Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/nat-rtsp-0.7+4.18/netfilter_helpers.h Examining data/nat-rtsp-0.7+4.18/netfilter_mime.h Examining data/nat-rtsp-0.7+4.18/nf_conntrack_rtsp.c Examining data/nat-rtsp-0.7+4.18/nf_conntrack_rtsp.h Examining data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c FINAL RESULTS: data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:260:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. rbufalen = sprintf(rbufa, hiport == loport+1 ? data/nat-rtsp-0.7+4.18/nf_conntrack_rtsp.c:495:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rtsp_names[MAX_PORTS][10]; data/nat-rtsp-0.7+4.18/nf_conntrack_rtsp.c:552:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpname, "rtsp"); data/nat-rtsp-0.7+4.18/nf_conntrack_rtsp.c:554:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpname, "rtsp-%d", i); data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:100:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buffer, "%pI4", &addr->ip); data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:103:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buffer, "[%pI6c]", &addr->ip6); data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:105:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buffer, "%pI6c", &addr->ip6); data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf1[16]; /* Replacement buffer (one port) */ data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:144:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbufa[16]; /* Replacement buffer (all ports) */ data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szextaddr[INET6_ADDRSTRLEN]; data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szextaddr[INET_ADDRSTRLEN]; data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:195:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. extaddrlen = extip ? sprintf(szextaddr, "%pI4", &extip) data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:196:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. : sprintf(szextaddr, "%pI4", &newip); data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:211:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. rbuf1len = sprintf(rbuf1, "%hu", loport); data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:212:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. rbufalen = sprintf(rbufa, "%hu", loport); data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:239:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. rbuf1len = sprintf(rbuf1, "%hu", loport); data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:240:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. rbufalen = sprintf(rbufa, "%hu-%hu", loport, hiport); data/nat-rtsp-0.7+4.18/nf_nat_rtsp.c:259:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. rbuf1len = sprintf(rbuf1, "%hu", loport); ANALYSIS SUMMARY: Hits = 18 Lines analyzed = 1489 in approximately 0.05 seconds (31392 lines/second) Physical Source Lines of Code (SLOC) = 1039 Hits@level = [0] 0 [1] 0 [2] 17 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 18 [1+] 18 [2+] 18 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 17.3244 [1+] 17.3244 [2+] 17.3244 [3+] 0.962464 [4+] 0.962464 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.