACK_MAX];
data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const dccp_states[DCCP_CONNTRACK_MAX];
data/libnetfilter-conntrack-1.0.8/include/internal/object.h:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helper_name[NFCT_HELPER_NAME_MAX];
data/libnetfilter-conntrack-1.0.8/include/internal/object.h:311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helper_name[NFCT_HELPER_NAME_MAX];
data/libnetfilter-conntrack-1.0.8/include/internal/object.h:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectfn[__NFCT_EXPECTFN_MAX];
data/libnetfilter-conntrack-1.0.8/src/conntrack/api.c:990:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[size];
data/libnetfilter-conntrack-1.0.8/src/conntrack/api.c:1022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[size];
data/libnetfilter-conntrack-1.0.8/src/conntrack/api.c:1676:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, b, bytes);
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], __code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:153:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], __code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:177:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:219:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:239:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:265:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:276:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:287:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:314:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[pos], &__code, sizeof(__code));
data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:709:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this[j], &__code, sizeof(__code)); /* if A == 0 skip next two op */
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:39:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest->head.orig.src,
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:47:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest->head.orig.dst,
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:55:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest->repl.src,
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest->repl.dst,
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest->master.src, &orig->master.src,
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest->master.dst, &orig->master.dst,
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:302:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest->snat.min_ip.v6, &orig->snat.min_ip.v6,
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:309:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest->dnat.min_ip.v6, &orig->dnat.min_ip.v6,
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:476:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->helper_info, orig->helper_info, orig->helper_info_len);
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:600:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ct1, ct2, sizeof(*ct1));
data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c:61:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].addr,
data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].mask,
data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].addr,
data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].mask,
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:29:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->src, &ct->head.orig.src.v6, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:30:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->dst, &ct->head.orig.dst.v6, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:36:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->src, &ct->repl.src.v6, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:37:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->dst, &ct->repl.dst.v6, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->src, &ct->master.src.v6, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:73:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->dst, &ct->master.dst.v6, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this->addr, &ct->head.orig.src, sizeof(ct->head.orig.src));
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this->addr, &ct->head.orig.dst, sizeof(ct->head.orig.dst));
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this->addr, &ct->repl.src, sizeof(ct->repl.src));
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this->addr, &ct->repl.dst, sizeof(ct->repl.dst));
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:59:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->head.orig.src.v6, this->src, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:60:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->head.orig.dst.v6, this->dst, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->repl.src.v6, this->src, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->repl.dst.v6, this->dst, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->master.src.v6, this->src, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:130:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->master.dst.v6, this->dst, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/labels.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[1024];
data/libnetfilter-conntrack-1.0.8/src/conntrack/labels.c:233:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name ? name : CONNLABEL_CFG, "re");
data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:30:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this->src.v6, &other->dst.v6, sizeof(union __nfct_address));
data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:31:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this->dst.v6, &other->src.v6, sizeof(union __nfct_address));
data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:63:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->snat.min_ip.v6, &ct->repl.dst.v6,
data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:65:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->snat.max_ip.v6, &ct->snat.min_ip.v6,
data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:67:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->repl.dst.v6, &ct->head.orig.src.v6,
data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->dnat.min_ip.v6, &ct->repl.src.v6,
data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:88:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->dnat.max_ip.v6, &ct->dnat.min_ip.v6,
data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:90:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->repl.src.v6, &ct->head.orig.dst.v6,
data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:85:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tuple->src.v6, mnl_attr_get_payload(tb[CTA_IP_V6_SRC]),
data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tuple->dst.v6, mnl_attr_get_payload(tb[CTA_IP_V6_DST]),
data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:343:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->protoinfo.tcp.wscale[__DIR_ORIG],
data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:350:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->protoinfo.tcp.wscale[__DIR_REPL],
data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->protoinfo.tcp.flags[0],
