Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/masscan-1.0.5+ds1/src/crypto-base64.c
Examining data/masscan-1.0.5+ds1/src/crypto-base64.h
Examining data/masscan-1.0.5+ds1/src/crypto-blackrock2.c
Examining data/masscan-1.0.5+ds1/src/event-timeout.c
Examining data/masscan-1.0.5+ds1/src/event-timeout.h
Examining data/masscan-1.0.5+ds1/src/in-binary.c
Examining data/masscan-1.0.5+ds1/src/in-binary.h
Examining data/masscan-1.0.5+ds1/src/in-filter.c
Examining data/masscan-1.0.5+ds1/src/in-filter.h
Examining data/masscan-1.0.5+ds1/src/in-report.c
Examining data/masscan-1.0.5+ds1/src/in-report.h
Examining data/masscan-1.0.5+ds1/src/logger.c
Examining data/masscan-1.0.5+ds1/src/logger.h
Examining data/masscan-1.0.5+ds1/src/main-dedup.c
Examining data/masscan-1.0.5+ds1/src/main-dedup.h
Examining data/masscan-1.0.5+ds1/src/main-globals.h
Examining data/masscan-1.0.5+ds1/src/main-initadapter.c
Examining data/masscan-1.0.5+ds1/src/main-listscan.c
Examining data/masscan-1.0.5+ds1/src/main-ptrace.c
Examining data/masscan-1.0.5+ds1/src/main-ptrace.h
Examining data/masscan-1.0.5+ds1/src/main-readrange.c
Examining data/masscan-1.0.5+ds1/src/main-readrange.h
Examining data/masscan-1.0.5+ds1/src/main-src.c
Examining data/masscan-1.0.5+ds1/src/main-src.h
Examining data/masscan-1.0.5+ds1/src/main-status.c
Examining data/masscan-1.0.5+ds1/src/main-status.h
Examining data/masscan-1.0.5+ds1/src/main-throttle.c
Examining data/masscan-1.0.5+ds1/src/main-throttle.h
Examining data/masscan-1.0.5+ds1/src/main.c
Examining data/masscan-1.0.5+ds1/src/masscan-app.c
Examining data/masscan-1.0.5+ds1/src/masscan-app.h
Examining data/masscan-1.0.5+ds1/src/masscan-status.h
Examining data/masscan-1.0.5+ds1/src/masscan.h
Examining data/masscan-1.0.5+ds1/src/out-binary.c
Examining data/masscan-1.0.5+ds1/src/out-certs.c
Examining data/masscan-1.0.5+ds1/src/out-grepable.c
Examining data/masscan-1.0.5+ds1/src/out-json.c
Examining data/masscan-1.0.5+ds1/src/out-ndjson.c
Examining data/masscan-1.0.5+ds1/src/out-null.c
Examining data/masscan-1.0.5+ds1/src/out-record.h
Examining data/masscan-1.0.5+ds1/src/out-redis.c
Examining data/masscan-1.0.5+ds1/src/out-text.c
Examining data/masscan-1.0.5+ds1/src/out-unicornscan.c
Examining data/masscan-1.0.5+ds1/src/out-xml.c
Examining data/masscan-1.0.5+ds1/src/output.c
Examining data/masscan-1.0.5+ds1/src/output.h
Examining data/masscan-1.0.5+ds1/src/packet-queue.h
Examining data/masscan-1.0.5+ds1/src/pixie-backtrace.c
Examining data/masscan-1.0.5+ds1/src/pixie-backtrace.h
Examining data/masscan-1.0.5+ds1/src/pixie-file.c
Examining data/masscan-1.0.5+ds1/src/pixie-file.h
Examining data/masscan-1.0.5+ds1/src/pixie-sockets.h
Examining data/masscan-1.0.5+ds1/src/pixie-threads.c
Examining data/masscan-1.0.5+ds1/src/pixie-threads.h
Examining data/masscan-1.0.5+ds1/src/pixie-timer.c
Examining data/masscan-1.0.5+ds1/src/pixie-timer.h
Examining data/masscan-1.0.5+ds1/src/proto-arp.c
Examining data/masscan-1.0.5+ds1/src/proto-arp.h
Examining data/masscan-1.0.5+ds1/src/proto-banner1.c
Examining data/masscan-1.0.5+ds1/src/proto-banner1.h
Examining data/masscan-1.0.5+ds1/src/proto-banout.c
Examining data/masscan-1.0.5+ds1/src/proto-banout.h
Examining data/masscan-1.0.5+ds1/src/proto-dns-parse.h
Examining data/masscan-1.0.5+ds1/src/proto-dns.c
Examining data/masscan-1.0.5+ds1/src/proto-dns.h
Examining data/masscan-1.0.5+ds1/src/proto-ftp.c
Examining data/masscan-1.0.5+ds1/src/proto-ftp.h
Examining data/masscan-1.0.5+ds1/src/proto-http.c
Examining data/masscan-1.0.5+ds1/src/proto-http.h
Examining data/masscan-1.0.5+ds1/src/proto-icmp.c
Examining data/masscan-1.0.5+ds1/src/proto-icmp.h
Examining data/masscan-1.0.5+ds1/src/proto-imap4.c
Examining data/masscan-1.0.5+ds1/src/proto-imap4.h
Examining data/masscan-1.0.5+ds1/src/proto-interactive.c
Examining data/masscan-1.0.5+ds1/src/proto-interactive.h
Examining data/masscan-1.0.5+ds1/src/proto-memcached.c
Examining data/masscan-1.0.5+ds1/src/proto-memcached.h
Examining data/masscan-1.0.5+ds1/src/proto-netbios.c
Examining data/masscan-1.0.5+ds1/src/proto-netbios.h
Examining data/masscan-1.0.5+ds1/src/proto-ntp.h
Examining data/masscan-1.0.5+ds1/src/proto-pop3.c
Examining data/masscan-1.0.5+ds1/src/proto-pop3.h
Examining data/masscan-1.0.5+ds1/src/proto-preprocess.c
Examining data/masscan-1.0.5+ds1/src/proto-preprocess.h
Examining data/masscan-1.0.5+ds1/src/proto-sctp.c
Examining data/masscan-1.0.5+ds1/src/proto-sctp.h
Examining data/masscan-1.0.5+ds1/src/proto-smtp.c
Examining data/masscan-1.0.5+ds1/src/proto-smtp.h
Examining data/masscan-1.0.5+ds1/src/proto-snmp.c
Examining data/masscan-1.0.5+ds1/src/proto-snmp.h
Examining data/masscan-1.0.5+ds1/src/proto-ssh.c
Examining data/masscan-1.0.5+ds1/src/proto-ssh.h
Examining data/masscan-1.0.5+ds1/src/proto-ssl-test.c
Examining data/masscan-1.0.5+ds1/src/proto-ssl.c
Examining data/masscan-1.0.5+ds1/src/proto-ssl.h
Examining data/masscan-1.0.5+ds1/src/proto-tcp-telnet.c
Examining data/masscan-1.0.5+ds1/src/proto-tcp-telnet.h
Examining data/masscan-1.0.5+ds1/src/proto-tcp.c
Examining data/masscan-1.0.5+ds1/src/proto-tcp.h
Examining data/masscan-1.0.5+ds1/src/proto-udp.c
Examining data/masscan-1.0.5+ds1/src/proto-udp.h
Examining data/masscan-1.0.5+ds1/src/proto-vnc.c
Examining data/masscan-1.0.5+ds1/src/proto-vnc.h
Examining data/masscan-1.0.5+ds1/src/proto-x509.c
Examining data/masscan-1.0.5+ds1/src/proto-x509.h
Examining data/masscan-1.0.5+ds1/src/proto-zeroaccess.c
Examining data/masscan-1.0.5+ds1/src/proto-zeroaccess.h
Examining data/masscan-1.0.5+ds1/src/rand-blackrock.c
Examining data/masscan-1.0.5+ds1/src/rand-blackrock.h
Examining data/masscan-1.0.5+ds1/src/rand-lcg.c
Examining data/masscan-1.0.5+ds1/src/rand-lcg.h
Examining data/masscan-1.0.5+ds1/src/rand-primegen.c
Examining data/masscan-1.0.5+ds1/src/rand-primegen.h
Examining data/masscan-1.0.5+ds1/src/ranges.c
Examining data/masscan-1.0.5+ds1/src/ranges.h
Examining data/masscan-1.0.5+ds1/src/rawsock-adapter.h
Examining data/masscan-1.0.5+ds1/src/rawsock-arp.c
Examining data/masscan-1.0.5+ds1/src/rawsock-getif.c
Examining data/masscan-1.0.5+ds1/src/rawsock-getip.c
Examining data/masscan-1.0.5+ds1/src/rawsock-getmac.c
Examining data/masscan-1.0.5+ds1/src/rawsock-getroute.c
