Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libnftnl-1.1.8/examples/nft-events.c Examining data/libnftnl-1.1.8/examples/nft-chain-get.c Examining data/libnftnl-1.1.8/examples/nft-obj-del.c Examining data/libnftnl-1.1.8/examples/nft-ct-timeout-get.c Examining data/libnftnl-1.1.8/examples/nft-set-get.c Examining data/libnftnl-1.1.8/examples/nft-ct-expectation-del.c Examining data/libnftnl-1.1.8/examples/nft-rule-del.c Examining data/libnftnl-1.1.8/examples/nft-ct-helper-get.c Examining data/libnftnl-1.1.8/examples/nft-table-get.c Examining data/libnftnl-1.1.8/examples/nft-rule-add.c Examining data/libnftnl-1.1.8/examples/nft-rule-ct-timeout-add.c Examining data/libnftnl-1.1.8/examples/nft-flowtable-add.c Examining data/libnftnl-1.1.8/examples/nft-set-elem-del.c Examining data/libnftnl-1.1.8/examples/nft-obj-add.c Examining data/libnftnl-1.1.8/examples/nft-rule-ct-helper-add.c Examining data/libnftnl-1.1.8/examples/nft-chain-add.c Examining data/libnftnl-1.1.8/examples/nft-ct-timeout-del.c Examining data/libnftnl-1.1.8/examples/nft-rule-ct-expectation-add.c Examining data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c Examining data/libnftnl-1.1.8/examples/nft-ct-timeout-add.c Examining data/libnftnl-1.1.8/examples/nft-table-del.c Examining data/libnftnl-1.1.8/examples/nft-ct-expectation-get.c Examining data/libnftnl-1.1.8/examples/nft-ct-helper-add.c Examining data/libnftnl-1.1.8/examples/nft-rule-get.c Examining data/libnftnl-1.1.8/examples/nft-set-elem-add.c Examining data/libnftnl-1.1.8/examples/nft-ruleset-get.c Examining data/libnftnl-1.1.8/examples/nft-flowtable-get.c Examining data/libnftnl-1.1.8/examples/nft-ct-helper-del.c Examining data/libnftnl-1.1.8/examples/nft-flowtable-del.c Examining data/libnftnl-1.1.8/examples/nft-compat-get.c Examining data/libnftnl-1.1.8/examples/nft-table-upd.c Examining data/libnftnl-1.1.8/examples/nft-map-add.c Examining data/libnftnl-1.1.8/examples/nft-chain-del.c Examining data/libnftnl-1.1.8/examples/nft-set-del.c Examining data/libnftnl-1.1.8/examples/nft-set-elem-get.c Examining data/libnftnl-1.1.8/examples/nft-table-add.c Examining data/libnftnl-1.1.8/examples/nft-obj-get.c Examining data/libnftnl-1.1.8/examples/nft-set-add.c Examining data/libnftnl-1.1.8/src/trace.c Examining data/libnftnl-1.1.8/src/utils.c Examining data/libnftnl-1.1.8/src/obj/tunnel.c Examining data/libnftnl-1.1.8/src/obj/ct_timeout.c Examining data/libnftnl-1.1.8/src/obj/secmark.c Examining data/libnftnl-1.1.8/src/obj/limit.c Examining data/libnftnl-1.1.8/src/obj/counter.c Examining data/libnftnl-1.1.8/src/obj/synproxy.c Examining data/libnftnl-1.1.8/src/obj/ct_expect.c Examining data/libnftnl-1.1.8/src/obj/quota.c Examining data/libnftnl-1.1.8/src/obj/ct_helper.c Examining data/libnftnl-1.1.8/src/expr/target.c Examining data/libnftnl-1.1.8/src/expr/exthdr.c Examining data/libnftnl-1.1.8/src/expr/fwd.c Examining data/libnftnl-1.1.8/src/expr/socket.c Examining data/libnftnl-1.1.8/src/expr/byteorder.c Examining data/libnftnl-1.1.8/src/expr/tunnel.c Examining data/libnftnl-1.1.8/src/expr/numgen.c Examining data/libnftnl-1.1.8/src/expr/ct.c Examining data/libnftnl-1.1.8/src/expr/xfrm.c Examining data/libnftnl-1.1.8/src/expr/log.c Examining data/libnftnl-1.1.8/src/expr/queue.c Examining data/libnftnl-1.1.8/src/expr/flow_offload.c Examining data/libnftnl-1.1.8/src/expr/nat.c Examining data/libnftnl-1.1.8/src/expr/limit.c Examining data/libnftnl-1.1.8/src/expr/lookup.c Examining data/libnftnl-1.1.8/src/expr/immediate.c Examining data/libnftnl-1.1.8/src/expr/counter.c Examining data/libnftnl-1.1.8/src/expr/match.c Examining data/libnftnl-1.1.8/src/expr/hash.c Examining data/libnftnl-1.1.8/src/expr/cmp.c Examining data/libnftnl-1.1.8/src/expr/synproxy.c Examining data/libnftnl-1.1.8/src/expr/rt.c Examining data/libnftnl-1.1.8/src/expr/tproxy.c Examining data/libnftnl-1.1.8/src/expr/redir.c Examining data/libnftnl-1.1.8/src/expr/data_reg.c Examining data/libnftnl-1.1.8/src/expr/fib.c Examining data/libnftnl-1.1.8/src/expr/osf.c Examining data/libnftnl-1.1.8/src/expr/reject.c Examining data/libnftnl-1.1.8/src/expr/masq.c Examining data/libnftnl-1.1.8/src/expr/meta.c Examining data/libnftnl-1.1.8/src/expr/payload.c Examining data/libnftnl-1.1.8/src/expr/quota.c Examining data/libnftnl-1.1.8/src/expr/bitwise.c Examining data/libnftnl-1.1.8/src/expr/objref.c Examining data/libnftnl-1.1.8/src/expr/dup.c Examining data/libnftnl-1.1.8/src/expr/dynset.c Examining data/libnftnl-1.1.8/src/expr/range.c Examining data/libnftnl-1.1.8/src/expr/connlimit.c Examining data/libnftnl-1.1.8/src/object.c Examining