Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nftlb-0.6/include/backends.h
Examining data/nftlb-0.6/include/checksum.h
Examining data/nftlb-0.6/include/config.h
Examining data/nftlb-0.6/include/elements.h
Examining data/nftlb-0.6/include/events.h
Examining data/nftlb-0.6/include/farmpolicy.h
Examining data/nftlb-0.6/include/farms.h
Examining data/nftlb-0.6/include/list.h
Examining data/nftlb-0.6/include/network.h
Examining data/nftlb-0.6/include/nft.h
Examining data/nftlb-0.6/include/nftables/libnftables.h
Examining data/nftlb-0.6/include/objects.h
Examining data/nftlb-0.6/include/policies.h
Examining data/nftlb-0.6/include/sbuffer.h
Examining data/nftlb-0.6/include/server.h
Examining data/nftlb-0.6/include/sessions.h
Examining data/nftlb-0.6/src/backends.c
Examining data/nftlb-0.6/src/checksum.c
Examining data/nftlb-0.6/src/config.c
Examining data/nftlb-0.6/src/elements.c
Examining data/nftlb-0.6/src/events.c
Examining data/nftlb-0.6/src/farmpolicy.c
Examining data/nftlb-0.6/src/farms.c
Examining data/nftlb-0.6/src/main.c
Examining data/nftlb-0.6/src/network.c
Examining data/nftlb-0.6/src/nft.c
Examining data/nftlb-0.6/src/objects.c
Examining data/nftlb-0.6/src/policies.c
Examining data/nftlb-0.6/src/sbuffer.c
Examining data/nftlb-0.6/src/server.c
Examining data/nftlb-0.6/src/sessions.c
FINAL RESULTS:
data/nftlb-0.6/src/config.c:684:8: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(config_outbuf + len, fmt, args);
data/nftlb-0.6/src/config.c:1066:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s", sname);
data/nftlb-0.6/src/config.c:1218:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len += vsprintf(*buf + len, fmt, args);
data/nftlb-0.6/src/main.c:131:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(optarg, "%*s", (int)strlen(optarg) - 1, " ");
data/nftlb-0.6/src/network.c:540:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, indev);
data/nftlb-0.6/src/network.c:591:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outdev, ifaddr->ifa_name);
data/nftlb-0.6/src/network.c:601:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outdev, ifaddr->ifa_name);
data/nftlb-0.6/src/nft.c:240:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ifentry->ifname, "%s", ifname);
data/nftlb-0.6/src/nft.c:311:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(0, 0, fmt, args);
data/nftlb-0.6/src/nft.c:535:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpptr, value);
data/nftlb-0.6/src/nft.c:545:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", tmp);
data/nftlb-0.6/src/nft.c:557:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", p->logprefix);
data/nftlb-0.6/src/nft.c:564:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", f->logprefix);
data/nftlb-0.6/src/nft.c:575:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", f->newrtlimit_logprefix);
data/nftlb-0.6/src/nft.c:580:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", f->rstrtlimit_logprefix);
data/nftlb-0.6/src/nft.c:586:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", b->estconnlimit_logprefix);
data/nftlb-0.6/src/nft.c:592:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", f->estconnlimit_logprefix);
data/nftlb-0.6/src/nft.c:597:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", f->tcpstrict_logprefix);
data/nftlb-0.6/src/nft.c:622:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s", f->name);
data/nftlb-0.6/src/nft.c:624:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-%s", NFTLB_TYPE_FILTER, f->name);
data/nftlb-0.6/src/nft.c:626:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-%s", NFTLB_TYPE_NAT, f->name);
data/nftlb-0.6/src/nft.c:628:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-%s", NFTLB_TYPE_FWD, f->name);
data/nftlb-0.6/src/nft.c:630:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-back", f->name);
data/nftlb-0.6/src/nft.c:635:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "ft-%s", f->name);
data/nftlb-0.6/src/nft.c:641:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-%s", print_nft_service(family, f->protocol), f->iface);
data/nftlb-0.6/src/nft.c:643:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-%s", NFTLB_TYPE_FILTER, print_nft_service(family, f->protocol));
data/nftlb-0.6/src/nft.c:645:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-%s", NFTLB_TYPE_NAT, print_nft_service(family, f->protocol));
data/nftlb-0.6/src/nft.c:647:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-%s", NFTLB_TYPE_FWD, print_nft_service(family, f->protocol));
data/nftlb-0.6/src/nft.c:649:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-back", print_nft_service(family, f->protocol));
data/nftlb-0.6/src/nft.c:654:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s-%s", print_nft_service(family, f->protocol), f->iface);