Examining data/masscan-1.0.5+ds1/src/rawsock-pcap.c
Examining data/masscan-1.0.5+ds1/src/rawsock-pcap.h
Examining data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c
Examining data/masscan-1.0.5+ds1/src/rawsock-pcapfile.h
Examining data/masscan-1.0.5+ds1/src/rawsock-pfring.c
Examining data/masscan-1.0.5+ds1/src/rawsock-pfring.h
Examining data/masscan-1.0.5+ds1/src/rawsock.c
Examining data/masscan-1.0.5+ds1/src/rawsock.h
Examining data/masscan-1.0.5+ds1/src/rte-ring.c
Examining data/masscan-1.0.5+ds1/src/rte-ring.h
Examining data/masscan-1.0.5+ds1/src/script-heartbleed.c
Examining data/masscan-1.0.5+ds1/src/script-ntp-monlist.c
Examining data/masscan-1.0.5+ds1/src/script-sslv3.c
Examining data/masscan-1.0.5+ds1/src/script.c
Examining data/masscan-1.0.5+ds1/src/script.h
Examining data/masscan-1.0.5+ds1/src/siphash24.c
Examining data/masscan-1.0.5+ds1/src/siphash24.h
Examining data/masscan-1.0.5+ds1/src/smack.h
Examining data/masscan-1.0.5+ds1/src/smack1.c
Examining data/masscan-1.0.5+ds1/src/smackqueue.c
Examining data/masscan-1.0.5+ds1/src/smackqueue.h
Examining data/masscan-1.0.5+ds1/src/string_s.c
Examining data/masscan-1.0.5+ds1/src/string_s.h
Examining data/masscan-1.0.5+ds1/src/syn-cookie.c
Examining data/masscan-1.0.5+ds1/src/syn-cookie.h
Examining data/masscan-1.0.5+ds1/src/templ-payloads.c
Examining data/masscan-1.0.5+ds1/src/templ-payloads.h
Examining data/masscan-1.0.5+ds1/src/templ-pkt.c
Examining data/masscan-1.0.5+ds1/src/templ-pkt.h
Examining data/masscan-1.0.5+ds1/src/templ-port.h
Examining data/masscan-1.0.5+ds1/src/unusedparm.h
Examining data/masscan-1.0.5+ds1/src/xring.c
Examining data/masscan-1.0.5+ds1/src/xring.h
Examining data/masscan-1.0.5+ds1/src/main-conf.c
Examining data/masscan-1.0.5+ds1/src/proto-ntp.c
Examining data/masscan-1.0.5+ds1/src/masscan-version.h
FINAL RESULTS:
data/masscan-1.0.5+ds1/src/pixie-backtrace.c:77:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
x = readlink("/proc/self/exe", global_self, sizeof(global_self));
data/masscan-1.0.5+ds1/src/pixie-backtrace.c:79:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
x = readlink("/proc/curproc/file", global_self, sizeof(global_self));
data/masscan-1.0.5+ds1/src/pixie-backtrace.c:81:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
x = readlink("/proc/self/path/a.out", global_self, sizeof(global_self));
data/masscan-1.0.5+ds1/src/string_s.h:41:8: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#undef gets
data/masscan-1.0.5+ds1/src/string_s.h:42:9: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#define gets GETS_FUNCTION_IS_BAD
data/masscan-1.0.5+ds1/src/logger.c:28:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, marker);
data/masscan-1.0.5+ds1/src/logger.c:58:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, marker);
data/masscan-1.0.5+ds1/src/main.c:1512:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("/etc/masscan/masscan.conf", 0) == 0) {
data/masscan-1.0.5+ds1/src/output.c:595:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(new_filename, 0) == 0) {
data/masscan-1.0.5+ds1/src/pixie-backtrace.c:48:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(foo) == -1)
data/masscan-1.0.5+ds1/src/pixie-file.c:7:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define access _access
data/masscan-1.0.5+ds1/src/pixie-file.h:7:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define access _access
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:37:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:37:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/masscan-1.0.5+ds1/src/string_s.h:20:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#undef strcpy
data/masscan-1.0.5+ds1/src/string_s.h:21:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strcpy STRCPY_FUNCTION_IS_BAD
data/masscan-1.0.5+ds1/src/string_s.h:26:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#undef strcat
data/masscan-1.0.5+ds1/src/string_s.h:27:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define strcat STRCAT_FUNCTION_IS_BAD
data/masscan-1.0.5+ds1/src/string_s.h:32:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#undef sprintf
data/masscan-1.0.5+ds1/src/string_s.h:33:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define sprintf SPRINTF_FUNCTION_IS_BAD
data/masscan-1.0.5+ds1/src/string_s.h:35:8: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#undef vsprintf
data/masscan-1.0.5+ds1/src/string_s.h:36:9: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define vsprintf VSPRINTF_FUNCTION_IS_BAD
data/masscan-1.0.5+ds1/src/string_s.h:44:8: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#undef scanf
data/masscan-1.0.5+ds1/src/string_s.h:45:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define scanf SCANF_FUNCTION_IS_BAD
data/masscan-1.0.5+ds1/src/string_s.h:47:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#undef sscanf
data/masscan-1.0.5+ds1/src/string_s.h:48:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf SSCANF_FUNCTION_IS_BAD
data/masscan-1.0.5+ds1/src/string_s.h:85:25: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define sprintf_s _snprintf
data/masscan-1.0.5+ds1/src/string_s.h:95:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define sprintf_s snprintf
data/masscan-1.0.5+ds1/src/string_s.h:96:25: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsprintf_s vsnprintf
data/masscan-1.0.5+ds1/src/crypto-base64.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/masscan-1.0.5+ds1/src/crypto-base64.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[100];
data/masscan-1.0.5+ds1/src/crypto-base64.c:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf3[100];
data/masscan-1.0.5+ds1/src/in-binary.c:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[6];
data/masscan-1.0.5+ds1/src/in-binary.c:53:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(record.mac, buf+12, 6);
data/masscan-1.0.5+ds1/src/in-binary.c:116:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(record.mac, buf+13, 6);
data/masscan-1.0.5+ds1/src/in-report.c:64:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->name, name, name_length+1);
data/masscan-1.0.5+ds1/src/in-report.c:374:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)data+data_length+1, name, strlen(name)+1);
