Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libnetfilter-conntrack-1.0.8/tests/test_filter.c Examining data/libnetfilter-conntrack-1.0.8/tests/test_connlabel.c Examining data/libnetfilter-conntrack-1.0.8/tests/test_api.c Examining data/libnetfilter-conntrack-1.0.8/tests/ct_stress.c Examining data/libnetfilter-conntrack-1.0.8/tests/ct_events_reliable.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-event.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-dump.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-get.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-flush.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-event.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump-labels.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-del.c Examining data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-create.c Examining data/libnetfilter-conntrack-1.0.8/utils/expect_get.c Examining data/libnetfilter-conntrack-1.0.8/utils/expect_flush.c Examining data/libnetfilter-conntrack-1.0.8/utils/expect_events.c Examining data/libnetfilter-conntrack-1.0.8/utils/expect_dump.c Examining data/libnetfilter-conntrack-1.0.8/utils/expect_delete.c Examining data/libnetfilter-conntrack-1.0.8/utils/expect_create_userspace.c Examining data/libnetfilter-conntrack-1.0.8/utils/expect_create_nat.c Examining data/libnetfilter-conntrack-1.0.8/utils/expect_create.c Examining data/libnetfilter-conntrack-1.0.8/utils/ctexp_events.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_update.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_master.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_grp_create.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_get.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_flush.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_filter.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_events.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_dump_filter.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_dump.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_delete.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_create_nat.c Examining data/libnetfilter-conntrack-1.0.8/utils/conntrack_create.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/parse_mnl.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/build_mnl.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/snprintf_xml.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/snprintf_default.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/snprintf.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/build.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/setter.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/getter.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/compare.c Examining data/libnetfilter-conntrack-1.0.8/src/expect/api.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/stack.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/grp.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/filter_dump.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/compare.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_xml.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/build_mnl.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/build.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/labels.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/getter.c Examining data/libnetfilter-conntrack-1.0.8/src/conntrack/api.c Examining data/libnetfilter-conntrack-1.0.8/src/callback.c Examining data/libnetfilter-conntrack-1.0.8/src/main.c Examining data/libnetfilter-conntrack-1.0.8/include/internal/stack.h Examining data/libnetfilter-conntrack-1.0.8/include/internal/types.h Examining data/libnetfilter-conntrack-1.0.8/include/internal/object.h Examining data/libnetfilter-conntrack-1.0.8/include/internal/internal.h Examining data/libnetfilter-conntrack-1.0.8/include/internal/prototypes.h Examining data/libnetfilter-conntrack-1.0.8/include/internal/linux_list.h Examining data/libnetfilter-conntrack-1.0.8/include/internal/extern.h Examining data/libnetfilter-conntrack-1.0.8/include/internal/bitops.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv6.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv4.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_icmp.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_udp.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/linux_nf_conntrack_common.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h Examining data/libnetfilter-conntrack-1.0.8/include/libnetfilter_conntrack/libnetfilter_conntrack.h FINAL RESULTS: data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:317:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = snprintf(buf + offset, len, fmt, name); data/libnetfilter-conntrack-1.0.8/tests/ct_stress.c:32:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(t); data/libnetfilter-conntrack-1.0.8/tests/ct_stress.c:33:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. r = random(); data/libnetfilter-conntrack-1.0.8/tests/test_api.c:492:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-create.c:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-del.c:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump-labels.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump-labels.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-dump.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-event.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-event.c:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-flush.c:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-get.c:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-get.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c:19:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c:126:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfct-mnl-set-label.c:138:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cbargs.bit = atoi(argv[1]); data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-dump.c:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-dump.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-event.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnetfilter-conntrack-1.0.8/examples/nfexp-mnl-event.c:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:22:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const l3proto2str[AF_MAX]; data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:23:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const proto2str[IPPROTO_MAX]; data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:24:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const states[TCP_CONNTRACK_MAX]; data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:25:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const sctp_states[SCTP_CONNTRACK_MAX]; data/libnetfilter-conntrack-1.0.8/include/internal/extern.h:26:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const dccp_states[DCCP_CONNTRACK_MAX]; data/libnetfilter-conntrack-1.0.8/include/internal/object.h:171:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char helper_name[NFCT_HELPER_NAME_MAX]; data/libnetfilter-conntrack-1.0.8/include/internal/object.h:311:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char