Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libnftnl-1.1.8/examples/nft-events.c
Examining data/libnftnl-1.1.8/examples/nft-chain-get.c
Examining data/libnftnl-1.1.8/examples/nft-obj-del.c
Examining data/libnftnl-1.1.8/examples/nft-ct-timeout-get.c
Examining data/libnftnl-1.1.8/examples/nft-set-get.c
Examining data/libnftnl-1.1.8/examples/nft-ct-expectation-del.c
Examining data/libnftnl-1.1.8/examples/nft-rule-del.c
Examining data/libnftnl-1.1.8/examples/nft-ct-helper-get.c
Examining data/libnftnl-1.1.8/examples/nft-table-get.c
Examining data/libnftnl-1.1.8/examples/nft-rule-add.c
Examining data/libnftnl-1.1.8/examples/nft-rule-ct-timeout-add.c
Examining data/libnftnl-1.1.8/examples/nft-flowtable-add.c
Examining data/libnftnl-1.1.8/examples/nft-set-elem-del.c
Examining data/libnftnl-1.1.8/examples/nft-obj-add.c
Examining data/libnftnl-1.1.8/examples/nft-rule-ct-helper-add.c
Examining data/libnftnl-1.1.8/examples/nft-chain-add.c
Examining data/libnftnl-1.1.8/examples/nft-ct-timeout-del.c
Examining data/libnftnl-1.1.8/examples/nft-rule-ct-expectation-add.c
Examining data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c
Examining data/libnftnl-1.1.8/examples/nft-ct-timeout-add.c
Examining data/libnftnl-1.1.8/examples/nft-table-del.c
Examining data/libnftnl-1.1.8/examples/nft-ct-expectation-get.c
Examining data/libnftnl-1.1.8/examples/nft-ct-helper-add.c
Examining data/libnftnl-1.1.8/examples/nft-rule-get.c
Examining data/libnftnl-1.1.8/examples/nft-set-elem-add.c
Examining data/libnftnl-1.1.8/examples/nft-ruleset-get.c
Examining data/libnftnl-1.1.8/examples/nft-flowtable-get.c
Examining data/libnftnl-1.1.8/examples/nft-ct-helper-del.c
Examining data/libnftnl-1.1.8/examples/nft-flowtable-del.c
Examining data/libnftnl-1.1.8/examples/nft-compat-get.c
Examining data/libnftnl-1.1.8/examples/nft-table-upd.c
Examining data/libnftnl-1.1.8/examples/nft-map-add.c
Examining data/libnftnl-1.1.8/examples/nft-chain-del.c
Examining data/libnftnl-1.1.8/examples/nft-set-del.c
Examining data/libnftnl-1.1.8/examples/nft-set-elem-get.c
Examining data/libnftnl-1.1.8/examples/nft-table-add.c
Examining data/libnftnl-1.1.8/examples/nft-obj-get.c
Examining data/libnftnl-1.1.8/examples/nft-set-add.c
Examining data/libnftnl-1.1.8/src/trace.c
Examining data/libnftnl-1.1.8/src/utils.c
Examining data/libnftnl-1.1.8/src/obj/tunnel.c
Examining data/libnftnl-1.1.8/src/obj/ct_timeout.c
Examining data/libnftnl-1.1.8/src/obj/secmark.c
Examining data/libnftnl-1.1.8/src/obj/limit.c
Examining data/libnftnl-1.1.8/src/obj/counter.c
Examining data/libnftnl-1.1.8/src/obj/synproxy.c
Examining data/libnftnl-1.1.8/src/obj/ct_expect.c
Examining data/libnftnl-1.1.8/src/obj/quota.c
Examining data/libnftnl-1.1.8/src/obj/ct_helper.c
Examining data/libnftnl-1.1.8/src/expr/target.c
Examining data/libnftnl-1.1.8/src/expr/exthdr.c
Examining data/libnftnl-1.1.8/src/expr/fwd.c
Examining data/libnftnl-1.1.8/src/expr/socket.c
Examining data/libnftnl-1.1.8/src/expr/byteorder.c
Examining data/libnftnl-1.1.8/src/expr/tunnel.c
Examining data/libnftnl-1.1.8/src/expr/numgen.c
Examining data/libnftnl-1.1.8/src/expr/ct.c
Examining data/libnftnl-1.1.8/src/expr/xfrm.c
Examining data/libnftnl-1.1.8/src/expr/log.c
Examining data/libnftnl-1.1.8/src/expr/queue.c
Examining data/libnftnl-1.1.8/src/expr/flow_offload.c
Examining data/libnftnl-1.1.8/src/expr/nat.c
Examining data/libnftnl-1.1.8/src/expr/limit.c
Examining data/libnftnl-1.1.8/src/expr/lookup.c
Examining data/libnftnl-1.1.8/src/expr/immediate.c
Examining data/libnftnl-1.1.8/src/expr/counter.c
Examining data/libnftnl-1.1.8/src/expr/match.c
Examining data/libnftnl-1.1.8/src/expr/hash.c
Examining data/libnftnl-1.1.8/src/expr/cmp.c
Examining data/libnftnl-1.1.8/src/expr/synproxy.c
Examining data/libnftnl-1.1.8/src/expr/rt.c
Examining data/libnftnl-1.1.8/src/expr/tproxy.c
Examining data/libnftnl-1.1.8/src/expr/redir.c
Examining data/libnftnl-1.1.8/src/expr/data_reg.c
Examining data/libnftnl-1.1.8/src/expr/fib.c
Examining data/libnftnl-1.1.8/src/expr/osf.c
Examining data/libnftnl-1.1.8/src/expr/reject.c
Examining data/libnftnl-1.1.8/src/expr/masq.c
Examining data/libnftnl-1.1.8/src/expr/meta.c
Examining data/libnftnl-1.1.8/src/expr/payload.c
Examining data/libnftnl-1.1.8/src/expr/quota.c
Examining data/libnftnl-1.1.8/src/expr/bitwise.c
Examining data/libnftnl-1.1.8/src/expr/objref.c
Examining data/libnftnl-1.1.8/src/expr/dup.c
Examining data/libnftnl-1.1.8/src/expr/dynset.c
Examining data/libnftnl-1.1.8/src/expr/range.c
Examining data/libnftnl-1.1.8/src/expr/connlimit.c
