Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ncap-1.9.2/wrapsrv.c
Examining data/ncap-1.9.2/ncap_port_net.h
Examining data/ncap-1.9.2/ipreasm.c
Examining data/ncap-1.9.2/ncap_port.h
Examining data/ncap-1.9.2/dump_dns.c
Examining data/ncap-1.9.2/ncaptool_mod.c
Examining data/ncap-1.9.2/asprintf.h
Examining data/ncap-1.9.2/ncaptool.c
Examining data/ncap-1.9.2/pyncap/ncap.c
Examining data/ncap-1.9.2/pyncap/wrap.c
Examining data/ncap-1.9.2/pyncap/wrap.h
Examining data/ncap-1.9.2/ncap_create.c
Examining data/ncap-1.9.2/asprintf.c
Examining data/ncap-1.9.2/dump_dns.h
Examining data/ncap-1.9.2/ncap.h
Examining data/ncap-1.9.2/ncap_pvt.h
Examining data/ncap-1.9.2/ncap_list.h
Examining data/ncap-1.9.2/ncap_dns.c
Examining data/ncap-1.9.2/ipreasm.h
Examining data/ncap-1.9.2/ncaptool_mod.h
Examining data/ncap-1.9.2/mod_test.c
Examining data/ncap-1.9.2/ncaptool.h
Examining data/ncap-1.9.2/ncap_icmp.c
FINAL RESULTS:
data/ncap-1.9.2/asprintf.c:35:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
needed = vsnprintf(NULL, 0, fmt, args_copy);
data/ncap-1.9.2/asprintf.c:44:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
status = vsnprintf(*strp, needed + 1, fmt, args);
data/ncap-1.9.2/dump_dns.c:283:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, uncompress_error);
data/ncap-1.9.2/dump_dns.c:289:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, uncompress_error);
data/ncap-1.9.2/dump_dns.c:346:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, uncompress_error);
data/ncap-1.9.2/ncap_create.c:307:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errbuf, pcap_geterr(pcap));
data/ncap-1.9.2/ncap_dns.c:551:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bpf, t);
data/ncap-1.9.2/ncap_dns.c:585:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bpf, dp->bpf);
data/ncap-1.9.2/ncap_icmp.c:329:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bpf, ip->bpf);
data/ncap-1.9.2/ncaptool.c:74:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, #e ": %s\n", n->errstr); \
data/ncap-1.9.2/ncaptool.c:454:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filtspec, *arg);
data/ncap-1.9.2/ncaptool.c:1170:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rc = system(cmd);
data/ncap-1.9.2/wrapsrv.c:289:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, se->tname);
data/ncap-1.9.2/wrapsrv.c:318:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, argv[i]);
data/ncap-1.9.2/wrapsrv.c:332:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rc = system(scmd);
data/ncap-1.9.2/mod_test.c:56:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "rs:")) != -1) {
data/ncap-1.9.2/mod_test.c:64:6: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/ncap-1.9.2/mod_test.c:119:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} else if (random() & 1) {
data/ncap-1.9.2/ncaptool.c:174:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv,
data/ncap-1.9.2/wrapsrv.c:94:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rnd = random() % (wsum + 1);
data/ncap-1.9.2/wrapsrv.c:367:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/ncap-1.9.2/dump_dns.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rct[100];
data/ncap-1.9.2/dump_dns.c:100:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rct, "CODE%u", rcode);
data/ncap-1.9.2/dump_dns.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[INET_ADDRSTRLEN], daddr[INET_ADDRSTRLEN];
data/ncap-1.9.2/dump_dns.c:192:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dns_pkt, pkt, dns_len);
data/ncap-1.9.2/dump_dns.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ct[100], tt[100];
data/ncap-1.9.2/dump_dns.c:251:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ct, "CLASS%u", class);
data/ncap-1.9.2/dump_dns.c:255:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tt, "TYPE%u", type);
data/ncap-1.9.2/dump_dns.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NS_MAXDNAME];
data/ncap-1.9.2/dump_dns.c:297:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%u,%u,%u,%u,%u",
data/ncap-1.9.2/dump_dns.c:350:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "[%u]", rdlen);