data/masscan-1.0.5+ds1/src/logger.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz_ip[16];
data/masscan-1.0.5+ds1/src/main-conf.c:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zzz[64];
data/masscan-1.0.5+ds1/src/main-conf.c:480:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/masscan-1.0.5+ds1/src/main-conf.c:564:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[64];
data/masscan-1.0.5+ds1/src/main-conf.c:1080:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[6];
data/masscan-1.0.5+ds1/src/main-conf.c:1096:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(masscan->nic[index].my_mac, mac, 6);
data/masscan-1.0.5+ds1/src/main-conf.c:1102:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[6];
data/masscan-1.0.5+ds1/src/main-conf.c:1109:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(masscan->nic[index].router_mac, mac, 6);
data/masscan-1.0.5+ds1/src/main-conf.c:1209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(masscan->bpf_filter, value, len);
data/masscan-1.0.5+ds1/src/main-conf.c:1371:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16384];
data/masscan-1.0.5+ds1/src/main-conf.c:1372:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[16384];
data/masscan-1.0.5+ds1/src/main-conf.c:1375:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[64];
data/masscan-1.0.5+ds1/src/main-conf.c:1404:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value2, value, strlen(value)+1);
data/masscan-1.0.5+ds1/src/main-conf.c:1420:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( masscan->http_user_agent,
data/masscan-1.0.5+ds1/src/main-conf.c:1433:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newvalue, value, value_length+1);
data/masscan-1.0.5+ds1/src/main-conf.c:1444:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newname, name, name_length+1);
data/masscan-1.0.5+ds1/src/main-conf.c:1934:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[64];
data/masscan-1.0.5+ds1/src/main-conf.c:1963:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name2, name, name_length);
data/masscan-1.0.5+ds1/src/main-conf.c:2279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[65536];
data/masscan-1.0.5+ds1/src/main-initadapter.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname2[256];
data/masscan-1.0.5+ds1/src/main-initadapter.c:95:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(adapter_mac, masscan->nic[index].my_mac, 6);
data/masscan-1.0.5+ds1/src/main-initadapter.c:154:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(router_mac, masscan->nic[index].router_mac, 6);
data/masscan-1.0.5+ds1/src/main-initadapter.c:156:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(router_mac, "\x66\x55\x44\x33\x22\x11", 6);
data/masscan-1.0.5+ds1/src/main-ptrace.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[32];
data/masscan-1.0.5+ds1/src/main-ptrace.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char to[32];
data/masscan-1.0.5+ds1/src/main-ptrace.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz_type[32];
data/masscan-1.0.5+ds1/src/main.c:148:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adapter_mac[6];
data/masscan-1.0.5+ds1/src/main.c:149:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char router_mac[6];
data/masscan-1.0.5+ds1/src/main.c:645:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[64];
data/masscan-1.0.5+ds1/src/main.c:653:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[64];
data/masscan-1.0.5+ds1/src/main.c:662:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/masscan-1.0.5+ds1/src/main.c:845:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/masscan-1.0.5+ds1/src/main.c:1264:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/masscan-1.0.5+ds1/src/masscan-app.c:11:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[64];
data/masscan-1.0.5+ds1/src/masscan.h:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[256];
data/masscan-1.0.5+ds1/src/masscan.h:116:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char my_mac[6];
data/masscan-1.0.5+ds1/src/masscan.h:117:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char router_mac[6];
data/masscan-1.0.5+ds1/src/masscan.h:261:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/masscan-1.0.5+ds1/src/masscan.h:267:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stylesheet[256];
data/masscan-1.0.5+ds1/src/masscan.h:334:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[256];
data/masscan-1.0.5+ds1/src/masscan.h:345:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datadir[256];
data/masscan-1.0.5+ds1/src/masscan.h:348:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcap_filename[256];
data/masscan-1.0.5+ds1/src/out-binary.c:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstrecord[2+'a'];
data/masscan-1.0.5+ds1/src/out-binary.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstrecord[2+'a'];
data/masscan-1.0.5+ds1/src/out-binary.c:57:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char foo[256];
data/masscan-1.0.5+ds1/src/out-binary.c:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char foo[32768];
data/masscan-1.0.5+ds1/src/out-binary.c:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(foo+i+14, px, length);
data/masscan-1.0.5+ds1/src/out-grepable.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[64];
data/masscan-1.0.5+ds1/src/out-grepable.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[64];
data/masscan-1.0.5+ds1/src/out-grepable.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char banner_buffer[4096];
data/masscan-1.0.5+ds1/src/out-json.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason_buffer[128];
data/masscan-1.0.5+ds1/src/out-json.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char banner_buffer[65536];
data/masscan-1.0.5+ds1/src/out-ndjson.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason_buffer[128];
data/masscan-1.0.5+ds1/src/out-ndjson.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char banner_buffer[65536];
data/masscan-1.0.5+ds1/src/out-redis.c:112:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/masscan-1.0.5+ds1/src/out-redis.c:154:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char line[1024];