Examining data/libnftnl-1.1.8/src/object.c
Examining data/libnftnl-1.1.8/src/udata.c
Examining data/libnftnl-1.1.8/src/flowtable.c
Examining data/libnftnl-1.1.8/src/batch.c
Examining data/libnftnl-1.1.8/src/expr.c
Examining data/libnftnl-1.1.8/src/set.c
Examining data/libnftnl-1.1.8/src/chain.c
Examining data/libnftnl-1.1.8/src/expr_ops.c
Examining data/libnftnl-1.1.8/src/set_elem.c
Examining data/libnftnl-1.1.8/src/gen.c
Examining data/libnftnl-1.1.8/src/rule.c
Examining data/libnftnl-1.1.8/src/common.c
Examining data/libnftnl-1.1.8/src/ruleset.c
Examining data/libnftnl-1.1.8/src/table.c
Examining data/libnftnl-1.1.8/tests/nft-set-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_queue-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_objref-test.c
Examining data/libnftnl-1.1.8/tests/nft-rule-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_fwd-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_reject-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_counter-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_payload-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_meta-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_cmp-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_byteorder-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_range-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_log-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_numgen-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_nat-test.c
Examining data/libnftnl-1.1.8/tests/nft-chain-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_lookup-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_limit-test.c
Examining data/libnftnl-1.1.8/tests/nft-table-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_exthdr-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_redir-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_masq-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_quota-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_ct-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_bitwise-test.c
Examining data/libnftnl-1.1.8/tests/nft-object-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_hash-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_immediate-test.c
Examining data/libnftnl-1.1.8/tests/nft-flowtable-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_dup-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_target-test.c
Examining data/libnftnl-1.1.8/tests/nft-expr_match-test.c
Examining data/libnftnl-1.1.8/include/libnftnl/expr.h
Examining data/libnftnl-1.1.8/include/libnftnl/common.h
Examining data/libnftnl-1.1.8/include/libnftnl/gen.h
Examining data/libnftnl-1.1.8/include/libnftnl/trace.h
Examining data/libnftnl-1.1.8/include/libnftnl/table.h
Examining data/libnftnl-1.1.8/include/libnftnl/chain.h
Examining data/libnftnl-1.1.8/include/libnftnl/rule.h
Examining data/libnftnl-1.1.8/include/libnftnl/ruleset.h
Examining data/libnftnl-1.1.8/include/libnftnl/set.h
Examining data/libnftnl-1.1.8/include/libnftnl/object.h
Examining data/libnftnl-1.1.8/include/libnftnl/udata.h
Examining data/libnftnl-1.1.8/include/libnftnl/flowtable.h
Examining data/libnftnl-1.1.8/include/libnftnl/batch.h
Examining data/libnftnl-1.1.8/include/data_reg.h
Examining data/libnftnl-1.1.8/include/expr.h
Examining data/libnftnl-1.1.8/include/common.h
Examining data/libnftnl-1.1.8/include/internal.h
Examining data/libnftnl-1.1.8/include/rule.h
Examining data/libnftnl-1.1.8/include/set.h
Examining data/libnftnl-1.1.8/include/set_elem.h
Examining data/libnftnl-1.1.8/include/udata.h
Examining data/libnftnl-1.1.8/include/linux/netfilter/nfnetlink.h
Examining data/libnftnl-1.1.8/include/linux/netfilter/nf_log.h
Examining data/libnftnl-1.1.8/include/linux/netfilter/nf_tables_compat.h
Examining data/libnftnl-1.1.8/include/linux/netfilter/nf_tables.h
Examining data/libnftnl-1.1.8/include/linux/netfilter.h
Examining data/libnftnl-1.1.8/include/utils.h
Examining data/libnftnl-1.1.8/include/obj.h
Examining data/libnftnl-1.1.8/include/linux_list.h
Examining data/libnftnl-1.1.8/include/expr_ops.h
FINAL RESULTS:
data/libnftnl-1.1.8/include/expr_ops.h:20:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_expr *e);
data/libnftnl-1.1.8/include/obj.h:112:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_obj *e);
data/libnftnl-1.1.8/src/expr.c:279:18: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (!expr->ops->snprintf)
data/libnftnl-1.1.8/src/expr.c:282:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = expr->ops->snprintf(buf + offset, remain, type, flags, expr);