data/nftlb-0.6/src/nft.c:684:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chain_device, "%s", f->iface);
data/nftlb-0.6/src/nft.c:685:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(base_chain, "%s-%s", NFTLB_TABLE_INGRESS, chain_device);
data/nftlb-0.6/src/nft.c:695:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chain_device, "%s", f->oface);
data/nftlb-0.6/src/nft.c:696:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(base_chain, "%s-%s", NFTLB_TABLE_INGRESS, chain_device);
data/nftlb-0.6/src/nft.c:703:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(base_chain, "%s", NFTLB_TABLE_FILTER);
data/nftlb-0.6/src/nft.c:711:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(base_chain, "%s", NFTLB_TABLE_PREROUTING);
data/nftlb-0.6/src/nft.c:719:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(base_chain, "%s", NFTLB_TABLE_POSTROUTING);
data/nftlb-0.6/src/nft.c:727:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(base_chain, "%s", NFTLB_TABLE_FORWARD);
data/nftlb-0.6/src/nft.c:852:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*buf, ": %s ", f->srcaddr);
data/nftlb-0.6/src/nft.c:855:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*buf, ": goto %s ", chain);
data/nftlb-0.6/src/nft.c:859:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*buf, ": %s ", b->srcaddr);
data/nftlb-0.6/src/nft.c:861:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*buf, ": %s ", f->srcaddr);
data/nftlb-0.6/src/nft.c:948:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key_str, "%s . %d", b->ipaddr, port_list[i]);
data/nftlb-0.6/src/nft.c:951:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key_str, "%s . %s", b->ipaddr, b->port);
data/nftlb-0.6/src/nft.c:954:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key_str, "%s", b->ipaddr);
data/nftlb-0.6/src/nft.c:1139:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map_str, "map-%s-back", f->name);
data/nftlb-0.6/src/nft.c:1363:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map_str, "static-sessions-%s", f->name);
data/nftlb-0.6/src/nft.c:1404:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map_str, "persist-%s", f->name);
data/nftlb-0.6/src/nft.c:1442:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map_str, "persist-%s", f->name);
data/nftlb-0.6/src/nft.c:1479:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meter_str, "%s-%s", CONFIG_KEY_NEWRTLIMIT, f->name);
data/nftlb-0.6/src/nft.c:1492:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meter_str, "%s-%s", CONFIG_KEY_RSTRTLIMIT, f->name);
data/nftlb-0.6/src/nft.c:1505:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meter_str, "%s-%s", CONFIG_KEY_ESTCONNLIMIT, f->name);
data/nftlb-0.6/src/nft.c:1531:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meter_str, "%s-%s-%s", CONFIG_KEY_ESTCONNLIMIT, f->name, b->name);
data/nftlb-0.6/src/nft.c:1626:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(list, f->iface);
data/nftlb-0.6/src/nft.c:1633:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(list, f->oface);
data/nftlb-0.6/src/nft.c:1641:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(list, b->oface);
data/nftlb-0.6/src/nft.c:1795:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map_str, "static-sessions-%s", f->name);
data/nftlb-0.6/src/nft.c:1869:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map_str, "persist-%s", f->name);
data/nftlb-0.6/src/nft.c:1894:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map_str, "persist-%s", f->name);
data/nftlb-0.6/src/nft.c:1936:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map_str, "persist-%s", f->name);
data/nftlb-0.6/src/nft.c:1998:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map_str, "map-%s-back", f->name);
data/nftlb-0.6/src/nft.c:2113:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fchain, "%s-%s", NFTLB_TYPE_FILTER, f->name);
data/nftlb-0.6/src/nft.c:2114:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fservice, "%s-%s", NFTLB_TYPE_FILTER, print_nft_service(family, f->protocol));
data/nftlb-0.6/src/nft.c:2236:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "list table %s %s", NFTLB_IPV4_FAMILY, NFTLB_TABLE_NAME);
data/nftlb-0.6/src/nft.c:2241:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "list table %s %s", NFTLB_IPV6_FAMILY, NFTLB_TABLE_NAME);
data/nftlb-0.6/src/nft.c:2246:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "list table %s %s", NFTLB_NETDEV_FAMILY, NFTLB_TABLE_NAME);
data/nftlb-0.6/src/nft.c:2399:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "list map %s nftlb persist-%s", print_nft_table_family(f->family, f->mode), f->name);
data/nftlb-0.6/src/nft.c:2402:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "list set netdev nftlb %s", p->name);
