Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c Examining data/odhcp6c-1.1+git20190906.e199804/src/md5.c Examining data/odhcp6c-1.1+git20190906.e199804/src/md5.h Examining data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c Examining data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.h Examining data/odhcp6c-1.1+git20190906.e199804/src/ra.c Examining data/odhcp6c-1.1+git20190906.e199804/src/ra.h Examining data/odhcp6c-1.1+git20190906.e199804/src/script.c FINAL RESULTS: data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:907:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(buf, "%s %x %x %x %x %s", data/odhcp6c-1.1+git20190906.e199804/src/script.c:186:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(&buf[buf_len], 6, "/%"PRIu16, e[i].length); data/odhcp6c-1.1+git20190906.e199804/src/script.c:491:3: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(argv[0], argv); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:547:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int random; data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:548:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. odhcp6c_random(&random, sizeof(random)); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:548:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. odhcp6c_random(&random, sizeof(random)); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:550:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return (time * ((int64_t)random % 1000LL)) / 10000LL; data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:189:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "S::N:V:P:FB:c:i:r:Ru:Ux:s:kt:m:Lhedp:fav")) != -1) { data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:151:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:267:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fqdn_buf[256]; data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:313:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ia_pd + ia_pd_len, &hdr_ia_pd, sizeof(hdr_ia_pd)); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:316:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ia_pd + ia_pd_len, &pref, sizeof(pref)); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:351:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ia_pd + ia_pd_len, &hdr_ia_pd, sizeof(hdr_ia_pd)); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:375:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ia_pd + ia_pd_len, &p, sizeof(p)); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:537:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in6_str[INET6_ADDRSTRLEN]; data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:757:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secretbytes, reconf_key, sizeof(reconf_key)); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:871:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cand.duid, odata, olen); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:1116:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reconf_key, r->key, sizeof(r->key)); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:1374:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[len + 3]; data/odhcp6c-1.1+git20190906.e199804/src/md5.c:241:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->buffer[used], data, size); data/odhcp6c-1.1+git20190906.e199804/src/md5.c:245:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->buffer[used], data, available); data/odhcp6c-1.1+git20190906.e199804/src/md5.c:256:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer, data, size); data/odhcp6c-1.1+git20190906.e199804/src/md5.h:50:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[64]; data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:192:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). allow_slaac_only = (optarg) ? atoi(optarg) : -1; data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:250:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix.iaid, iaid_begin + 1, iaid_len > 4 ? 4 : iaid_len); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:344:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sol_timeout = atoi(optarg); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:348:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ra_holdoff_interval = atoi(optarg); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:414:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((urandom_fd = open("/dev/urandom", O_CLOEXEC | O_RDONLY)) < 0 || data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:435:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(pidfile, "w"); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:700:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n, data, len); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:717:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sdata + offset, data, len); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:886:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fd = fopen("/proc/net/if_inet6", "r"); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:889:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:898:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[IF_NAMESIZE], addr_buf[33]; data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1046:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*dst)[o_len]), src, len); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1082:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*dst)[o_len]), tmp, len); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1152:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->data, src, str_len); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.h:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/odhcp6c-1.1+git20190906.e199804/src/ra.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char if_name[IF_NAMESIZE] = {0}; data/odhcp6c-1.1+git20190906.e199804/src/ra.c:454:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&entry->target, ri->prefix, (ri->len - 1) * 8); data/odhcp6c-1.1+git20190906.e199804/src/script.c:43:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char action[16] = ""; data/odhcp6c-1.1+git20190906.e199804/src/script.