helper_name[NFCT_HELPER_NAME_MAX]; data/libnetfilter-conntrack-1.0.8/include/internal/object.h:313:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expectfn[__NFCT_EXPECTFN_MAX]; data/libnetfilter-conntrack-1.0.8/src/conntrack/api.c:990:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[size]; data/libnetfilter-conntrack-1.0.8/src/conntrack/api.c:1022:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[size]; data/libnetfilter-conntrack-1.0.8/src/conntrack/api.c:1676:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, b, bytes); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:114:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:133:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], __code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:153:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], __code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:177:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:196:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:207:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:219:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:229:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:239:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:252:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:265:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:276:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:287:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:314:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[pos], &__code, sizeof(__code)); data/libnetfilter-conntrack-1.0.8/src/conntrack/bsf.c:709:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this[j], &__code, sizeof(__code)); /* if A == 0 skip next two op */ data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:39:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->head.orig.src, data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:47:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->head.orig.dst, data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:55:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->repl.src, data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:63:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->repl.dst, data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->master.src, &orig->master.src, data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:173:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->master.dst, &orig->master.dst, data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:302:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->snat.min_ip.v6, &orig->snat.min_ip.v6, data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:309:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->dnat.min_ip.v6, &orig->dnat.min_ip.v6, data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:476:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->helper_info, orig->helper_info, orig->helper_info_len); data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:600:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ct1, ct2, sizeof(*ct1)); data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c:61:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].addr, data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c:63:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].mask, data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c:75:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].addr, data/libnetfilter-conntrack-1.0.8/src/conntrack/filter.c:77:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].mask, data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:29:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->src, &ct->head.orig.src.v6, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:30:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->dst, &ct->head.orig.dst.v6, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:36:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->src, &ct->repl.src.v6, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:37:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->dst, &ct->repl.dst.v6, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:72:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->src, &ct->master.src.v6, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:73:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this->dst, &ct->master.dst.v6, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:101:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this->addr, &ct->head.orig.src, sizeof(ct->head.orig.src)); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:108:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this->addr, &ct->head.orig.dst, sizeof(ct->head.orig.dst)); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:115:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this->addr, &ct->repl.src, sizeof(ct->repl.src)); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_getter.c:122:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this->addr, &ct->repl.dst, sizeof(ct->repl.dst)); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:59:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->head.orig.src.v6, this->src, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:60:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->head.orig.dst.v6, this->dst, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:67:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->repl.src.v6, this->src, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:68:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->repl.dst.v6, this->dst, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:129:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->master.src.v6, this->src, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/grp_setter.c:130:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->master.dst.v6, this->dst, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/labels.c:226:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[1024]; data/libnetfilter-conntrack-1.0.8/src/conntrack/labels.c:233:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name ? name : CONNLABEL_CFG, "re"); data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:30:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this->src.v6, &other->dst.v6, sizeof(union __nfct_address)); data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:31:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this->dst.v6, &other->src.v6, sizeof(union __nfct_address)); data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:63:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->snat.min_ip.v6, &ct->repl.dst.v6, data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:65:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->snat.max_ip.v6, &ct->snat.min_ip.v6, data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:67:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->repl.dst.v6, &ct->head.orig.src.v6, data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:86:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->dnat.min_ip.v6, &ct->repl.src.v6, data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:88:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->dnat.max_ip.v6, &ct->dnat.min_ip.v6, data/libnetfilter-conntrack-1.0.8/src/conntrack/objopt.c:90:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->repl.src.v6, &ct->head.orig.dst.v6, data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:85:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tuple->src.v6, mnl_attr_get_payload(tb[CTA_IP_V6_SRC]), data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:101:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tuple->dst.v6, mnl_attr_get_payload(tb[CTA_IP_V6_DST]), data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:343:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->protoinfo.tcp.wscale[__DIR_ORIG], data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:350:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->protoinfo.tcp.wscale[__DIR_REPL], data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:357:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->protoinfo.tcp.flags[0], data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:365:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->protoinfo.tcp.flags[1], data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:706:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ct->helper_info, mnl_attr_get_payload(tb[CTA_HELP_INFO]), data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:806:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mask->bits, bits, len); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:67:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->head.orig.src.v6, value, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:73:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->head.orig.dst.v6, value, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:79:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->repl.src.v6, value, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:85:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->repl.dst.v6, value, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:252:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->snat.min_ip.v6, value, sizeof(struct