data/masscan-1.0.5+ds1/src/out-redis.c:178:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char line[1024];
data/masscan-1.0.5+ds1/src/out-redis.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/masscan-1.0.5+ds1/src/out-redis.c:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_string[16];
data/masscan-1.0.5+ds1/src/out-redis.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_string[10];
data/masscan-1.0.5+ds1/src/out-redis.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char values[64];
data/masscan-1.0.5+ds1/src/out-text.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char banner_buffer[4096];
data/masscan-1.0.5+ds1/src/out-unicornscan.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char * tcp_services[65536];
data/masscan-1.0.5+ds1/src/out-unicornscan.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/masscan-1.0.5+ds1/src/out-xml.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/masscan-1.0.5+ds1/src/out-xml.c:56:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out->counts.tcp.open,
data/masscan-1.0.5+ds1/src/out-xml.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason_buffer[128];
data/masscan-1.0.5+ds1/src/out-xml.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char banner_buffer[4096];
data/masscan-1.0.5+ds1/src/output.c:191:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out->funcs->open(out, (FILE*)fd);
data/masscan-1.0.5+ds1/src/output.c:319:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, str, length+1);
data/masscan-1.0.5+ds1/src/output.c:669:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *
data/masscan-1.0.5+ds1/src/output.c:670:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
oui_from_mac(const unsigned char mac[6])
data/masscan-1.0.5+ds1/src/output.c:701:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char mac[6])
data/masscan-1.0.5+ds1/src/output.c:822:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out->funcs->open(out, fp);
data/masscan-1.0.5+ds1/src/output.c:855:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char banner_buffer[4096];
data/masscan-1.0.5+ds1/src/output.c:897:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out->funcs->open(out, fp);
data/masscan-1.0.5+ds1/src/output.h:27:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (*open)(struct Output *out, FILE *fp);
data/masscan-1.0.5+ds1/src/output.h:84:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t open;
data/masscan-1.0.5+ds1/src/output.h:89:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t open;
data/masscan-1.0.5+ds1/src/output.h:93:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t open;
data/masscan-1.0.5+ds1/src/output.h:101:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint64_t open;
data/masscan-1.0.5+ds1/src/output.h:154:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char mac[6]);
data/masscan-1.0.5+ds1/src/packet-queue.h:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char px[2040];
data/masscan-1.0.5+ds1/src/pixie-backtrace.c:11:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global_self[512] = "";
data/masscan-1.0.5+ds1/src/pixie-backtrace.c:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[1024];
data/masscan-1.0.5+ds1/src/pixie-file.c:60:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, is_append?"a":"w");
data/masscan-1.0.5+ds1/src/proto-banner1.c:322:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char px[65536];
data/masscan-1.0.5+ds1/src/proto-banout.c:215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, p, offsetof(struct BannerOutput, banner) + p->max_length);
data/masscan-1.0.5+ds1/src/proto-banout.c:269:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->banner + p->length, px, length);
data/masscan-1.0.5+ds1/src/proto-banout.h:20:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char banner[200];
data/masscan-1.0.5+ds1/src/proto-dns-parse.h:37:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char query_name_buffer[256];
data/masscan-1.0.5+ds1/src/proto-dns.c:164:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char*)name->name+name->length, px+offset, len+1);
data/masscan-1.0.5+ds1/src/proto-http.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr2, hdr1, header_length);
data/masscan-1.0.5+ds1/src/proto-http.c:97:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &hdr2[i],
data/masscan-1.0.5+ds1/src/proto-http.c:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &hdr2[i + field_name_len],
data/masscan-1.0.5+ds1/src/proto-http.c:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &hdr2[i + field_name_len + 1],
data/masscan-1.0.5+ds1/src/proto-http.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &hdr2[i + field_name_len + 1 + field_value_len],
data/masscan-1.0.5+ds1/src/proto-http.c:193:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)banner_http.hello, http_hello, banner_http.hello_length);
data/masscan-1.0.5+ds1/src/proto-memcached.c:240:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, memcached_responses[i].pattern, len);
data/masscan-1.0.5+ds1/src/proto-memcached.c:270:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, memcached_stats[i].pattern, len);
data/masscan-1.0.5+ds1/src/proto-netbios.c:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char banner[65536];
data/masscan-1.0.5+ds1/src/proto-ntp.c:121:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[12];
data/masscan-1.0.5+ds1/src/proto-ntp.c:146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[128];
data/masscan-1.0.5+ds1/src/proto-preprocess.c:463:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac_address[8];
data/masscan-1.0.5+ds1/src/proto-preprocess.c:472:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sll.mac_address, px+offset+6, 8);
data/masscan-1.0.5+ds1/src/proto-snmp.c:242:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[32] = {0};
data/masscan-1.0.5+ds1/src/proto-snmp.c:274:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[32];
data/masscan-1.0.5+ds1/src/proto-snmp.c:611:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pattern[256];
data/masscan-1.0.5+ds1/src/proto-ssl.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[64];
data/masscan-1.0.5+ds1/src/proto-ssl.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[64];
