Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libslirp-4.3.1/src/arp_table.c Examining data/libslirp-4.3.1/src/bootp.c Examining data/libslirp-4.3.1/src/bootp.h Examining data/libslirp-4.3.1/src/cksum.c Examining data/libslirp-4.3.1/src/debug.h Examining data/libslirp-4.3.1/src/dhcpv6.c Examining data/libslirp-4.3.1/src/dhcpv6.h Examining data/libslirp-4.3.1/src/dnssearch.c Examining data/libslirp-4.3.1/src/if.c Examining data/libslirp-4.3.1/src/if.h Examining data/libslirp-4.3.1/src/ip.h Examining data/libslirp-4.3.1/src/ip6.h Examining data/libslirp-4.3.1/src/ip6_icmp.c Examining data/libslirp-4.3.1/src/ip6_icmp.h Examining data/libslirp-4.3.1/src/ip6_input.c Examining data/libslirp-4.3.1/src/ip6_output.c Examining data/libslirp-4.3.1/src/ip_icmp.c Examining data/libslirp-4.3.1/src/ip_icmp.h Examining data/libslirp-4.3.1/src/ip_input.c Examining data/libslirp-4.3.1/src/ip_output.c Examining data/libslirp-4.3.1/src/libslirp.h Examining data/libslirp-4.3.1/src/main.h Examining data/libslirp-4.3.1/src/mbuf.c Examining data/libslirp-4.3.1/src/mbuf.h Examining data/libslirp-4.3.1/src/misc.c Examining data/libslirp-4.3.1/src/misc.h Examining data/libslirp-4.3.1/src/ncsi-pkt.h Examining data/libslirp-4.3.1/src/ncsi.c Examining data/libslirp-4.3.1/src/ndp_table.c Examining data/libslirp-4.3.1/src/sbuf.c Examining data/libslirp-4.3.1/src/sbuf.h Examining data/libslirp-4.3.1/src/slirp.c Examining data/libslirp-4.3.1/src/slirp.h Examining data/libslirp-4.3.1/src/socket.c Examining data/libslirp-4.3.1/src/socket.h Examining data/libslirp-4.3.1/src/state.c Examining data/libslirp-4.3.1/src/stream.c Examining data/libslirp-4.3.1/src/stream.h Examining data/libslirp-4.3.1/src/tcp.h Examining data/libslirp-4.3.1/src/tcp_input.c Examining data/libslirp-4.3.1/src/tcp_output.c Examining data/libslirp-4.3.1/src/tcp_subr.c Examining data/libslirp-4.3.1/src/tcp_timer.c Examining data/libslirp-4.3.1/src/tcp_timer.h Examining data/libslirp-4.3.1/src/tcp_var.h Examining data/libslirp-4.3.1/src/tcpip.h Examining data/libslirp-4.3.1/src/tftp.c Examining data/libslirp-4.3.1/src/tftp.h Examining data/libslirp-4.3.1/src/udp.c Examining data/libslirp-4.3.1/src/udp.h Examining data/libslirp-4.3.1/src/udp6.c Examining data/libslirp-4.3.1/src/util.c Examining data/libslirp-4.3.1/src/util.h Examining data/libslirp-4.3.1/src/version.c Examining data/libslirp-4.3.1/src/vmstate.c Examining data/libslirp-4.3.1/src/vmstate.h FINAL RESULTS: data/libslirp-4.3.1/src/bootp.c:259:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rbp->bp_file, slirp->bootp_filename); data/libslirp-4.3.1/src/ip6_icmp.c:11:5: [3] (random) g_rand_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. g_rand_int_range(slirp->grand, NDP_MinRtrAdvInterval, NDP_MaxRtrAdvInterval) data/libslirp-4.3.1/src/arp_table.c:52:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arptbl->table[i].ar_sha, ethaddr, ETH_ALEN); data/libslirp-4.3.1/src/arp_table.c:59:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arptbl->table[arptbl->next_victim].ar_sha, ethaddr, ETH_ALEN); data/libslirp-4.3.1/src/arp_table.c:83:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_ethaddr, arptbl->table[i].ar_sha, ETH_ALEN); data/libslirp-4.3.1/src/bootp.c:132:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(preq_addr->s_addr), p, 4); data/libslirp-4.3.1/src/bootp.c:143:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(preq_addr->s_addr), &bp->bp_ciaddr, 4); data/libslirp-4.3.1/src/bootp.c:175:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(client_ethaddr, bp->bp_hwaddr, ETH_ALEN); data/libslirp-4.3.1/src/bootp.c:201:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bc->macaddr, client_ethaddr, ETH_ALEN); data/libslirp-4.3.1/src/bootp.c:206:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bc->macaddr, client_ethaddr, ETH_ALEN); data/libslirp-4.3.1/src/bootp.c:232:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rbp->bp_hwaddr, bp->bp_hwaddr, ETH_ALEN); data/libslirp-4.3.1/src/bootp.c:239:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, rfc1533_cookie, 4); data/libslirp-4.3.1/src/bootp.c:264:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, &saddr.sin_addr, 