in6_addr)); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:253:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->snat.max_ip.v6, value, sizeof(struct in6_addr)); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:259:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->dnat.min_ip.v6, value, sizeof(struct in6_addr)); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:260:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->dnat.max_ip.v6, value, sizeof(struct in6_addr)); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:320:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->master.src.v6, value, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:326:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ct->master.dst.v6, value, sizeof(uint32_t)*4); data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:442:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ct->helper_info, value, len); data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:13:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const l3proto2str[AF_MAX] = { data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:18:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const proto2str[IPPROTO_MAX] = { data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:29:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const states[TCP_CONNTRACK_MAX] = { data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:42:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const sctp_states[SCTP_CONNTRACK_MAX] = { data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf.c:53:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const dccp_states[DCCP_CONNTRACK_MAX] = { data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN]; data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:99:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&src, &tuple->src.v6, sizeof(struct in6_addr)); data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dst, &tuple->dst.v6, sizeof(struct in6_addr)); data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_xml.c:84:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmp[INET6_ADDRSTRLEN]; data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_xml.c:87:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr, p, sizeof(struct in6_addr)); data/libnetfilter-conntrack-1.0.8/src/conntrack/stack.c:55:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->data + (s->elem_size * s->num_elems), data, s->elem_size); data/libnetfilter-conntrack-1.0.8/src/conntrack/stack.c:67:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, s->data + (s->elem_size * s->num_elems), s->elem_size); data/libnetfilter-conntrack-1.0.8/src/expect/api.c:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clone, exp, sizeof(*exp)); data/libnetfilter-conntrack-1.0.8/src/expect/api.c:701:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[size]; data/libnetfilter-conntrack-1.0.8/src/expect/api.c:733:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[size]; data/libnetfilter-conntrack-1.0.8/tests/ct_stress.c:48:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). for (i = r, j = 0;i < (r + atoi(argv[1]) * 2); i++, j++) { data/libnetfilter-conntrack-1.0.8/tests/test_api.c:167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[256]; data/libnetfilter-conntrack-1.0.8/tests/test_api.c:445:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ex1, ex2, nfexp_maxsize()); data/libnetfilter-conntrack-1.0.8/tests/test_api.c:454:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ex1, ex2, nfexp_maxsize()); data/libnetfilter-conntrack-1.0.8/tests/test_api.c:462:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ex1, ex2, nfexp_maxsize()); data/libnetfilter-conntrack-1.0.8/tests/test_api.c:469:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ex1, ex2, nfexp_maxsize()); data/libnetfilter-conntrack-1.0.8/tests/test_api.c:487:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[256]; data/libnetfilter-conntrack-1.0.8/tests/test_api.c:698:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; /* IPv6 group address is 16 bytes * 2 */ data/libnetfilter-conntrack-1.0.8/tests/test_api.c:712:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; /* IPv6 group address is 16 bytes */ data/libnetfilter-conntrack-1.0.8/tests/test_filter.c:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/conntrack_dump.c:12:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/conntrack_dump_filter.c:12:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/conntrack_events.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/conntrack_filter.c:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/conntrack_get.c:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/ctexp_events.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/ctexp_events.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/expect_dump.c:12:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/expect_events.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/utils/expect_get.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libnetfilter-conntrack-1.0.8/src/conntrack/copy.c:430:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest->helper_name, orig->helper_name, NFCT_HELPER_NAME_MAX); data/libnetfilter-conntrack-1.0.8/src/conntrack/parse_mnl.c:693:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ct->helper_name, mnl_attr_get_str(tb[CTA_HELP_NAME]), data/libnetfilter-conntrack-1.0.8/src/conntrack/setter.c:392:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ct->helper_name, value, NFCT_HELPER_NAME_MAX); data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:261:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen(tmp)-1] = '\0'; data/libnetfilter-conntrack-1.0.8/src/conntrack/snprintf_default.c:273:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen(tmp)-1] = '\0'; data/libnetfilter-conntrack-1.0.8/src/expect/parse_mnl.c:142:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(exp->helper_name, data/libnetfilter-conntrack-1.0.8/src/expect/parse_mnl.c:156:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(exp->expectfn, mnl_attr_get_payload(tb[CTA_EXPECT_FN]), data/libnetfilter-conntrack-1.0.8/src/expect/setter.c:49:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(exp->helper_name, value, NFCT_HELPER_NAME_MAX); data/libnetfilter-conntrack-1.0.8/src/expect/setter.c:65:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(exp->expectfn, value, __NFCT_EXPECTFN_MAX); ANALYSIS SUMMARY: Hits = 152 Lines analyzed = 16985 in approximately 0.49 seconds (34882 lines/second) Physical Source Lines of Code (SLOC) = 12135 Hits@level = [0] 272 [1] 9 [2] 139 [3] 3 [4] 1 [5] 0 Hits@level+ = [0+] 424 [1+] 152 [2+] 143 [3+] 4 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 34.9403 [1+] 12.5258 [2+] 11.7841 [3+] 0.329625 [4+] 0.0824063 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.