data/libnftnl-1.1.8/src/expr/fib.c:179:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = snprintf(buf + offset, remain, "unknown 0x%" PRIx32,
data/libnftnl-1.1.8/src/object.c:399:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = obj->ops->snprintf(buf + offset, offset, type, flags,
data/libnftnl-1.1.8/examples/nft-chain-add.c:55:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nftnl_chain_set_u32(t, NFTNL_CHAIN_PRIO, atoi(argv[5]));
data/libnftnl-1.1.8/examples/nft-chain-add.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-chain-del.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-chain-get.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-chain-get.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-compat-get.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-compat-get.c:91:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rev = atoi(argv[3]);
data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c:71:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dport = atoi(argv[5]);
data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c:73:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atol(argv[6]);
data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c:75:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(argv[7]);
data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ct-expectation-del.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ct-expectation-get.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-ct-expectation-get.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ct-helper-add.c:82:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ct-helper-del.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ct-helper-get.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-ct-helper-get.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ct-timeout-add.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ct-timeout-del.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ct-timeout-get.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-ct-timeout-get.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-events.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-flowtable-add.c:34:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nftnl_flowtable_set_u32(t, NFTNL_FLOWTABLE_PRIO, atoi(argv[5]));
data/libnftnl-1.1.8/examples/nft-flowtable-add.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-flowtable-del.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-flowtable-get.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-flowtable-get.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-map-add.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-obj-add.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-obj-del.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-obj-get.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-obj-get.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-rule-add.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-rule-ct-expectation-add.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-rule-ct-helper-add.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-rule-ct-timeout-add.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-rule-del.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-rule-del.c:68:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nftnl_rule_set_u64(r, NFTNL_RULE_HANDLE, atoi(argv[4]));
data/libnftnl-1.1.8/examples/nft-rule-get.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-rule-get.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ruleset-get.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ruleset-get.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ruleset-get.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ruleset-get.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ruleset-get.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-ruleset-get.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-set-add.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-set-del.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-set-elem-add.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-set-elem-del.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-set-elem-get.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-set-elem-get.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-set-get.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-set-get.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-table-add.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-table-del.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-table-get.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/examples/nft-table-get.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/examples/nft-table-upd.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/include/obj.h:43:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/libnftnl-1.1.8/include/obj.h:98:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctx[NFT_SECMARK_CTX_MAXLEN];