data/libnftnl-1.1.8/src/udata.c Examining data/libnftnl-1.1.8/src/flowtable.c Examining data/libnftnl-1.1.8/src/batch.c Examining data/libnftnl-1.1.8/src/expr.c Examining data/libnftnl-1.1.8/src/set.c Examining data/libnftnl-1.1.8/src/chain.c Examining data/libnftnl-1.1.8/src/expr_ops.c Examining data/libnftnl-1.1.8/src/set_elem.c Examining data/libnftnl-1.1.8/src/gen.c Examining data/libnftnl-1.1.8/src/rule.c Examining data/libnftnl-1.1.8/src/common.c Examining data/libnftnl-1.1.8/src/ruleset.c Examining data/libnftnl-1.1.8/src/table.c Examining data/libnftnl-1.1.8/tests/nft-set-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_queue-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_objref-test.c Examining data/libnftnl-1.1.8/tests/nft-rule-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_fwd-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_reject-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_counter-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_payload-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_meta-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_cmp-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_byteorder-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_range-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_log-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_numgen-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_nat-test.c Examining data/libnftnl-1.1.8/tests/nft-chain-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_lookup-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_limit-test.c Examining data/libnftnl-1.1.8/tests/nft-table-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_exthdr-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_redir-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_masq-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_quota-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_ct-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_bitwise-test.c Examining data/libnftnl-1.1.8/tests/nft-object-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_hash-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_immediate-test.c Examining data/libnftnl-1.1.8/tests/nft-flowtable-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_dup-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_target-test.c Examining data/libnftnl-1.1.8/tests/nft-expr_match-test.c Examining data/libnftnl-1.1.8/include/libnftnl/expr.h Examining data/libnftnl-1.1.8/include/libnftnl/common.h Examining data/libnftnl-1.1.8/include/libnftnl/gen.h Examining data/libnftnl-1.1.8/include/libnftnl/trace.h Examining data/libnftnl-1.1.8/include/libnftnl/table.h Examining data/libnftnl-1.1.8/include/libnftnl/chain.h Examining data/libnftnl-1.1.8/include/libnftnl/rule.h Examining data/libnftnl-1.1.8/include/libnftnl/ruleset.h Examining data/libnftnl-1.1.8/include/libnftnl/set.h Examining data/libnftnl-1.1.8/include/libnftnl/object.h Examining data/libnftnl-1.1.8/include/libnftnl/udata.h Examining data/libnftnl-1.1.8/include/libnftnl/flowtable.h Examining data/libnftnl-1.1.8/include/libnftnl/batch.h Examining data/libnftnl-1.1.8/include/data_reg.h Examining data/libnftnl-1.1.8/include/expr.h Examining data/libnftnl-1.1.8/include/common.h Examining data/libnftnl-1.1.8/include/internal.h Examining data/libnftnl-1.1.8/include/rule.h Examining data/libnftnl-1.1.8/include/set.h Examining data/libnftnl-1.1.8/include/set_elem.h Examining data/libnftnl-1.1.8/include/udata.h Examining data/libnftnl-1.1.8/include/linux/netfilter/nfnetlink.h Examining data/libnftnl-1.1.8/include/linux/netfilter/nf_log.h Examining data/libnftnl-1.1.8/include/linux/netfilter/nf_tables_compat.h Examining data/libnftnl-1.1.8/include/linux/netfilter/nf_tables.h Examining data/libnftnl-1.1.8/include/linux/netfilter.h Examining data/libnftnl-1.1.8/include/utils.h Examining data/libnftnl-1.1.8/include/obj.h Examining data/libnftnl-1.1.8/include/linux_list.h Examining data/libnftnl-1.1.8/include/expr_ops.h FINAL RESULTS: data/libnftnl-1.1.8/include/expr_ops.h:20:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_expr *e); data/libnftnl-1.1.8/include/obj.h:112:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_obj *e); data/libnftnl-1.1.8/src/expr.c:279:18: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. if (!expr->ops->snprintf) data/libnftnl-1.1.8/src/expr.c:282:19: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = expr->ops->snprintf(buf + offset, remain, type, flags, expr); data/libnftnl-1.1.8/src/expr/fib.c:179:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = snprintf(buf + offset, remain, "unknown 0x%" PRIx32, data/libnftnl-1.1.8/src/object.c:399:19: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = obj->ops->snprintf(buf + offset, offset, type, flags, data/libnftnl-1.1.8/examples/nft-chain-add.c:55:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nftnl_chain_set_u32(t, NFTNL_CHAIN_PRIO, atoi(argv[5])); data/libnftnl-1.1.8/examples/nft-chain-add.