4); data/libslirp-4.3.1/src/bootp.c:269:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, &slirp->vnetwork_mask, 4); data/libslirp-4.3.1/src/bootp.c:275:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, &saddr.sin_addr, 4); data/libslirp-4.3.1/src/bootp.c:280:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, &slirp->vnameserver_addr, 4); data/libslirp-4.3.1/src/bootp.c:287:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, &val, 4); data/libslirp-4.3.1/src/bootp.c:298:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, slirp->client_hostname, val); data/libslirp-4.3.1/src/bootp.c:311:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, slirp->vdomainname, val); data/libslirp-4.3.1/src/bootp.c:324:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, slirp->tftp_server_name, val); data/libslirp-4.3.1/src/bootp.c:335:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, slirp->vdnssearch, val); data/libslirp-4.3.1/src/bootp.c:350:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, nak_msg, sizeof(nak_msg) - 1); data/libslirp-4.3.1/src/bootp.h:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bp_file[128]; data/libslirp-4.3.1/src/dhcpv6.c:164:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resp, ri.client_id, ri.client_id_len); data/libslirp-4.3.1/src/dhcpv6.c:172:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resp, &slirp->vnameserver_addr6, 16); data/libslirp-4.3.1/src/ip6.h:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ð[2], &ip.s6_addr[16 - (ETH_ALEN - 2)], ETH_ALEN - 2); data/libslirp-4.3.1/src/ip6_icmp.c:52:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->m_data, m->m_data, t->m_len); data/libslirp-4.3.1/src/ip6_icmp.c:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[INET6_ADDRSTRLEN]; data/libslirp-4.3.1/src/ip6_icmp.c:124:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->m_data, m->m_data, error_data_len); data/libslirp-4.3.1/src/ip6_icmp.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[INET6_ADDRSTRLEN]; data/libslirp-4.3.1/src/ip6_icmp.c:233:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rip->ip_dst.s6_addr[13], &addr.s6_addr[13], 3); data/libslirp-4.3.1/src/ip6_icmp.h:122:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char linklayer_addr[6]; /* Source/Target Link-layer */ data/libslirp-4.3.1/src/ip_icmp.c:279:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufa[20], bufb[20]; data/libslirp-4.3.1/src/ip_icmp.c:317:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->m_data, msrc->m_data, msrc->m_len); data/libslirp-4.3.1/src/ip_icmp.c:344:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&icp->icmp_ip, msrc->m_data, s_ip_len); /* report the ip packet */ data/libslirp-4.3.1/src/ip_icmp.c:356:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpnt, message, message_len); data/libslirp-4.3.1/src/ip_icmp.h:84:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id_data[1]; data/libslirp-4.3.1/src/ip_input.c:457:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opts, opts + olen, (unsigned)i); data/libslirp-4.3.1/src/mbuf.c:135:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->m_data + m->m_len, n->m_data, n->m_len); data/libslirp-4.3.1/src/mbuf.c:158:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->m_ext, m->m_dat, m->m_size); data/libslirp-4.3.1/src/mbuf.c:191:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((n->m_data + n->m_len), (m->m_data + off), len); data/libslirp-4.3.1/src/misc.c:296:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libslirp-4.3.1/src/ncsi-pkt.h:66:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved2[3]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:74:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[26]; data/libslirp-4.3.1/src/ncsi-pkt.h:80:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[22]; data/libslirp-4.3.1/src/ncsi-pkt.h:86:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved[3]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:89:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[22]; data/libslirp-4.3.1/src/ncsi-pkt.h:95:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved[3]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:98:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