data/ncap-1.9.2/ipreasm.c:453:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out_packet, frag->data, offset0);
data/ncap-1.9.2/ipreasm.c:457:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out_packet + offset0 + frag->offset, frag->data + frag->data_offset, frag->len);
data/ncap-1.9.2/ipreasm.c:646:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (frag_data, packet, total_len);
data/ncap-1.9.2/ipreasm.c:717:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (frag_data, packet, pl_len);
data/ncap-1.9.2/ipreasm.c:726:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (id->ipv4.ip_src, &ip_header->ip_src, 4);
data/ncap-1.9.2/ipreasm.c:727:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (id->ipv4.ip_dst, &ip_header->ip_dst, 4);
data/ncap-1.9.2/ipreasm.c:743:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (id->ipv6.ip_src, &ip6_header->ip6_src, 16);
data/ncap-1.9.2/ipreasm.c:744:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (id->ipv6.ip_dst, &ip6_header->ip6_dst, 16);
data/ncap-1.9.2/mod_test.c:60:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(SEED, O_RDONLY)) != -1) {
data/ncap-1.9.2/ncap.h:165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((cp), (b), t_l); \
data/ncap-1.9.2/ncap.h:189:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((b), (cp), t_l); \
data/ncap-1.9.2/ncap_create.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/ncap-1.9.2/ncap_create.c:339:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifp->vlans, vlans, nvlan * sizeof vlans[0]);
data/ncap-1.9.2/ncap_create.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/ncap-1.9.2/ncap_create.c:657:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&readfds, &ncap->pvt->fdset, sizeof(fd_set));
data/ncap-1.9.2/ncap_create.c:682:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[99];
data/ncap-1.9.2/ncap_create.c:684:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "pcap_dispatch");
data/ncap-1.9.2/ncap_create.c:739:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[99];
data/ncap-1.9.2/ncap_create.c:741:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "pcap_dispatch");
data/ncap-1.9.2/ncap_create.c:1252:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npu.ip4.src, &ip->ip_src, sizeof(struct in_addr));
data/ncap-1.9.2/ncap_create.c:1253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npu.ip4.dst, &ip->ip_dst, sizeof(struct in_addr));
data/ncap-1.9.2/ncap_create.c:1280:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npu.ip6.src, &ipv6->ip6_src, sizeof(struct in6_addr));
data/ncap-1.9.2/ncap_create.c:1281:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npu.ip6.dst, &ipv6->ip6_dst, sizeof(struct in6_addr));
data/ncap-1.9.2/ncap_create.c:1306:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ext_hdr, (const u_char *)ipv6 + thusfar,
data/ncap-1.9.2/ncap_dns.c:463:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[128];
data/ncap-1.9.2/ncap_dns.c:571:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bpf, "not (");
data/ncap-1.9.2/ncap_dns.c:584:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bpf, " or ");
data/ncap-1.9.2/ncap_icmp.c:315:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bpf, "not (");
data/ncap-1.9.2/ncap_icmp.c:328:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bpf, " or ");
data/ncap-1.9.2/ncaptool.c:243:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(optarg, "r");
data/ncap-1.9.2/ncaptool.c:255:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(optarg, O_RDONLY);
data/ncap-1.9.2/ncaptool.c:757:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[100], daddr[100];
data/ncap-1.9.2/ncaptool.c:760:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char when[100];
data/ncap-1.9.2/ncaptool.c:1137:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sink->fp = fopen(sink->tmpname, "w");
data/ncap-1.9.2/pyncap/wrap.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[64], dst[64];
data/ncap-1.9.2/wrapsrv.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NS_MAXDNAME];
data/ncap-1.9.2/wrapsrv.c:293:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