data/masscan-1.0.5+ds1/src/proto-ssl.c:810:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[64];
data/masscan-1.0.5+ds1/src/proto-ssl.c:836:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[64];
data/masscan-1.0.5+ds1/src/proto-ssl.c:1238:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px, templ, template_size);
data/masscan-1.0.5+ds1/src/proto-tcp.c:631:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tcb, &tmp, 12);
data/masscan-1.0.5+ds1/src/proto-tcp.c:884:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/masscan-1.0.5+ds1/src/proto-tcp.c:904:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/masscan-1.0.5+ds1/src/proto-vnc.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[16];
data/masscan-1.0.5+ds1/src/proto-vnc.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[64];
data/masscan-1.0.5+ds1/src/proto-x509.c:260:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pattern[256];
data/masscan-1.0.5+ds1/src/proto-x509.h:22:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char states[9];
data/masscan-1.0.5+ds1/src/proto-zeroaccess.c:139:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/masscan-1.0.5+ds1/src/proto-zeroaccess.c:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[4], "Lteg", 4); /* "getL" */
data/masscan-1.0.5+ds1/src/proto-zeroaccess.c:176:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/masscan-1.0.5+ds1/src/proto-zeroaccess.c:234:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szaddr[20];
data/masscan-1.0.5+ds1/src/proto-zeroaccess.c:281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/masscan-1.0.5+ds1/src/rand-blackrock.c:67:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char sbox[256] = {
data/masscan-1.0.5+ds1/src/ranges.c:112:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_list, task->list, task->count * sizeof(*new_list));
data/masscan-1.0.5+ds1/src/rawsock-arp.c:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xarp_packet[64];
data/masscan-1.0.5+ds1/src/rawsock-arp.c:111:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(your_mac_address, "\0\0\0\0\0\2", 6);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp_packet + 0, "\xFF\xFF\xFF\xFF\xFF\xFF", 6);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:125:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp_packet + 6, my_mac_address, 6);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:128:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp_packet + 12, "\x81\x00", 2);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:134:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp_packet + 12, "\x08\x06", 2);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp_packet + 14,
data/masscan-1.0.5+ds1/src/rawsock-arp.c:144:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp_packet + 22, my_mac_address, 6);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp_packet + 32, "\x00\x00\x00\x00\x00\x00", 6);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:249:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(your_mac_address, response.mac_src, 6);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:318:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->px + 0, request.mac_src, 6);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:319:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->px + 6, my_mac, 6);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->px + 12, "\x08\x06", 2);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:322:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->px + 14,
data/masscan-1.0.5+ds1/src/rawsock-arp.c:329:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->px + 22, my_mac, 6);
data/masscan-1.0.5+ds1/src/rawsock-arp.c:335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->px + 32, request.mac_src, 6);
data/masscan-1.0.5+ds1/src/rawsock-getif.c:127:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifname, sdl->sdl_data, len);
data/masscan-1.0.5+ds1/src/rawsock-getif.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifName[IF_NAMESIZE];
data/masscan-1.0.5+ds1/src/rawsock-getif.c:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgBuf[16384];
data/masscan-1.0.5+ds1/src/rawsock-getmac.c:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, ifr.ifr_ifru.ifru_hwaddr.sa_data, 6);
data/masscan-1.0.5+ds1/src/rawsock-getmac.c:132:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, pAdapter->Address, 6);
data/masscan-1.0.5+ds1/src/rawsock-getmac.c:199:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac,
data/masscan-1.0.5+ds1/src/rawsock-getroute.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifName[IF_NAMESIZE];
data/masscan-1.0.5+ds1/src/rawsock-getroute.c:313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgBuf[16384];
data/masscan-1.0.5+ds1/src/rawsock-pcap.c:68:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(errbuf, msg, length);
data/masscan-1.0.5+ds1/src/rawsock-pcap.h:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[256];
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:284:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[16];
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:344:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16384];
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:530:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[24];
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:541:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(capfilename, "rb");
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:617:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tsbuf[8];
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:682:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(capfilename, "wb");
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:724:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[24];
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:732:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(capfilename, "ab+");
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:789:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkspec[32];
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:791:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[sizeof(capfile->filename)];