data/libnftnl-1.1.8/src/batch.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nftnl_batch_buffer(batch), last_nlh, last_nlh->nlmsg_len);
data/libnftnl-1.1.8/src/chain.c:307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->user.data, data, data_len);
data/libnftnl-1.1.8/src/common.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/libnftnl-1.1.8/src/expr/bitwise.c:54:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bitwise->mask.val, data, data_len);
data/libnftnl-1.1.8/src/expr/bitwise.c:58:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bitwise->xor.val, data, data_len);
data/libnftnl-1.1.8/src/expr/bitwise.c:62:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bitwise->data.val, data, data_len);
data/libnftnl-1.1.8/src/expr/cmp.c:45:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmp->data.val, data, data_len);
data/libnftnl-1.1.8/src/expr/ct.c:151:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *ctkey2str_array[NFT_CT_MAX + 1] = {
data/libnftnl-1.1.8/src/expr/data_reg.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->val, orig, data_len);
data/libnftnl-1.1.8/src/expr/fib.c:131:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *fib_type[NFT_FIB_RESULT_MAX + 1] = {
data/libnftnl-1.1.8/src/expr/immediate.c:39:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&imm->data.val, data, data_len);
data/libnftnl-1.1.8/src/expr/immediate.c:54:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&imm->data.chain_id, data, sizeof(uint32_t));
data/libnftnl-1.1.8/src/expr/match.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[XT_EXTENSION_MAXNAMELEN];
data/libnftnl-1.1.8/src/expr/match.c:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(match_data, mnl_attr_get_payload(tb[NFTA_MATCH_INFO]), len);
data/libnftnl-1.1.8/src/expr/meta.c:135:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *meta_key2str_array[NFT_META_MAX] = {
data/libnftnl-1.1.8/src/expr/payload.c:206:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *base2str_array[NFT_PAYLOAD_TRANSPORT_HEADER+1] = {
data/libnftnl-1.1.8/src/expr/range.c:43:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&range->data_from.val, data, data_len);
data/libnftnl-1.1.8/src/expr/range.c:47:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&range->data_to.val, data, data_len);
data/libnftnl-1.1.8/src/expr/rt.c:115:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *rt_key2str_array[NFT_RT_MAX + 1] = {
data/libnftnl-1.1.8/src/expr/socket.c:115:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *socket_key2str_array[NFT_SOCKET_MAX + 1] = {
data/libnftnl-1.1.8/src/expr/target.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[XT_EXTENSION_MAXNAMELEN];
data/libnftnl-1.1.8/src/expr/target.c:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_data, mnl_attr_get_payload(tb[NFTA_TARGET_INFO]), len);
data/libnftnl-1.1.8/src/expr/tunnel.c:114:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *tunnel_key2str_array[NFT_TUNNEL_MAX + 1] = {
data/libnftnl-1.1.8/src/obj/ct_timeout.c:159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timeout->timeout, data,
data/libnftnl-1.1.8/src/obj/tunnel.c:41:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tun->src_v6, data, sizeof(struct in6_addr));
data/libnftnl-1.1.8/src/obj/tunnel.c:44:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tun->dst_v6, data, sizeof(struct in6_addr));
data/libnftnl-1.1.8/src/obj/tunnel.c:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tun->src_v6,
data/libnftnl-1.1.8/src/obj/tunnel.c:330:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tun->dst_v6,
data/libnftnl-1.1.8/src/object.c:115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obj->user.data, data, data_len);
data/libnftnl-1.1.8/src/rule.c:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->user.data, data, data_len);
data/libnftnl-1.1.8/src/rule.c:495:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->user.data, udata, r->user.len);
data/libnftnl-1.1.8/src/set.c:184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->desc.field_len, data, data_len);