q += sprintf(q, "%hu", se->port);
data/ncap-1.9.2/wrapsrv.c:358:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char answer[NS_MAXMSG];
data/ncap-1.9.2/mod_test.c:61:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &seed, sizeof seed)
data/ncap-1.9.2/ncap_create.c:1481:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(nfp->fdes, nfp->fb, sizeof nfp->fb);
data/ncap-1.9.2/ncap_dns.c:320:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(term);
data/ncap-1.9.2/ncap_dns.c:387:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(word);
data/ncap-1.9.2/ncap_dns.c:441:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(word);
data/ncap-1.9.2/ncap_dns.c:550:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bpf = realloc(bpf, strlen(bpf) + strlen(t) + 1);
data/ncap-1.9.2/ncap_dns.c:550:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bpf = realloc(bpf, strlen(bpf) + strlen(t) + 1);
data/ncap-1.9.2/ncap_dns.c:553:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bpf = realloc(bpf, strlen(bpf) + 2);
data/ncap-1.9.2/ncap_dns.c:554:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bpf, ")");
data/ncap-1.9.2/ncap_dns.c:565:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 1 + strlen(bpf);
data/ncap-1.9.2/ncap_dns.c:569:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen("not (");
data/ncap-1.9.2/ncap_dns.c:573:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen("(");
data/ncap-1.9.2/ncap_dns.c:575:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bpf, "(");
data/ncap-1.9.2/ncap_dns.c:580:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(dp->bpf);
data/ncap-1.9.2/ncap_dns.c:581:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += n > 0 ? strlen(" or ") : 0;
data/ncap-1.9.2/ncap_dns.c:590:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(")");
data/ncap-1.9.2/ncap_dns.c:592:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bpf, ")");
data/ncap-1.9.2/ncap_dns.c:614:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(table->tab[i].sym);
data/ncap-1.9.2/ncap_icmp.c:183:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(term);
data/ncap-1.9.2/ncap_icmp.c:201:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(word);
data/ncap-1.9.2/ncap_icmp.c:309:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 1 + strlen(bpf);
data/ncap-1.9.2/ncap_icmp.c:313:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen("not (");
data/ncap-1.9.2/ncap_icmp.c:317:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen("(");
data/ncap-1.9.2/ncap_icmp.c:319:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bpf, "(");
data/ncap-1.9.2/ncap_icmp.c:324:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(ip->bpf);
data/ncap-1.9.2/ncap_icmp.c:325:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += n > 0 ? strlen(" or ") : 0;
data/ncap-1.9.2/ncap_icmp.c:334:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(")");
data/ncap-1.9.2/ncap_icmp.c:336:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bpf, ")");
data/ncap-1.9.2/ncaptool.c:448:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(*arg) + 1;
data/ncap-1.9.2/ncaptool.c:456:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(filtspec, " ");
data/ncap-1.9.2/wrapsrv.c:268:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_tname = strlen(se->tname);
data/ncap-1.9.2/wrapsrv.c:277:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(cmd) + 1;
data/ncap-1.9.2/wrapsrv.c:280:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz += (strlen(se->tname) + 1) * n_host;
data/ncap-1.9.2/wrapsrv.c:311:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz += strlen(argv[i]);
data/ncap-1.9.2/wrapsrv.c:319:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(argv[i]);
ANALYSIS SUMMARY:
Hits = 104
Lines analyzed = 9182 in approximately 0.27 seconds (34525 lines/second)
Physical Source Lines of Code (SLOC) = 7266
Hits@level = [0] 60 [1] 35 [2] 48 [3] 6 [4] 15 [5] 0
Hits@level+ = [0+] 164 [1+] 104 [2+] 69 [3+] 21 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 22.5709 [1+] 14.3132 [2+] 9.49628 [3+] 2.89017 [4+] 2.06441 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.