data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:365:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->protoinfo.tcp.flags[1],
data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:706:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ct->helper_info, mnl_attr_get_payload(tb[CTA_HELP_INFO]),
data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:806:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mask->bits, bits, len);
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->head.orig.src.v6, value, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:73:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->head.orig.dst.v6, value, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->repl.src.v6, value, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:85:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->repl.dst.v6, value, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->snat.min_ip.v6, value, sizeof(struct in6_addr));
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:253:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->snat.max_ip.v6, value, sizeof(struct in6_addr));
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->dnat.min_ip.v6, value, sizeof(struct in6_addr));
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:260:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->dnat.max_ip.v6, value, sizeof(struct in6_addr));
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:320:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->master.src.v6, value, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ct->master.dst.v6, value, sizeof(uint32_t)*4);
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:442:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ct->helper_info, value, len);
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:13:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const l3proto2str[AF_MAX] = {
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:18:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const proto2str[IPPROTO_MAX] = {
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:29:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const states[TCP_CONNTRACK_MAX] = {
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:42:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const sctp_states[SCTP_CONNTRACK_MAX] = {
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:53:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const dccp_states[DCCP_CONNTRACK_MAX] = {
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&src, &tuple->src.v6, sizeof(struct in6_addr));
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst, &tuple->dst.v6, sizeof(struct in6_addr));
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_xml.c:84:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[INET6_ADDRSTRLEN];
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_xml.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, p, sizeof(struct in6_addr));
data/libnetfilter-conntrack-1.0.8/src/conntrack/stack.c:55:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data + (s->elem_size * s->num_elems), data, s->elem_size);
data/libnetfilter-conntrack-1.0.8/src/conntrack/stack.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, s->data + (s->elem_size * s->num_elems), s->elem_size);
data/libnetfilter-conntrack-1.0.8/src/expect/api.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone, exp, sizeof(*exp));
data/libnetfilter-conntrack-1.0.8/src/expect/api.c:701:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[size];
data/libnetfilter-conntrack-1.0.8/src/expect/api.c:733:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[size];
data/libnetfilter-conntrack-1.0.8/tests/ct_stress.c:48:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (i = r, j = 0;i < (r + atoi(argv[1]) * 2); i++, j++) {
data/libnetfilter-conntrack-1.0.8/tests/test_api.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/libnetfilter-conntrack-1.0.8/tests/test_api.c:445:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ex1, ex2, nfexp_maxsize());
data/libnetfilter-conntrack-1.0.8/tests/test_api.c:454:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ex1, ex2, nfexp_maxsize());
data/libnetfilter-conntrack-1.0.8/tests/test_api.c:462:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ex1, ex2, nfexp_maxsize());
data/libnetfilter-conntrack-1.0.8/tests/test_api.c:469:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ex1, ex2, nfexp_maxsize());
data/libnetfilter-conntrack-1.0.8/tests/test_api.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/libnetfilter-conntrack-1.0.8/tests/test_api.c:698:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32]; /* IPv6 group address is 16 bytes * 2 */
data/libnetfilter-conntrack-1.0.8/tests/test_api.c:712:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32]; /* IPv6 group address is 16 bytes */
data/libnetfilter-conntrack-1.0.8/tests/test_filter.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/conntrack_dump.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/conntrack_dump_filter.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/conntrack_events.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/conntrack_filter.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/conntrack_get.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/ctexp_events.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/ctexp_events.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/expect_dump.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/expect_events.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/utils/expect_get.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:430:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest->helper_name, orig->helper_name, NFCT_HELPER_NAME_MAX);
data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:693:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ct->helper_name, mnl_attr_get_str(tb[CTA_HELP_NAME]),
data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:392:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ct->helper_name, value, NFCT_HELPER_NAME_MAX);
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:261:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp)-1] = '\0';
data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:273:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp)-1] = '\0';
data/libnetfilter-conntrack-1.0.8/src/expect/parse_mnl.c:142:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(exp->helper_name,
data/libnetfilter-conntrack-1.0.8/src/expect/parse_mnl.c:156:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(exp->expectfn, mnl_attr_get_payload(tb[CTA_EXPECT_FN]),
data/libnetfilter-conntrack-1.0.8/src/expect/setter.c:49:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(exp->helper_name, value, NFCT_HELPER_NAME_MAX);
data/libnetfilter-conntrack-1.0.8/src/expect/setter.c:65:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(exp->expectfn, value, __NFCT_EXPECTFN_MAX);
ANALYSIS SUMMARY:
Hits = 152
Lines analyzed = 16985 in approximately 0.49 seconds (34882 lines/second)
Physical Source Lines of Code (SLOC) = 12135
Hits@level = [0] 272 [1] 9 [2] 139 [3] 3 [4] 1 [5] 0
Hits@level+ = [0+] 424 [1+] 152 [2+] 143 [3+] 4 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 34.9403 [1+] 12.5258 [2+] 11.7841 [3+] 0.329625 [4+] 0.0824063 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.