data/nftlb-0.6/src/objects.c:347:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", CONFIG_VALUE_META_NONE);
data/nftlb-0.6/src/objects.c:352:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, CONFIG_VALUE_META_SRCIP);
data/nftlb-0.6/src/objects.c:357:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, CONFIG_VALUE_META_DSTIP);
data/nftlb-0.6/src/objects.c:362:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, CONFIG_VALUE_META_SRCPORT);
data/nftlb-0.6/src/objects.c:367:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, CONFIG_VALUE_META_DSTPORT);
data/nftlb-0.6/src/objects.c:372:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, CONFIG_VALUE_META_SRCMAC);
data/nftlb-0.6/src/objects.c:377:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, CONFIG_VALUE_META_DSTMAC);
data/nftlb-0.6/src/objects.c:417:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", CONFIG_VALUE_LOG_NONE);
data/nftlb-0.6/src/objects.c:422:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s ", CONFIG_VALUE_LOG_INPUT);
data/nftlb-0.6/src/objects.c:425:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, CONFIG_VALUE_LOG_FORWARD);
data/nftlb-0.6/src/objects.c:430:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, CONFIG_VALUE_LOG_OUTPUT);
data/nftlb-0.6/src/objects.c:544:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*dst, "%s", src);
data/nftlb-0.6/src/sbuffer.c:116:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(pnext, len + 1, fmt, args);
data/nftlb-0.6/src/sbuffer.c:128:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(0, 0, fmt, args);
data/nftlb-0.6/src/server.c:500:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s:%hu",inet_ntop(addr->ss_family,
data/nftlb-0.6/src/server.c:506:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s:%hu",inet_ntop(addr->ss_family,
data/nftlb-0.6/src/server.c:528:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(response, "%s%s%d%s%s", ws_str_responses[state->status_code],
data/nftlb-0.6/src/server.c:728:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nftserver.host, "%s", host);
data/nftlb-0.6/src/server.c:739:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nftserver.port, "%s", port);
data/nftlb-0.6/src/sessions.c:301:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*parsed, "%s", s->client);
data/nftlb-0.6/src/main.c:118:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "hl:c:k:ed6H:P:S", options, NULL)) != -1) {
data/nftlb-0.6/src/server.c:755:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int) time(0) + getpid());
data/nftlb-0.6/src/backends.c:203:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dst_ethaddr[ETH_HW_ADDR_LEN];
data/nftlb-0.6/src/backends.c:204:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char src_ethaddr[ETH_HW_ADDR_LEN];
data/nftlb-0.6/src/backends.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char streth[ETH_HW_STR_LEN] = {};
data/nftlb-0.6/src/backends.c:243:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(streth, "%02x:%02x:%02x:%02x:%02x:%02x", dst_ethaddr[0],
data/nftlb-0.6/src/backends.c:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_str[IFNAMSIZ];
data/nftlb-0.6/src/checksum.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IP_MAXPACKET];
data/nftlb-0.6/src/checksum.c:66:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, &iphdr.ip6_src.s6_addr, sizeof (iphdr.ip6_src.s6_addr));
data/nftlb-0.6/src/checksum.c:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, &iphdr.ip6_dst.s6_addr, sizeof (iphdr.ip6_dst.s6_addr));
data/nftlb-0.6/src/checksum.c:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, &iphdr.ip6_nxt, sizeof (iphdr.ip6_nxt));
data/nftlb-0.6/src/checksum.c:97:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, &icmp6hdr.icmp6_type, sizeof (icmp6hdr.icmp6_type));
data/nftlb-0.6/src/checksum.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, &icmp6hdr.icmp6_code, sizeof (icmp6hdr.icmp6_code));
data/nftlb-0.6/src/checksum.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, &icmp6hdr.icmp6_id, sizeof (icmp6hdr.icmp6_id));
data/nftlb-0.6/src/checksum.c:112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, &icmp6hdr.icmp6_seq, sizeof (icmp6hdr.icmp6_seq));
data/nftlb-0.6/src/checksum.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, payload, payloadlen * sizeof (uint8_t));
data/nftlb-0.6/src/config.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_outbuf[CONFIG_OUTBUF_SIZE] = { 0 };
data/nftlb-0.6/src/config.c:57:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", value);
data/nftlb-0.6/src/config.c:62:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%x", value);