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-chain-del.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-chain-get.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-chain-get.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-compat-get.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-compat-get.c:91:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rev = atoi(argv[3]); data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c:71:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dport = atoi(argv[5]); data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c:73:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). timeout = atol(argv[6]); data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c:75:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atoi(argv[7]); data/libnftnl-1.1.8/examples/nft-ct-expectation-add.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ct-expectation-del.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ct-expectation-get.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-ct-expectation-get.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ct-helper-add.c:82:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ct-helper-del.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ct-helper-get.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-ct-helper-get.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ct-timeout-add.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ct-timeout-del.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ct-timeout-get.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-ct-timeout-get.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-events.c:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-flowtable-add.c:34:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nftnl_flowtable_set_u32(t, NFTNL_FLOWTABLE_PRIO, atoi(argv[5])); data/libnftnl-1.1.8/examples/nft-flowtable-add.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-flowtable-del.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-flowtable-get.c:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-flowtable-get.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-map-add.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-obj-add.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-obj-del.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-obj-get.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-obj-get.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-rule-add.c:127:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-rule-ct-expectation-add.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-rule-ct-helper-add.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-rule-ct-timeout-add.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-rule-del.c:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-rule-del.c:68:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nftnl_rule_set_u64(r, NFTNL_RULE_HANDLE, atoi(argv[4])); data/libnftnl-1.1.8/examples/nft-rule-get.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-rule-get.c:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ruleset-get.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ruleset-get.c:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ruleset-get.c:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ruleset-get.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ruleset-get.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-ruleset-get.c:257:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-set-add.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-set-del.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-set-elem-add.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-set-elem-del.c:25:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-set-elem-get.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-set-elem-get.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-set-get.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-set-get.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-table-add.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-table-del.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-table-get.