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *argv[4] = {NULL, NULL, action, NULL}; data/odhcp6c-1.1+git20190906.e199804/src/script.c:103:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, name, buf_len); data/odhcp6c-1.1+git20190906.e199804/src/script.c:126:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, name, buf_len); data/odhcp6c-1.1+git20190906.e199804/src/script.c:178:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, name, buf_len); data/odhcp6c-1.1+git20190906.e199804/src/script.c:303:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf4[INET_ADDRSTRLEN]; data/odhcp6c-1.1+git20190906.e199804/src/script.c:304:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf6[INET6_ADDRSTRLEN]; data/odhcp6c-1.1+git20190906.e199804/src/script.c:314:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in6, rule->ipv6_prefix, prefix6len); data/odhcp6c-1.1+git20190906.e199804/src/script.c:344:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in6, dmr->dmr_ipv6_prefix, prefix6len); data/odhcp6c-1.1+git20190906.e199804/src/script.c:353:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf4[INET_ADDRSTRLEN]; data/odhcp6c-1.1+git20190906.e199804/src/script.c:354:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf6[INET6_ADDRSTRLEN]; data/odhcp6c-1.1+git20190906.e199804/src/script.c:364:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in6, bind->bind_ipv6_prefix, prefix6len); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:137:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:217:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)) < 0) data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:249:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*iaid_begin == ',' && (iaid_len = strlen(iaid_begin)) > 1) data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:876:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(urandom_fd, buf, len); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:900:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:915:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(addr_buf); i++) { data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:921:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < (strlen(addr_buf) / 2); i++) { data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:989:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!name || !strlen(name)) data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1006:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(needles); i++) { data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1017:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(src); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1040:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(src); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1140:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint16_t str_len = strlen(src); data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1216:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(opt) == 0 || strlen(data) == 0) data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1216:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(opt) == 0 || strlen(data) == 0) data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1241:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (end && (end == (data + strlen(data) - 1))) { data/odhcp6c-1.1+git20190906.e199804/src/ra.c:91:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(if_name, ifname, sizeof(if_name) - 1); data/odhcp6c-1.1+git20190906.e199804/src/ra.c:152:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)) < 0) data/odhcp6c-1.1+git20190906.e199804/src/ra.c:217:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read; data/odhcp6c-1.1+git20190906.e199804/src/ra.c:222:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < 0 || !NLMSG_OK(&resp.hdr, (size_t)read) || data/odhcp6c-1.1+git20190906.e199804/src/ra.c:222:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < 0 || !NLMSG_OK(&resp.hdr, (size_t)read) || data/odhcp6c-1.1+git20190906.e199804/src/ra.c:241:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). } while (read > 0); data/odhcp6c-1.1+git20190906.e199804/src/ra.c:520:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). entry->auxlen = strlen((char*)entry->auxtarget); data/odhcp6c-1.1+git20190906.e199804/src/script.c:100:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buf_len = strlen(name); data/odhcp6c-1.1+git20190906.e199804/src/script.c:108:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:121:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buf_len = strlen(name); data/odhcp6c-1.1+git20190906.e199804/src/script.c:134:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:155:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(buf); data/odhcp6c-1.1+git20190906.e199804/src/script.c:171:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buf_len = strlen(name); data/odhcp6c-1.1+git20190906.e199804/src/script.c:183:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:187:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:194:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:198:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:201:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:206:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:212:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:214:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:216:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len += strlen(&buf[buf_len]); data/odhcp6c-1.1+git20190906.e199804/src/script.c:232:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buf_len = strlen(name); data/odhcp6c-1.1+git20190906.e199804/src/script.c:254:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = 13 + strlen(name); data/odhcp6c-1.1+git20190906.e199804/src/script.c:409:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(action, status, sizeof(action) - 1); data/odhcp6c-1.1+git20190906.e199804/src/script.c:487:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, "PASSTHRU=", 10); ANALYSIS SUMMARY: Hits = 94 Lines analyzed = 4710 in approximately 0.12 seconds (38241 lines/second) Physical Source Lines of Code (SLOC) = 3603 Hits@level = [0] 38 [1] 41 [2] 45 [3] 5 [4] 3 [5] 0 Hits@level+ = [0+] 132 [1+] 94 [2+] 53 [3+] 8 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 36.6361 [1+] 26.0894 [2+] 14.71 [3+] 2.22037 [4+] 0.832639 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.