data/nftlb-0.6/src/config.c:312:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_int_value = atoi(value);
data/nftlb-0.6/src/config.c:329:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_int_value = atoi(value);
data/nftlb-0.6/src/config.c:339:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_int_value = atoi(value);
data/nftlb-0.6/src/config.c:644:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(file, "r");
data/nftlb-0.6/src/config.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[10];
data/nftlb-0.6/src/config.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100] = {};
data/nftlb-0.6/src/config.c:1043:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255] = { 0 };
data/nftlb-0.6/src/config.c:1215:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(*buf, "{\"response\": \"");
data/nftlb-0.6/src/config.c:1221:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(*buf + len, "\"}");
data/nftlb-0.6/src/elements.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element1[2550] = {0};
data/nftlb-0.6/src/elements.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element2[2550] = {0};
data/nftlb-0.6/src/elements.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element3[2550] = {0};
data/nftlb-0.6/src/farms.c:367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100] = {};
data/nftlb-0.6/src/farms.c:709:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ether[ETH_HW_ADDR_LEN];
data/nftlb-0.6/src/farms.c:710:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char streth[ETH_HW_STR_LEN] = {};
data/nftlb-0.6/src/farms.c:711:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_str[IFNAMSIZ];
data/nftlb-0.6/src/farms.c:758:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(streth, "%02x:%02x:%02x:%02x:%02x:%02x", ether[0],
data/nftlb-0.6/src/farms.c:796:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(streth, "%02x:%02x:%02x:%02x:%02x:%02x", ether[0],
data/nftlb-0.6/src/main.c:124:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loglevel = atoi(optarg);
data/nftlb-0.6/src/network.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[ICMP_PACKETSIZE - sizeof(struct icmphdr)];
data/nftlb-0.6/src/network.c:79:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char src_ethaddr[ETH_HW_ADDR_LEN];
data/nftlb-0.6/src/network.c:81:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dst_ethaddr[ETH_HW_ADDR_LEN];
data/nftlb-0.6/src/network.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(device.sll_addr, sdata->src_ethaddr, ETH_HW_ADDR_LEN * sizeof(uint8_t));
data/nftlb-0.6/src/network.c:162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pckt6.iphdr.ip6_src, sdata->src_ipaddr, sizeof(struct in6_addr));
data/nftlb-0.6/src/network.c:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pckt6.iphdr.ip6_dst, sdata->dst_ipaddr, sizeof(struct in6_addr));
data/nftlb-0.6/src/network.c:178:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame_v6 + ETHER_HDRLEN, &pckt6.iphdr, IP6_HDRLEN * sizeof(uint8_t));
data/nftlb-0.6/src/network.c:179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame_v6 + ETHER_HDRLEN + IP6_HDRLEN, &pckt6.icmphdr, ICMP_HDRLEN * sizeof(uint8_t));
data/nftlb-0.6/src/network.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame_v6 + ETHER_HDRLEN + IP6_HDRLEN + ICMP_HDRLEN, pckt6.data, ICMP_DATALEN * sizeof(uint8_t));
data/nftlb-0.6/src/network.c:189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&remote_addr.sin_addr.s_addr, &sdata->dst_ipaddr->s6_addr, GET_INET_LEN(sdata->family) * sizeof(uint8_t));
data/nftlb-0.6/src/network.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[INET6_ADDRSTRLEN];
data/nftlb-0.6/src/network.c:282:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sdata->dst_ethaddr, ethaddr, 6);
data/nftlb-0.6/src/network.c:443:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->src_ethaddr, src_ethaddr, ETH_HW_ADDR_LEN);
data/nftlb-0.6/src/network.c:448:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_ethaddr, data->dst_ethaddr, ETH_HW_ADDR_LEN);
data/nftlb-0.6/src/network.c:547:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ether, ifr.ifr_hwaddr.sa_data, ETH_HW_ADDR_LEN * sizeof(unsigned char));
data/nftlb-0.6/src/network.c:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_ipaddr[INET6_ADDRSTRLEN] = { 0 };
data/nftlb-0.6/src/network.c:621:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dst_ethaddr[ETH_HW_ADDR_LEN];
data/nftlb-0.6/src/network.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char streth[ETH_HW_STR_LEN] = {};
data/nftlb-0.6/src/network.c:638:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_ethaddr, ethaddr, ETH_HW_ADDR_LEN);
data/nftlb-0.6/src/network.c:640:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(streth, "%02x:%02x:%02x:%02x:%02x:%02x", dst_ethaddr[0], dst_ethaddr[1],