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/examples/nft-table-get.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/examples/nft-table-upd.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/include/obj.h:43:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/libnftnl-1.1.8/include/obj.h:98:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctx[NFT_SECMARK_CTX_MAXLEN]; data/libnftnl-1.1.8/src/batch.c:116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nftnl_batch_buffer(batch), last_nlh, last_nlh->nlmsg_len); data/libnftnl-1.1.8/src/chain.c:307:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->user.data, data, data_len); data/libnftnl-1.1.8/src/common.c:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MNL_SOCKET_BUFFER_SIZE]; data/libnftnl-1.1.8/src/expr/bitwise.c:54:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bitwise->mask.val, data, data_len); data/libnftnl-1.1.8/src/expr/bitwise.c:58:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bitwise->xor.val, data, data_len); data/libnftnl-1.1.8/src/expr/bitwise.c:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bitwise->data.val, data, data_len); data/libnftnl-1.1.8/src/expr/cmp.c:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cmp->data.val, data, data_len); data/libnftnl-1.1.8/src/expr/ct.c:151:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *ctkey2str_array[NFT_CT_MAX + 1] = { data/libnftnl-1.1.8/src/expr/data_reg.c:196:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->val, orig, data_len); data/libnftnl-1.1.8/src/expr/fib.c:131:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *fib_type[NFT_FIB_RESULT_MAX + 1] = { data/libnftnl-1.1.8/src/expr/immediate.c:39:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&imm->data.val, data, data_len); data/libnftnl-1.1.8/src/expr/immediate.c:54:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&imm->data.chain_id, data, sizeof(uint32_t)); data/libnftnl-1.1.8/src/expr/match.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[XT_EXTENSION_MAXNAMELEN]; data/libnftnl-1.1.8/src/expr/match.c:156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(match_data, mnl_attr_get_payload(tb[NFTA_MATCH_INFO]), len); data/libnftnl-1.1.8/src/expr/meta.c:135:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *meta_key2str_array[NFT_META_MAX] = { data/libnftnl-1.1.8/src/expr/payload.c:206:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *base2str_array[NFT_PAYLOAD_TRANSPORT_HEADER+1] = { data/libnftnl-1.1.8/src/expr/range.c:43:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&range->data_from.val, data, data_len); data/libnftnl-1.1.8/src/expr/range.c:47:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&range->data_to.val, data, data_len); data/libnftnl-1.1.8/src/expr/rt.c:115:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *rt_key2str_array[NFT_RT_MAX + 1] = { data/libnftnl-1.1.8/src/expr/socket.c:115:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *socket_key2str_array[NFT_SOCKET_MAX + 1] = { data/libnftnl-1.1.8/src/expr/target.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[XT_EXTENSION_MAXNAMELEN]; data/libnftnl-1.1.8/src/expr/target.c:156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target_data, mnl_attr_get_payload(tb[NFTA_TARGET_INFO]), len); data/libnftnl-1.1.8/src/expr/tunnel.c:114:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *tunnel_key2str_array[NFT_TUNNEL_MAX + 1] = { data/libnftnl-1.1.8/src/obj/ct_timeout.c:159:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(timeout->timeout, data, data/libnftnl-1.1.8/src/obj/tunnel.c:41:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tun->src_v6, data, sizeof(struct in6_addr)); data/libnftnl-1.1.8/src/obj/tunnel.c:44:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tun->dst_v6, data, sizeof(struct in6_addr)); data/libnftnl-1.1.8/src/obj/tunnel.c:324:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tun->src_v6, data/libnftnl-1.1.8/src/obj/tunnel.c:330:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tun->dst_v6, data/libnftnl-1.1.8/src/object.c:115:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obj->user.data, data, data_len); data/libnftnl-1.1.8/src/rule.c:156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->user.data, data, data_len); data/libnftnl-1.1.8/src/rule.c:495:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->user.data, udata, r->user.len); data/libnftnl-1.1.8/src/set.c:184:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s->desc.field_len, data, data_len); data/libnftnl-1.1.8/src/set.