Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/npd6-1.1.0/config.c Examining data/npd6-1.1.0/exparser.c Examining data/npd6-1.1.0/exparser.h Examining data/npd6-1.1.0/expintf.c Examining data/npd6-1.1.0/expintf.h Examining data/npd6-1.1.0/icmp6.c Examining data/npd6-1.1.0/ip6.c Examining data/npd6-1.1.0/npd6config.h Examining data/npd6-1.1.0/util.c Examining data/npd6-1.1.0/debian/patches/remove-sysctl.h Examining data/npd6-1.1.0/main.c Examining data/npd6-1.1.0/npd6.h Examining data/npd6-1.1.0/includes.h FINAL RESULTS: data/npd6-1.1.0/exparser.c:144:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pstat->map[i].name, name); data/npd6-1.1.0/exparser.c:426:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(string_save, pstat->string_value); data/npd6-1.1.0/main.c:127:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(configfile, optarg); data/npd6-1.1.0/main.c:130:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(logfile, optarg); data/npd6-1.1.0/util.c:142:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(obuff, sizeof(obuff), format, param); data/npd6-1.1.0/util.c:303:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( suffix, &px[c1]); // Grab the tail data/npd6-1.1.0/util.c:306:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(px, suffix); // Add the tail back data/npd6-1.1.0/main.c:120:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, OPTIONS_STR, prog_opt, NULL)) > 0) data/npd6-1.1.0/config.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linein[256]; data/npd6-1.1.0/config.c:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixaddrstr[INET6_ADDRSTRLEN]; data/npd6-1.1.0/config.c:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interfacestr[INTERFACE_STRLEN]; data/npd6-1.1.0/config.c:57:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((configFileFD = fopen(configFileName, "r")) == NULL) data/npd6-1.1.0/config.c:147:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). masklen = atoi(slashMarker + 1); data/npd6-1.1.0/config.c:260:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxHops = atoi(righttoken); data/npd6-1.1.0/config.c:284:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). collectTargets = atoi(righttoken); data/npd6-1.1.0/config.c:332:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pollErrorLimit = atoi(righttoken); data/npd6-1.1.0/exparser.c:397:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string_save[256]; data/npd6-1.1.0/exparser.c:718:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipv4, &temp, 4); data/npd6-1.1.0/exparser.h:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/npd6-1.1.0/exparser.h:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string_value[256]; data/npd6-1.1.0/expintf.c:14:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sExpressions[MAX_EXPRESSION_ENTRIES][MAX_EXPRESSION_LENGTH]; data/npd6-1.1.0/icmp6.c:249:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET6_ADDRSTRLEN]; data/npd6-1.1.0/icmp6.c:275:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr6, &(saddr.sin6_addr), sizeof(struct in6_addr)); data/npd6-1.1.0/icmp6.c:289:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET6_ADDRSTRLEN]; data/npd6-1.1.0/ip6.c:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char targetaddr_str[INET6_ADDRSTRLEN]; data/npd6-1.1.0/ip6.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixaddr_str[INET6_ADDRSTRLEN]; data/npd6-1.1.0/ip6.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcaddr_str[INET6_ADDRSTRLEN]; data/npd6-1.1.0/ip6.c:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstaddr_str[INET6_ADDRSTRLEN]; data/npd6-1.1.0/ip6.c:88:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nabuff[MAX_PKT_BUFF]; data/npd6-1.1.0/ip6.c:93:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __attribute__((aligned(8))) chdr[CMSG_SPACE(sizeof(struct in6_pktinfo))]; data/npd6-1.1.0/ip6.c:229:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sockaddr.sin6_addr, srcaddr, sizeof(struct in6_addr)); data/npd6-1.1.0/ip6.c:246:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(nad->nd_na_target), targetaddr, sizeof(struct in6_addr) ); data/npd6-1.1.0/ip6.c:259:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( optdata, linkAddr, 6); data/npd6-1.1.0/ip6.c:284:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pkt_info->ipi6_addr, &srcLinkAddr, sizeof(struct in6_addr) ); data/npd6-1.1.0/ip6.c:347:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr6_str[INET6_ADDRSTRLEN]; data/npd6-1.1.0/ip6.c:369:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixPrefix_str[INET6_ADDRSTRLEN]; data/npd6-1.1.0/main.c:38:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char configfile[FILENAME_MAX]; data/npd6-1.1.0/main.