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:812:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newname, capfilename, i);
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:813:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newname+i, linkspec, linkspec_length);
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:814:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newname+i+linkspec_length, capfilename+i, strlen(capfilename+i)+1);
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:866:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[16];
data/masscan-1.0.5+ds1/src/rawsock-pfring.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/masscan-1.0.5+ds1/src/rawsock-pfring.c:76:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LOADSYM(open);
data/masscan-1.0.5+ds1/src/rawsock-pfring.h:25:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extended_hdr[512];
data/masscan-1.0.5+ds1/src/rawsock-pfring.h:72:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef int (*PFRING_GET_BOUND_DEVICE)(pfring *ring, unsigned char mac_address[6]);
data/masscan-1.0.5+ds1/src/rawsock-pfring.h:78:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PFRING_OPEN open;
data/masscan-1.0.5+ds1/src/rawsock.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/masscan-1.0.5+ds1/src/rawsock.c:230:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/masscan-1.0.5+ds1/src/rawsock.c:407:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char px[2048];
data/masscan-1.0.5+ds1/src/rawsock.c:460:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_adapter_name = adapter_from_index(atoi(ifname));
data/masscan-1.0.5+ds1/src/rawsock.c:511:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter[256];
data/masscan-1.0.5+ds1/src/rawsock.c:627:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/masscan-1.0.5+ds1/src/rawsock.c:649:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_adapter_name = adapter_from_index(atoi(adapter_name));
data/masscan-1.0.5+ds1/src/rawsock.c:685:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
adapter->ring = PFRING.open(adapter_name, 1500, 0);//PF_RING_REENTRANT);
data/masscan-1.0.5+ds1/src/rawsock.c:868:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[6] = {0,0,0,0,0,0};
data/masscan-1.0.5+ds1/src/rawsock.c:870:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname2[246];
data/masscan-1.0.5+ds1/src/rawsock.c:910:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char router_mac[6];
data/masscan-1.0.5+ds1/src/smack1.c:311:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char char_to_symbol[ALPHABET_SIZE];
data/masscan-1.0.5+ds1/src/smack1.c:376:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smack->name, name, strlen(name)+1);
data/masscan-1.0.5+ds1/src/smack1.c:638:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, pattern, pattern_length);
data/masscan-1.0.5+ds1/src/smack1.c:710:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( new_list,
data/masscan-1.0.5+ds1/src/smack1.c:741:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, pattern, length);
data/masscan-1.0.5+ds1/src/smack1.c:1007:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&smack->m_state_table[row0], &smack->m_state_table[row1], sizeof(swap));
data/masscan-1.0.5+ds1/src/smack1.c:1008:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&smack->m_state_table[row1], &swap, sizeof(swap));
data/masscan-1.0.5+ds1/src/smack1.c:1012:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&smack->m_match[row0], &smack->m_match[row1], sizeof(swapm));
data/masscan-1.0.5+ds1/src/smack1.c:1013:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&smack->m_match[row1], &swapm, sizeof(swapm));
data/masscan-1.0.5+ds1/src/smack1.c:1485:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[20];
data/masscan-1.0.5+ds1/src/string_s.c:23:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*pFile = fopen(filename, mode);
data/masscan-1.0.5+ds1/src/string_s.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_tm, x, sizeof(*_tm));
data/masscan-1.0.5+ds1/src/string_s.c:104:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_tm, x, sizeof(*_tm));
data/masscan-1.0.5+ds1/src/templ-payloads.c:35:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/masscan-1.0.5+ds1/src/templ-payloads.c:443:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_list, payloads->list, payloads->count * sizeof(new_list[0]));
data/masscan-1.0.5+ds1/src/templ-payloads.c:457:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->buf, buf, length);
data/masscan-1.0.5+ds1/src/templ-payloads.c:517:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[65536];
data/masscan-1.0.5+ds1/src/templ-payloads.c:589:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[16384];
data/masscan-1.0.5+ds1/src/templ-payloads.c:600:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1500];
data/masscan-1.0.5+ds1/src/templ-payloads.c:739:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/masscan-1.0.5+ds1/src/templ-pkt.c:354:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2->packet, p1->packet, p2->length);
data/masscan-1.0.5+ds1/src/templ-pkt.c:432:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px + 0, tmpl->packet, tmpl->length);
data/masscan-1.0.5+ds1/src/templ-pkt.c:433:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px + offset_payload, payload, payload_length);
data/masscan-1.0.5+ds1/src/templ-pkt.c:526:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( px+tmpl->offset_app,
data/masscan-1.0.5+ds1/src/templ-pkt.c:587:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px, tmpl->packet, *r_length);
data/masscan-1.0.5+ds1/src/templ-pkt.c:608:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px, tmpl->packet, *r_length);
data/masscan-1.0.5+ds1/src/templ-pkt.c:796:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpl->packet, packet_bytes, tmpl->length);
data/masscan-1.0.5+ds1/src/templ-pkt.c:819:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px+0, mac_dest, 6);
data/masscan-1.0.5+ds1/src/templ-pkt.c:820:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px+6, mac_source, 6);
data/masscan-1.0.5+ds1/src/templ-pkt.c:837:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)parsed.ip_src - 6, mac_source, 6);