data/libnftnl-1.1.8/src/set.c:200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->user.data, data, data_len);
data/libnftnl-1.1.8/src/set.c:347:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newset, set, sizeof(*set));
data/libnftnl-1.1.8/src/set_elem.c:119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->key.val, data, data_len);
data/libnftnl-1.1.8/src/set_elem.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->key_end.val, data, data_len);
data/libnftnl-1.1.8/src/set_elem.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data.val, data, data_len);
data/libnftnl-1.1.8/src/set_elem.c:154:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->user.data, data, data_len);
data/libnftnl-1.1.8/src/set_elem.c:274:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newelem, elem, sizeof(*elem));
data/libnftnl-1.1.8/src/set_elem.c:499:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->user.data, udata, e->user.len);
data/libnftnl-1.1.8/src/table.c:127:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->user.data, data, data_len);
data/libnftnl-1.1.8/src/trace.c:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->data, mnl_attr_get_payload(attr), len);
data/libnftnl-1.1.8/src/udata.c:55:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data, data, len <= buf->size ? len : buf->size);
data/libnftnl-1.1.8/src/udata.c:83:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->value, value, len);
data/libnftnl-1.1.8/src/utils.c:25:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const nftnl_family_str[NFPROTO_NUMPROTO] = {
data/libnftnl-1.1.8/src/utils.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, valuep, basetype[type].len);
data/libnftnl-1.1.8/src/utils.c:244:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *cmd2tag[NFTNL_CMD_MAX] = {
data/libnftnl-1.1.8/src/utils.c:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _buf[NFTNL_SNPRINTF_BUFSIZ];
data/libnftnl-1.1.8/tests/nft-chain-test.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_bitwise-test.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_bitwise-test.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_bitwise-test.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_byteorder-test.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_cmp-test.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_counter-test.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_ct-test.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_dup-test.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_exthdr-test.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_fwd-test.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_hash-test.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_immediate-test.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_limit-test.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_log-test.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_lookup-test.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_masq-test.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_match-test.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_match-test.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16] = "0123456789abcdef";
data/libnftnl-1.1.8/tests/nft-expr_meta-test.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_nat-test.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_numgen-test.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_objref-test.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_payload-test.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_queue-test.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_quota-test.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_range-test.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_redir-test.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_reject-test.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_target-test.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-expr_target-test.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16] = "0123456789abcdef";
data/libnftnl-1.1.8/tests/nft-flowtable-test.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-object-test.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-rule-test.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-set-test.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/tests/nft-table-test.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libnftnl-1.1.8/src/chain.c:348:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nftnl_chain_set_data(c, attr, str, strlen(str) + 1);