data/nftlb-0.6/src/network.c:656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/nftlb-0.6/src/network.c:681:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MNL_SOCKET_BUFFER_SIZE];
data/nftlb-0.6/src/nft.c:529:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255] = { 0 };
data/nftlb-0.6/src/nft.c:651:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(name, "-m");
data/nftlb-0.6/src/nft.c:666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[255] = { 0 };
data/nftlb-0.6/src/nft.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_chain[265] = { 0 };
data/nftlb-0.6/src/nft.c:668:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain_device[255] = { 0 };
data/nftlb-0.6/src/nft.c:873:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char action_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:874:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:876:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:877:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[255] = { 0 };
data/nftlb-0.6/src/nft.c:892:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(action_str, "add");
data/nftlb-0.6/src/nft.c:896:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(action_str, "delete");
data/nftlb-0.6/src/nft.c:946:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str, "0x%x", bckmark);
data/nftlb-0.6/src/nft.c:1000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:1135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char action_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:1137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1146:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(action_str, "delete");
data/nftlb-0.6/src/nft.c:1150:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(action_str, "add");
data/nftlb-0.6/src/nft.c:1302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logprefix_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protocol[255] = {0};
data/nftlb-0.6/src/nft.c:1337:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(protocol, "tcp");
data/nftlb-0.6/src/nft.c:1344:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(protocol, "udp");
data/nftlb-0.6/src/nft.c:1355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1437:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logprefix_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char meter_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1471:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char burst_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1487:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(burst_str, "burst %d packets ", f->newrtlimitbst);
data/nftlb-0.6/src/nft.c:1500:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(burst_str, "burst %d packets ", f->rstrtlimitbst);
data/nftlb-0.6/src/nft.c:1524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char meter_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logprefix_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:1632:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(list, ", ");
data/nftlb-0.6/src/nft.c:1640:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(list, ", ");
data/nftlb-0.6/src/nft.c:1651:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interfaces[255] = { 0 };
data/nftlb-0.6/src/nft.c:1682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:1683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flowtable[255] = { 0 };
data/nftlb-0.6/src/nft.c:1723:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logprefix_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:1782:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:1783:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1864:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1881:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:1882:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1928:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:1929:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:1971:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[255] = { 0 };
data/nftlb-0.6/src/nft.c:1972:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_str[255] = { 0 };
data/nftlb-0.6/src/nft.c:2109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchain[255] = { 0 };
data/nftlb-0.6/src/nft.c:2110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fservice[255] = { 0 };
data/nftlb-0.6/src/nft.c:2233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[255] = { 0 };
data/nftlb-0.6/src/nft.c:2394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[255] = { 0 };
data/nftlb-0.6/src/server.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[SRV_MAX_IDENT];