data/masscan-1.0.5+ds1/src/templ-pkt.c:1067:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px, tmpl->packet, 12);
data/masscan-1.0.5+ds1/src/templ-pkt.c:1068:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px+16, tmpl->packet+12, tmpl->length - 12);
data/masscan-1.0.5+ds1/src/templ-pkt.h:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1500];
data/masscan-1.0.5+ds1/src/in-report.c:371:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name && strlen(name) < 300) {
data/masscan-1.0.5+ds1/src/in-report.c:374:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy((char*)data+data_length+1, name, strlen(name)+1);
data/masscan-1.0.5+ds1/src/in-report.c:375:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_length += strlen(name)+1;
data/masscan-1.0.5+ds1/src/main-conf.c:537:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fp);
data/masscan-1.0.5+ds1/src/main-conf.c:546:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fp);
data/masscan-1.0.5+ds1/src/main-conf.c:574:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fp);
data/masscan-1.0.5+ds1/src/main-conf.c:1205:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(value) + 1;
data/masscan-1.0.5+ds1/src/main-conf.c:1257:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned max_offset = (unsigned)strlen(ranges);
data/masscan-1.0.5+ds1/src/main-conf.c:1287:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned max_offset = (unsigned)strlen(ranges);
data/masscan-1.0.5+ds1/src/main-conf.c:1403:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value2 = (char*)malloc(strlen(value)+1);
data/masscan-1.0.5+ds1/src/main-conf.c:1404:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(value2, value, strlen(value)+1);
data/masscan-1.0.5+ds1/src/main-conf.c:1418:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
masscan->http_user_agent_length = (unsigned)strlen(value);
data/masscan-1.0.5+ds1/src/main-conf.c:1428:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned value_length = (unsigned)strlen(value);
data/masscan-1.0.5+ds1/src/main-conf.c:1440:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_length = (unsigned)strlen(name);
data/masscan-1.0.5+ds1/src/main-conf.c:1629:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned max_offset = (unsigned)strlen(value);
data/masscan-1.0.5+ds1/src/main-conf.c:1686:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*p && (p[strlen(p)-1] == '/' || p[strlen(p)-1] == '/'))
data/masscan-1.0.5+ds1/src/main-conf.c:1686:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*p && (p[strlen(p)-1] == '/' || p[strlen(p)-1] == '/'))
data/masscan-1.0.5+ds1/src/main-conf.c:1687:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p[strlen(p)-1] = '\0';
data/masscan-1.0.5+ds1/src/main-conf.c:1947:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_length = (unsigned)strlen(name);
data/masscan-1.0.5+ds1/src/main-conf.c:2263:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sizeof_line > strlen(line))
data/masscan-1.0.5+ds1/src/main-conf.c:2264:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof_line = strlen(line);
data/masscan-1.0.5+ds1/src/main.c:649:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(foo),
data/masscan-1.0.5+ds1/src/main.c:657:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(foo),
data/masscan-1.0.5+ds1/src/main.c:666:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pay->payload_base64),
data/masscan-1.0.5+ds1/src/out-redis.c:234:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned)strlen("host"), "host",
data/masscan-1.0.5+ds1/src/out-redis.c:235:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned)strlen(ip_string), ip_string
data/masscan-1.0.5+ds1/src/out-redis.c:238:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count = send(fd, line, (int)strlen(line), 0);
data/masscan-1.0.5+ds1/src/out-redis.c:239:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (count != strlen(line)) {
data/masscan-1.0.5+ds1/src/out-redis.c:255:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned)strlen(ip_string), ip_string,
data/masscan-1.0.5+ds1/src/out-redis.c:256:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned)strlen(port_string), port_string);
data/masscan-1.0.5+ds1/src/out-redis.c:258:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count = send(fd, line, (int)strlen(line), 0);
data/masscan-1.0.5+ds1/src/out-redis.c:259:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (count != strlen(line)) {
data/masscan-1.0.5+ds1/src/out-redis.c:278:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned)(strlen(ip_string) + 1 + strlen(port_string)),
data/masscan-1.0.5+ds1/src/out-redis.c:278:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned)(strlen(ip_string) + 1 + strlen(port_string)),
data/masscan-1.0.5+ds1/src/out-redis.c:280:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned)strlen(values), values
data/masscan-1.0.5+ds1/src/out-redis.c:283:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count = send(fd, line, (int)strlen(line), 0);
data/masscan-1.0.5+ds1/src/out-redis.c:284:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (count != strlen(line)) {
data/masscan-1.0.5+ds1/src/output.c:116:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-1] = '\0';
data/masscan-1.0.5+ds1/src/output.c:281:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) + 1 < strlen(extension))
data/masscan-1.0.5+ds1/src/output.c:281:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) + 1 < strlen(extension))
data/masscan-1.0.5+ds1/src/output.c:283:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(filename + strlen(filename) - strlen(extension),
data/masscan-1.0.5+ds1/src/output.c:283:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(filename + strlen(filename) - strlen(extension),
data/masscan-1.0.5+ds1/src/output.c:284:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extension, strlen(extension)) != 0)
data/masscan-1.0.5+ds1/src/output.c:286:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (filename[strlen(filename) - strlen(extension) - 1] != '.')
data/masscan-1.0.5+ds1/src/output.c:286:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (filename[strlen(filename) - strlen(extension) - 1] != '.')