data/libnftnl-1.1.8/src/chain.c:367:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(c->name) + 1;
data/libnftnl-1.1.8/src/chain.c:370:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(c->table) + 1;
data/libnftnl-1.1.8/src/chain.c:400:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(c->dev) + 1;
data/libnftnl-1.1.8/src/chain.c:1062:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(key); i++)
data/libnftnl-1.1.8/src/expr.c:109:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nftnl_expr_set(expr, type, str, strlen(str) + 1);
data/libnftnl-1.1.8/src/expr.c:123:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(expr->ops->name) + 1;
data/libnftnl-1.1.8/src/expr/dynset.c:90:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(dynset->set_name) + 1;
data/libnftnl-1.1.8/src/expr/flow_offload.c:41:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(flow->table_name) + 1;
data/libnftnl-1.1.8/src/expr/immediate.c:79:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(imm->data.chain)+1;
data/libnftnl-1.1.8/src/expr/log.c:77:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(log->prefix)+1;
data/libnftnl-1.1.8/src/expr/lookup.c:76:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(lookup->set_name) + 1;
data/libnftnl-1.1.8/src/expr/objref.c:76:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(objref->imm.name) + 1;
data/libnftnl-1.1.8/src/expr/objref.c:82:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(objref->set.name) + 1;
data/libnftnl-1.1.8/src/flowtable.c:200:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nftnl_flowtable_set_data(c, attr, str, strlen(str) + 1);
data/libnftnl-1.1.8/src/flowtable.c:225:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(c->name) + 1;
data/libnftnl-1.1.8/src/flowtable.c:228:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(c->table) + 1;
data/libnftnl-1.1.8/src/obj/ct_helper.c:53:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(helper->name);
data/libnftnl-1.1.8/src/obj/secmark.c:46:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(secmark->ctx);
data/libnftnl-1.1.8/src/rule.c:191:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nftnl_rule_set_data(r, attr, str, strlen(str) + 1);
data/libnftnl-1.1.8/src/rule.c:206:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(r->table) + 1;
data/libnftnl-1.1.8/src/rule.c:209:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(r->chain) + 1;
data/libnftnl-1.1.8/src/set.c:235:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nftnl_set_set_data(s, attr, str, strlen(str) + 1);
data/libnftnl-1.1.8/src/set.c:247:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(s->table) + 1;
data/libnftnl-1.1.8/src/set.c:250:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(s->name) + 1;
data/libnftnl-1.1.8/src/set.c:865:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(key); i++)
data/libnftnl-1.1.8/src/set_elem.c:191:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nftnl_set_elem_set(s, attr, str, strlen(str) + 1);
data/libnftnl-1.1.8/src/set_elem.c:214:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(s->data.chain) + 1;
data/libnftnl-1.1.8/src/set_elem.c:231:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(s->objref) + 1;
data/libnftnl-1.1.8/src/table.c:162:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nftnl_table_set_data(t, attr, str, strlen(str) + 1);
data/libnftnl-1.1.8/src/table.c:174:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(t->name) + 1;
data/libnftnl-1.1.8/src/trace.c:168:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(trace->chain) + 1;
data/libnftnl-1.1.8/src/trace.c:171:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(trace->table) + 1;
data/libnftnl-1.1.8/src/trace.c:174:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_len = strlen(trace->jump_target) + 1;
data/libnftnl-1.1.8/src/udata.c:94:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nftnl_udata_put(buf, type, strlen(strz) + 1, strz);
data/libnftnl-1.1.8/tests/nft-expr_target-test.c:72:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nftnl_expr_set(ex, NFTNL_EXPR_TG_NAME, "test", strlen("test"));
ANALYSIS SUMMARY:
Hits = 188
Lines analyzed = 32249 in approximately 0.83 seconds (38960 lines/second)
Physical Source Lines of Code (SLOC) = 25269
Hits@level = [0] 351 [1] 36 [2] 146 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 539 [1+] 188 [2+] 152 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 21.3305 [1+] 7.43995 [2+] 6.01528 [3+] 0.237445 [4+] 0.237445 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.