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->user.data, data, data_len); data/libnftnl-1.1.8/src/set.c:347:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newset, set, sizeof(*set)); data/libnftnl-1.1.8/src/set_elem.c:119:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s->key.val, data, data_len); data/libnftnl-1.1.8/src/set_elem.c:123:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s->key_end.val, data, data_len); data/libnftnl-1.1.8/src/set_elem.c:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->data.val, data, data_len); data/libnftnl-1.1.8/src/set_elem.c:154:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->user.data, data, data_len); data/libnftnl-1.1.8/src/set_elem.c:274:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newelem, elem, sizeof(*elem)); data/libnftnl-1.1.8/src/set_elem.c:499:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->user.data, udata, e->user.len); data/libnftnl-1.1.8/src/table.c:127:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->user.data, data, data_len); data/libnftnl-1.1.8/src/trace.c:270:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header->data, mnl_attr_get_payload(attr), len); data/libnftnl-1.1.8/src/udata.c:55:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->data, data, len <= buf->size ? len : buf->size); data/libnftnl-1.1.8/src/udata.c:83:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr->value, value, len); data/libnftnl-1.1.8/src/utils.c:25:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const nftnl_family_str[NFPROTO_NUMPROTO] = { data/libnftnl-1.1.8/src/utils.c:143:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, valuep, basetype[type].len); data/libnftnl-1.1.8/src/utils.c:244:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *cmd2tag[NFTNL_CMD_MAX] = { data/libnftnl-1.1.8/src/utils.c:282:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _buf[NFTNL_SNPRINTF_BUFSIZ]; data/libnftnl-1.1.8/tests/nft-chain-test.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_bitwise-test.c:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_bitwise-test.c:166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_bitwise-test.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_byteorder-test.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_cmp-test.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_counter-test.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_ct-test.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_dup-test.c:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_exthdr-test.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_fwd-test.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_hash-test.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_immediate-test.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_limit-test.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_log-test.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_lookup-test.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_masq-test.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_match-test.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_match-test.c:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[16] = "0123456789abcdef"; data/libnftnl-1.1.8/tests/nft-expr_meta-test.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_nat-test.c:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_numgen-test.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_objref-test.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_payload-test.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_queue-test.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_quota-test.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_range-test.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_redir-test.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_reject-test.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_target-test.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-expr_target-test.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[16] = "0123456789abcdef"; data/libnftnl-1.1.8/tests/nft-flowtable-test.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-object-test.c:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-rule-test.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-set-test.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/tests/nft-table-test.