data/masscan-1.0.5+ds1/src/output.c:308:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(str);
data/masscan-1.0.5+ds1/src/output.c:335:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(filename);
data/masscan-1.0.5+ds1/src/output.c:338:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t new_length = strlen(filename) + 32;
data/masscan-1.0.5+ds1/src/output.c:537:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_filename_size = strlen(dir)
data/masscan-1.0.5+ds1/src/output.c:538:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("/")
data/masscan-1.0.5+ds1/src/output.c:539:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(filename)
data/masscan-1.0.5+ds1/src/output.c:540:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("1308201101-")
data/masscan-1.0.5+ds1/src/output.c:541:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(filename)
data/masscan-1.0.5+ds1/src/output.c:572:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x_len = strlen(filename + x_off);
data/masscan-1.0.5+ds1/src/output.c:574:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x_off = strlen(filename);
data/masscan-1.0.5+ds1/src/proto-banner1.c:369:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (unsigned)strlen(http_header);
data/masscan-1.0.5+ds1/src/proto-banout.c:87:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(string);
data/masscan-1.0.5+ds1/src/proto-banout.c:117:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(string);
data/masscan-1.0.5+ds1/src/proto-banout.c:244:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen((const char*)px);
data/masscan-1.0.5+ds1/src/proto-banout.c:364:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rhs_length = strlen(rhs);
data/masscan-1.0.5+ds1/src/proto-http.c:57:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned field_name_len = (unsigned)strlen(field_name);
data/masscan-1.0.5+ds1/src/proto-memcached.c:238:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(memcached_responses[i].pattern);
data/masscan-1.0.5+ds1/src/proto-memcached.c:268:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(memcached_stats[i].pattern);
data/masscan-1.0.5+ds1/src/proto-ntp.c:178:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
banout_append(banout, PROTO_NTP, request_string, strlen(request_string));
data/masscan-1.0.5+ds1/src/proto-snmp.c:237:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
banout_append(banout, PROTO_SNMP, str, strlen(str));
data/masscan-1.0.5+ds1/src/proto-snmp.c:249:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
banout_append(banout, PROTO_SNMP, foo, strlen(foo));
data/masscan-1.0.5+ds1/src/proto-snmp.c:279:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
banout_append(banout, PROTO_SNMP, foo, strlen(foo));
data/masscan-1.0.5+ds1/src/proto-ssl.c:115:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
banout_append(banout, PROTO_SSL3, foo, strlen(foo));
data/masscan-1.0.5+ds1/src/proto-zeroaccess.c:247:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
banout_append(banout, PROTO_UDP_ZEROACCESS, szaddr, strlen(szaddr));
data/masscan-1.0.5+ds1/src/ranges.c:302:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = (unsigned)strlen(line);
data/masscan-1.0.5+ds1/src/rawsock-getif.c:97:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(fd, (char *)rtm, sizeof_buffer);
data/masscan-1.0.5+ds1/src/rawsock-getroute.c:153:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(fd, (char *)rtm, sizeof_buffer);
data/masscan-1.0.5+ds1/src/rawsock-pcap.c:64:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(msg);
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:797:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linkspec_length = strlen(linkspec);
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:799:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr(capfilename, linkspec) || strlen(capfilename) + linkspec_length + 1 > sizeof(newname)) {
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:810:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(capfilename);
data/masscan-1.0.5+ds1/src/rawsock-pcapfile.c:814:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(newname+i+linkspec_length, capfilename+i, strlen(capfilename+i)+1);
data/masscan-1.0.5+ds1/src/rawsock.c:136:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(pAdapter->AdapterName) + 12 + 1;
data/masscan-1.0.5+ds1/src/rawsock.c:163:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(pAdapter->AdapterName) + 12 + 1;
data/masscan-1.0.5+ds1/src/rawsock.c:165:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t addr_len = strlen(pAdapter->IpAddressList.IpAddress.String) + 1;
data/masscan-1.0.5+ds1/src/rawsock.c:568:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) < 4)
data/masscan-1.0.5+ds1/src/smack1.c:371:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
smack->name = (char*)malloc(strlen(name)+1);
data/masscan-1.0.5+ds1/src/smack1.c:376:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(smack->name, name, strlen(name)+1);
data/masscan-1.0.5+ds1/src/smack1.c:1544:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned text_length = (unsigned)strlen(text);
data/masscan-1.0.5+ds1/src/smack1.c:1559:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
smack_add_pattern(s, patterns[i], (unsigned)strlen(patterns[i]), i, 0);
data/masscan-1.0.5+ds1/src/string_s.h:23:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#undef strncpy
data/masscan-1.0.5+ds1/src/string_s.h:24:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define strncpy STRNCPY_FUNCTION_IS_BAD
data/masscan-1.0.5+ds1/src/string_s.h:29:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#undef strncat
data/masscan-1.0.5+ds1/src/string_s.h:30:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define strncat STRNCAT_FUNCTION_IS_BAD
data/masscan-1.0.5+ds1/src/templ-payloads.c:249:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sizeof_line > strlen(line))
data/masscan-1.0.5+ds1/src/templ-payloads.c:250:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof_line = strlen(line);
data/masscan-1.0.5+ds1/src/templ-payloads.c:614:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(line, line+3, strlen(line));
data/masscan-1.0.5+ds1/src/templ-payloads.c:627:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(line, p, strlen(p)+1);
data/masscan-1.0.5+ds1/src/templ-payloads.c:639:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(line, p, strlen(p)+1);
data/masscan-1.0.5+ds1/src/templ-payloads.c:645:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(line, line+6, strlen(line+5));
data/masscan-1.0.5+ds1/src/templ-payloads.c:719:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (unsigned)strlen(hard_coded_payloads[i].buf);
ANALYSIS SUMMARY:
Hits = 350
Lines analyzed = 38637 in approximately 1.13 seconds (34099 lines/second)
Physical Source Lines of Code (SLOC) = 26339
Hits@level = [0] 551 [1] 96 [2] 225 [3] 0 [4] 24 [5] 5
Hits@level+ = [0+] 901 [1+] 350 [2+] 254 [3+] 29 [4+] 29 [5+] 5
Hits/KSLOC@level+ = [0+] 34.2078 [1+] 13.2883 [2+] 9.64349 [3+] 1.10103 [4+] 1.10103 [5+] 0.189833
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.