[22]; data/libslirp-4.3.1/src/ncsi-pkt.h:106:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[22]; data/libslirp-4.3.1/src/ncsi-pkt.h:112:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved[3]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:116:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[18]; data/libslirp-4.3.1/src/ncsi-pkt.h:125:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[18]; data/libslirp-4.3.1/src/ncsi-pkt.h:137:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[14]; data/libslirp-4.3.1/src/ncsi-pkt.h:143:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved[3]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:146:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[22]; data/libslirp-4.3.1/src/ncsi-pkt.h:152:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[6]; /* MAC address */ data/libslirp-4.3.1/src/ncsi-pkt.h:156:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[18]; data/libslirp-4.3.1/src/ncsi-pkt.h:164:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[22]; data/libslirp-4.3.1/src/ncsi-pkt.h:172:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[22]; data/libslirp-4.3.1/src/ncsi-pkt.h:178:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved[3]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:181:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[22]; data/libslirp-4.3.1/src/ncsi-pkt.h:191:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[10]; data/libslirp-4.3.1/src/ncsi-pkt.h:198:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved[3]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:200:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fw_name[12]; /* f/w name string */ data/libslirp-4.3.1/src/ncsi-pkt.h:219:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved[2]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:229:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved[2]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:239:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reserved2[2]; /* Reserved */ data/libslirp-4.3.1/src/ncsi-pkt.h:241:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[6]; /* Supported MAC addr */ data/libslirp-4.3.1/src/ncsi-pkt.h:331:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[16]; /* UUID */ data/libslirp-4.3.1/src/ncsi-pkt.h:341:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[14]; data/libslirp-4.3.1/src/ncsi-pkt.h:348:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[22]; data/libslirp-4.3.1/src/ncsi-pkt.h:356:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[18]; data/libslirp-4.3.1/src/ndp_table.c:12:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[INET6_ADDRSTRLEN]; data/libslirp-4.3.1/src/ndp_table.c:34:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ndp_table->table[i].eth_addr, ethaddr, ETH_ALEN); data/libslirp-4.3.1/src/ndp_table.c:42:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ndp_table->table[ndp_table->next_victim].eth_addr, ethaddr, data/libslirp-4.3.1/src/ndp_table.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[INET6_ADDRSTRLEN]; data/libslirp-4.3.1/src/ndp_table.c:77:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_ethaddr, ndp_table->table[i].eth_addr, ETH_ALEN); data/libslirp-4.3.1/src/sbuf.c:117:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sb->sb_wptr, m->m_data, n); data/libslirp-4.3.1/src/sbuf.c:123:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sb->sb_wptr, m->m_data, n); data/libslirp-4.3.1/src/sbuf.c:130:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sb->sb_data, m->m_data + n, nn); data/libslirp-4.3.1/src/sbuf.c:157:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, from, len); data/libslirp-4.3.1/src/sbuf.c:163:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, from, off); data/libslirp-4.3.1/src/sbuf.c:166:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to + off, sb->sb_data, len); data/libslirp-4.3.1/src/slirp.c:132:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdns_addr, cached_addr, addrlen); data/libslirp-4.3.1/src/slirp.c:143:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdns_addr, cached_addr, addrlen); data/libslirp-4.3.1/src/slirp.c:153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; data/libslirp-4.3.1/src/slirp.c:154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff2[257]; data/libslirp-4.3.1/src/slirp.c:160:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen("/etc/resolv.conf", "r"); data/libslirp-4.3.1/src/slirp.c:180:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdns_addr, tmp_addr, addrlen); data/libslirp-4.3.1/src/slirp.c:181:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cached_addr, tmp_addr, addrlen); data/libslirp-4.3.1/src/slirp.c:192:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[INET6_ADDRSTRLEN]; data/libslirp-4.3.1/src/slirp.c:793:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reh->h_dest, pkt + ETH_ALEN, ETH_ALEN); data/libslirp-4.3.1/src/slirp.c:794:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reh->h_source, special_ethaddr, ETH_ALEN - 4); data/libslirp-4.3.1/src/slirp.c:795:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&reh->h_source[2], &ah->ar_tip, 4); data/libslirp-4.3.1/src/slirp.c:803:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rah->ar_sha, reh->h_source, ETH_ALEN); data/libslirp-4.3.1/src/slirp.c:805:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rah->ar_tha, ah->ar_sha, ETH_ALEN); data/libslirp-4.3.1/src/slirp.c:842:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->m_data + TCPIPHDR_DELTA + 2, pkt, pkt_len); data/libslirp-4.3.1/src/slirp.c:880:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reh->h_source, special_ethaddr, ETH_ALEN - 4); data/libslirp-4.3.1/src/slirp.c:881:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&reh->h_source[2], &slirp->vhost_addr, 4); data/libslirp-4.3.1/src/slirp.c:890:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rah->ar_sha, special_ethaddr, ETH_ALEN - 4); data/libslirp-4.3.1/src/slirp.c:891:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rah->ar_sha[2], &slirp->vhost_addr, 4); data/libslirp-4.3.1/src/slirp.c:911:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eh->h_source, special_ethaddr, ETH_ALEN - 4); data/libslirp-4.3.1/src/slirp.c:913:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eh->h_source[2], &slirp->vhost_addr, 4); data/libslirp-4.3.1/src/slirp.c:980:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eh->h_dest, ethaddr, ETH_ALEN); data/libslirp-4.3.1/src/slirp.c:987:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + sizeof(struct ethhdr), ifm->m_data, ifm->m_len); data/libslirp-4.3.1/src/slirp.h:73:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h_dest[ETH_ALEN]; /* destination eth addr */ data/libslirp-4.3.1/src/slirp.h:74:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h_source[ETH_ALEN]; /* source ether addr */ data/libslirp-4.3.1/src/slirp.h:88:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */ data/libslirp-4.3.1/src/slirp.h:90:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ar_tha[ETH_ALEN]; /* target hardware address */ data/libslirp-4.3.1/src/slirp.h:108:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char eth_addr[ETH_ALEN]; /* sender hardware address */ data/libslirp-4.3.1/src/slirp.h:143:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char client_hostname[33]; data/libslirp-4.3.1/src/socket.c:265:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iov[0].iov_base, buf, nn); data/libslirp-4.3.1/src/socket.c:273:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iov[1].iov_base, buf, copy); data/libslirp-4.3.1/src/socket.c:331:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[2048]; /* XXX Shouldn't be sending more oob data than this */ data/libslirp-4.3.1/src/socket.c:357:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, sb->sb_rptr, len); data/libslirp-4.3.1/src/socket.c:364:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((buff + len), sb->sb_data, n); data/libslirp-4.3.1/src/socket.c:501:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[256]; data/libslirp-4.3.1/src/tcp_input.c:1400:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)&mss, (char *)cp + 2, sizeof(mss)); data/libslirp-4.3.1/src/tcp_output.c:271:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)(opt + 2), (char *)&mss, sizeof(mss)); data/libslirp-4.3.1/src/tcp_output.c:324:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)ti, &tp->t_template, sizeof(struct tcpiphdr)); data/libslirp-4.3.1/src/tcp_output.c:353:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)(ti + 1), (char *)opt, optlen); data/libslirp-4.3.1/src/tcp_subr.c:608:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[257]; data/libslirp-4.3.1/src/tcp_subr.c:846:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ra_tbl[4]; data/libslirp-4.3.1/src/tftp.c:75:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&spt->client_addr, srcsas, sockaddr_size(srcsas)); data/libslirp-4.3.1/src/tftp.c:113:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). spt->fd = open(spt->filename, O_RDONLY | O_BINARY); data/libslirp-4.3.1/src/tftp.c:280:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *option_name[2]; data/libslirp-4.3.1/src/tftp.c:311:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(spt->filename, slirp->tftp_prefix, prefix_len); data/libslirp-4.3.1/src/tftp.c:381:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tsize = atoi(value); data/libslirp-4.3.1/src/tftp.c:397:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int blksize = atoi(value); data/libslirp-4.3.1/src/tftp.h:35:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tp_buf[TFTP_BLOCKSIZE_MAX + 2]; data/libslirp-4.3.1/src/bootp.c:258:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_assert(strlen(slirp->bootp_filename) < sizeof(rbp->bp_file)); data/libslirp-4.3.1/src/bootp.c:291:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val = strlen(slirp->client_hostname); data/libslirp-4.3.1/src/bootp.c:304:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val = strlen(slirp->vdomainname); data/libslirp-4.3.1/src/bootp.c:317:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val = strlen(slirp->tftp_server_name); data/libslirp-4.3.1/src/dnssearch.c:250:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nlen = strlen(names[i]); data/libslirp-4.3.1/src/ip_icmp.c:210:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sendto(so->s, icmp_ping_msg, strlen(icmp_ping_msg), 0, data/libslirp-4.3.1/src/ip_icmp.c:352:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). message_len = strlen(message); data/libslirp-4.3.1/src/slirp.c:166:13: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(buff, "nameserver%*[ \t]%256s", buff2) == 1) { data/libslirp-4.3.1/src/slirp.c:287:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(cfg->bootfile) < data/libslirp-4.3.1/src/tcp_subr.c:770:13: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(bptr, "DCC CHAT %256s %u %u", buff, &laddr, &lport) == 3) { data/libslirp-4.3.1/src/tcp_subr.c:780:20: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. } else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport, data/libslirp-4.3.1/src/tcp_subr.c:791:20: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. } else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport, data/libslirp-4.3.1/src/tftp.c:125:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read(spt->fd, buf, len); data/libslirp-4.3.1/src/tftp.c:222:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(msg) - sizeof(struct udphdr); data/libslirp-4.3.1/src/tftp.c:309:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix_len = strlen(slirp->tftp_prefix); data/libslirp-4.3.1/src/tftp.c:347:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). req_fname[strlen(req_fname) - 1] == '\\' || data/libslirp-4.3.1/src/tftp.c:350:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). req_fname[strlen(req_fname) - 1] == '/') { data/libslirp-4.3.1/src/tftp.c:370:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k += strlen(key) + 1; data/libslirp-4.3.1/src/tftp.c:378:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k += strlen(value) + 1; ANALYSIS SUMMARY: Hits = 150 Lines analyzed = 15719 in approximately 0.44 seconds (35417 lines/second) Physical Source Lines of Code (SLOC) = 10201 Hits@level = [0] 17 [1] 19 [2] 129 [3] 1 [4] 1 [5] 0 Hits@level+ = [0+] 167 [1+] 150 [2+] 131 [3+] 2 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 16.3709 [1+] 14.7044 [2+] 12.8419 [3+] 0.196059 [4+] 0.0980296 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.