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libnftnl-1.1.8/src/chain.c:348:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return nftnl_chain_set_data(c, attr, str, strlen(str) + 1); data/libnftnl-1.1.8/src/chain.c:367:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(c->name) + 1; data/libnftnl-1.1.8/src/chain.c:370:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(c->table) + 1; data/libnftnl-1.1.8/src/chain.c:400:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(c->dev) + 1; data/libnftnl-1.1.8/src/chain.c:1062:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(key); i++) data/libnftnl-1.1.8/src/expr.c:109:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return nftnl_expr_set(expr, type, str, strlen(str) + 1); data/libnftnl-1.1.8/src/expr.c:123:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(expr->ops->name) + 1; data/libnftnl-1.1.8/src/expr/dynset.c:90:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(dynset->set_name) + 1; data/libnftnl-1.1.8/src/expr/flow_offload.c:41:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(flow->table_name) + 1; data/libnftnl-1.1.8/src/expr/immediate.c:79:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(imm->data.chain)+1; data/libnftnl-1.1.8/src/expr/log.c:77:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(log->prefix)+1; data/libnftnl-1.1.8/src/expr/lookup.c:76:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(lookup->set_name) + 1; data/libnftnl-1.1.8/src/expr/objref.c:76:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(objref->imm.name) + 1; data/libnftnl-1.1.8/src/expr/objref.c:82:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(objref->set.name) + 1; data/libnftnl-1.1.8/src/flowtable.c:200:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return nftnl_flowtable_set_data(c, attr, str, strlen(str) + 1); data/libnftnl-1.1.8/src/flowtable.c:225:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(c->name) + 1; data/libnftnl-1.1.8/src/flowtable.c:228:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(c->table) + 1; data/libnftnl-1.1.8/src/obj/ct_helper.c:53:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(helper->name); data/libnftnl-1.1.8/src/obj/secmark.c:46:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(secmark->ctx); data/libnftnl-1.1.8/src/rule.c:191:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return nftnl_rule_set_data(r, attr, str, strlen(str) + 1); data/libnftnl-1.1.8/src/rule.c:206:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(r->table) + 1; data/libnftnl-1.1.8/src/rule.c:209:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(r->chain) + 1; data/libnftnl-1.1.8/src/set.c:235:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return nftnl_set_set_data(s, attr, str, strlen(str) + 1); data/libnftnl-1.1.8/src/set.c:247:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(s->table) + 1; data/libnftnl-1.1.8/src/set.c:250:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(s->name) + 1; data/libnftnl-1.1.8/src/set.c:865:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(key); i++) data/libnftnl-1.1.8/src/set_elem.c:191:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return nftnl_set_elem_set(s, attr, str, strlen(str) + 1); data/libnftnl-1.1.8/src/set_elem.c:214:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(s->data.chain) + 1; data/libnftnl-1.1.8/src/set_elem.c:231:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(s->objref) + 1; data/libnftnl-1.1.8/src/table.c:162:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return nftnl_table_set_data(t, attr, str, strlen(str) + 1); data/libnftnl-1.1.8/src/table.c:174:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(t->name) + 1; data/libnftnl-1.1.8/src/trace.c:168:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(trace->chain) + 1; data/libnftnl-1.1.8/src/trace.c:171:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(trace->table) + 1; data/libnftnl-1.1.8/src/trace.c:174:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *data_len = strlen(trace->jump_target) + 1; data/libnftnl-1.1.8/src/udata.c:94:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return nftnl_udata_put(buf, type, strlen(strz) + 1, strz); data/libnftnl-1.1.8/tests/nft-expr_target-test.c:72:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nftnl_expr_set(ex, NFTNL_EXPR_TG_NAME, "test", strlen("test")); ANALYSIS SUMMARY: Hits = 188 Lines analyzed = 32249 in approximately 0.83 seconds (38960 lines/second) Physical Source Lines of Code (SLOC) = 25269 Hits@level = [0] 351 [1] 36 [2] 146 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 539 [1+] 188 [2+] 152 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 21.3305 [1+] 7.43995 [2+] 6.01528 [3+] 0.237445 [4+] 0.237445 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.