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logfile[FILENAME_MAX] = ""; data/npd6-1.1.0/main.c:219:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msgdata[MAX_MSG_SIZE * 2]; data/npd6-1.1.0/npd6.h:75:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char configfile[FILENAME_MAX]; data/npd6-1.1.0/npd6.h:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameStr[INTERFACE_STRLEN]; data/npd6-1.1.0/npd6.h:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixStr[INET6_ADDRSTRLEN]; data/npd6-1.1.0/npd6.h:86:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char linkAddr[6]; data/npd6-1.1.0/npd6config.h:42:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *configStrs[CONFIGTOTAL] = data/npd6-1.1.0/util.c:138:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[128], obuff[2048]; data/npd6-1.1.0/util.c:196:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "[invalid address]"); data/npd6-1.1.0/util.c:251:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x", data/npd6-1.1.0/util.c:286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffix[INET6_ADDRSTRLEN]; data/npd6-1.1.0/util.c:322:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(px, "0000:0000:0000:0000:0000:0000:0000"); data/npd6-1.1.0/util.c:325:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(px, "0000:0000:0000:0000:0000:0000"); data/npd6-1.1.0/util.c:328:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(px, "0000:0000:0000:0000:0000"); data/npd6-1.1.0/util.c:331:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(px, "0000:0000:0000:0000"); data/npd6-1.1.0/util.c:334:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(px, "0000:0000:0000"); data/npd6-1.1.0/util.c:337:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(px, "0000:0000"); data/npd6-1.1.0/util.c:340:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(px, "0000"); data/npd6-1.1.0/util.c:447:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(link, (unsigned char *)ifr.ifr_ifru.ifru_hwaddr.sa_data, 6); data/npd6-1.1.0/util.c:462:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((logFileFD = fopen(logFileName, "a")) == NULL) data/npd6-1.1.0/util.c:574:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, newTarget, sizeof(struct in6_addr) ); data/npd6-1.1.0/util.c:672:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addressString[INET6_ADDRSTRLEN]; data/npd6-1.1.0/util.c:711:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, newEntry, sizeof(struct in6_addr) ); data/npd6-1.1.0/config.c:100:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(linein); data/npd6-1.1.0/config.c:138:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( prefixaddrstr, righttoken, sizeof(prefixaddrstr)); data/npd6-1.1.0/config.c:184:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( interfaces[prefixCount].prefixStr, prefixaddrstr, data/npd6-1.1.0/config.c:191:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( righttoken) > INTERFACE_STRLEN ) data/npd6-1.1.0/config.c:196:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( interfacestr, righttoken, sizeof(interfacestr)); data/npd6-1.1.0/config.c:199:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( interfaces[interfaceCount].nameStr, interfacestr, data/npd6-1.1.0/expintf.c:22:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&sExpressions[sExpression][0], expression+sizeof("exprlist=")-1, MAX_EXPRESSION_LENGTH); data/npd6-1.1.0/icmp6.c:352:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, ifname, IFNAMSIZ); data/npd6-1.1.0/main.c:102:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(configfile, NPD6_CONF, FILENAME_MAX); data/npd6-1.1.0/main.c:153:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(logfile) ) data/npd6-1.1.0/main.c:155:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(logfile) == 1 && (logfile[0]='-') ) data/npd6-1.1.0/util.c:291:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(px); data/npd6-1.1.0/util.c:312:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(px); data/npd6-1.1.0/util.c:319:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(px); data/npd6-1.1.0/util.c:433:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( ifr.ifr_name, iface, INTERFACE_STRLEN ); ANALYSIS SUMMARY: Hits = 75 Lines analyzed = 3731 in approximately 0.10 seconds (36982 lines/second) Physical Source Lines of Code (SLOC) = 2393 Hits@level = [0] 24 [1] 15 [2] 52 [3] 1 [4] 7 [5] 0 Hits@level+ = [0+] 99 [1+] 75 [2+] 60 [3+] 8 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 41.3707 [1+] 31.3414 [2+] 25.0731 [3+] 3.34308 [4+] 2.9252 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.