data/nftlb-0.6/src/server.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strkey[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstlevel[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secondlevel[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thirdlevel[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fourthlevel[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstlevel[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secondlevel[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thirdlevel[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fourthlevel[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstlevel[SRV_MAX_IDENT] = {0};
data/nftlb-0.6/src/server.c:526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[SRV_MAX_HEADER];
data/nftlb-0.6/src/server.c:540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cli_address[INET6_ADDRSTRLEN + 6]; //max address length + port length
data/nftlb-0.6/src/server.c:593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cli_address[INET6_ADDRSTRLEN + 6]; //max address length + port length
data/nftlb-0.6/src/server.c:609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cli_address[INET6_ADDRSTRLEN + 6]; //max address length + port length
data/nftlb-0.6/src/sessions.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element1[2550] = {0};
data/nftlb-0.6/src/sessions.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element2[2550] = {0};
data/nftlb-0.6/src/sessions.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element3[2550] = {0};
data/nftlb-0.6/src/config.c:681:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(config_outbuf);
data/nftlb-0.6/src/config.c:694:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
syslog(LOG_NOTICE, "%s():%d: payload %d : %s", __FUNCTION__, __LINE__, (int)strlen(buf), buf);
data/nftlb-0.6/src/config.c:696:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root = json_loadb(buf, strlen(buf), JSON_ALLOW_NUL, &error);
data/nftlb-0.6/src/elements.c:105:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fin_ptr = strstr(ini_ptr + strlen(element2), ",")) != NULL) {
data/nftlb-0.6/src/main.c:131:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(optarg, "%*s", (int)strlen(optarg) - 1, " ");
data/nftlb-0.6/src/nft.c:234:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ifentry->ifname = (char *)malloc(strlen(ifname));
data/nftlb-0.6/src/nft.c:251:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd) == 0 || strcmp(cmd, "") == 0)
data/nftlb-0.6/src/nft.c:534:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(token, ptr, strlen(token)) == 0) {
data/nftlb-0.6/src/nft.c:536:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(token);
data/nftlb-0.6/src/nft.c:537:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpptr += strlen(value);
data/nftlb-0.6/src/objects.c:353:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/nftlb-0.6/src/objects.c:358:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/nftlb-0.6/src/objects.c:363:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/nftlb-0.6/src/objects.c:368:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/nftlb-0.6/src/objects.c:373:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/nftlb-0.6/src/objects.c:378:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/nftlb-0.6/src/objects.c:426:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/nftlb-0.6/src/objects.c:537:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*dst = (char *)malloc(strlen(src)+1);
data/nftlb-0.6/src/server.c:531:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(io->fd, response, strlen(response), 0);
data/nftlb-0.6/src/server.c:572:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nftlb_http_send_response(io, &state, strlen(state.body_response));
data/nftlb-0.6/src/server.c:573:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(io->fd, state.body_response, strlen(state.body_response), 0);
data/nftlb-0.6/src/server.c:721:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nftserver.host = malloc(strlen(host)+1);
data/nftlb-0.6/src/server.c:733:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nftserver.port = malloc(strlen(port)+1);
data/nftlb-0.6/src/sessions.c:123:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fin_ptr = strstr(ini_ptr + strlen(element2), ",")) != NULL) {
ANALYSIS SUMMARY:
Hits = 244
Lines analyzed = 11389 in approximately 0.44 seconds (25973 lines/second)
Physical Source Lines of Code (SLOC) = 8693
Hits@level = [0] 335 [1] 24 [2] 130 [3] 2 [4] 88 [5] 0
Hits@level+ = [0+] 579 [1+] 244 [2+] 220 [3+] 90 [4+] 88 [5+] 0
Hits/KSLOC@level+ = [0+] 66.6053 [1+] 28.0686 [2+] 25.3077 [3+] 10.3532 [4+] 10.1231 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.