Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/packeth-1.6.5/src/loadpacket.h Examining data/packeth-1.6.5/src/function_send.h Examining data/packeth-1.6.5/src/callbacks.h Examining data/packeth-1.6.5/src/function_send.c Examining data/packeth-1.6.5/src/support.c Examining data/packeth-1.6.5/src/main.c Examining data/packeth-1.6.5/src/support.h Examining data/packeth-1.6.5/src/callbacks.c Examining data/packeth-1.6.5/src/savepacket.h Examining data/packeth-1.6.5/src/headers.h Examining data/packeth-1.6.5/src/function.c Examining data/packeth-1.6.5/src/interface.h Examining data/packeth-1.6.5/src/savepacket.c Examining data/packeth-1.6.5/src/function.h Examining data/packeth-1.6.5/src/interface.c Examining data/packeth-1.6.5/src/loadpacket.c FINAL RESULTS: data/packeth-1.6.5/src/callbacks.c:700:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp[0], en_ip_t); data/packeth-1.6.5/src/callbacks.c:701:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp[1], en_mac_t); data/packeth-1.6.5/src/callbacks.c:702:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp[2], en_name_t); data/packeth-1.6.5/src/callbacks.c:2094:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(iftext, 19, gtk_entry_get_text(GTK_ENTRY(GTK_COMBO(combo)->entry))); data/packeth-1.6.5/src/callbacks.c:3699:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpmac, tmp); data/packeth-1.6.5/src/callbacks.c:3705:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpmac, tmp); data/packeth-1.6.5/src/callbacks.c:3711:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpmac, tmp); data/packeth-1.6.5/src/function.c:3821:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff, strlen(text)+1, text ); data/packeth-1.6.5/src/loadpacket.c:957:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, tmp); data/packeth-1.6.5/src/loadpacket.c:989:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, tmp); data/packeth-1.6.5/src/loadpacket.c:1078:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, tmp); data/packeth-1.6.5/src/loadpacket.c:1112:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, tmp); data/packeth-1.6.5/src/loadpacket.c:1617:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, tmp); data/packeth-1.6.5/src/loadpacket.c:1641:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, tmp); data/packeth-1.6.5/src/callbacks.c:56:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char packet[1522]; data/packeth-1.6.5/src/callbacks.c:362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[101]; data/packeth-1.6.5/src/callbacks.c:367:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(fname, "r")) == NULL) { data/packeth-1.6.5/src/callbacks.c:509:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff4[101]; data/packeth-1.6.5/src/callbacks.c:528:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(fname, "w")) == NULL) { data/packeth-1.6.5/src/callbacks.c:790:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(address_filename, "w")) == NULL) { /* could be also some other failure??? */ data/packeth-1.6.5/src/callbacks.c:882:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(address_filename, "r")) == NULL) { data/packeth-1.6.5/src/callbacks.c:1351:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_crc32[9]; data/packeth-1.6.5/src/callbacks.c:1352:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600]; data/packeth-1.6.5/src/callbacks.c:1791:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600], ch1, ch2; data/packeth-1.6.5/src/callbacks.c:1929:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600], ch1, ch2; data/packeth-1.6.5/src/callbacks.c:2033:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/packeth-1.6.5/src/callbacks.c:2166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600], ch1, ch2; data/packeth-1.6.5/src/callbacks.c:2326:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[3000], tmp2[4600]; data/packeth-1.6.5/src/callbacks.c:2431:7: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( atol(seq_nr_t) > 65535) { data/packeth-1.6.5/src/callbacks.c:2544:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600], ch1, ch2; data/packeth-1.6.5/src/callbacks.c:2897:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(fname, "a")) == NULL) { data/packeth-1.6.5/src/callbacks.c:3054:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600]; data/packeth-1.6.5/src/callbacks.c:3120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600]; data/packeth-1.6.5/src/callbacks.c:3466:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(".defaultBuilder", "r")) == NULL) { data/packeth-1.6.5/src/callbacks.c:3477:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(".defaultGen-b", "r")) == NULL) { data/packeth-1.6.5/src/callbacks.c:3488:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(".defaultGen-s", "r")) == NULL) { data/packeth-1.6.5/src/callbacks.c:3521:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(".defaultBuilder", "w")) == NULL) { data/packeth-1.6.5/src/callbacks.c:3533:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(".defaultGen-b", "w")) == NULL) { data/packeth-1.6.5/src/callbacks.c:3545:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(".defaultGen-s", "w")) == NULL) { data/packeth-1.6.5/src/callbacks.c:3658:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpmac[20], tmp[5]; data/packeth-1.6.5/src/callbacks.c:3680:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpmac, "01:00:5E:"); data/packeth-1.6.5/src/callbacks.c:3696:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mc = atoi(tmp); data/packeth-1.6.5/src/callbacks.c:3703:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mc = atoi(tmp); data/packeth-1.6.5/src/callbacks.c:3709:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mc = atoi(tmp); data/packeth-1.6.5/src/callbacks.c:3831:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ime[10]; data/packeth-1.6.5/src/callbacks.c:3836:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+185); data/packeth-1.6.5/src/callbacks.c:3851:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+111); data/packeth-1.6.5/src/callbacks.c:3856:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((file_p = fopen(mbps_t, "r")) == NULL) { data/packeth-1.6.5/src/callbacks.c:3881:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+121); data/packeth-1.6.5/src/callbacks.c:3886:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+131); data/packeth-1.6.5/src/callbacks.c:3891:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+141); data/packeth-1.6.5/src/callbacks.c:3911:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ime[10]; data/packeth-1.6.5/src/callbacks.c:3914:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+185); data/packeth-1.6.5/src/callbacks.c:3918:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+121); data/packeth-1.6.5/src/callbacks.c:3922:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+131); data/packeth-1.6.5/src/callbacks.c:3926:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+141); data/packeth-1.6.5/src/callbacks.c:3946:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ime[10]; data/packeth-1.6.5/src/callbacks.c:3949:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+185); data/packeth-1.6.5/src/callbacks.c:3953:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+121); data/packeth-1.6.5/src/callbacks.c:3957:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+131); data/packeth-1.6.5/src/callbacks.c:3961:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ime, "entry%d", i+141); data/packeth-1.6.5/src/function.c:54:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char packet[1522]; data/packeth-1.6.5/src/function.c:62:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char iftext[20]; data/packeth-1.6.5/src/function.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xstart[4]; data/packeth-1.6.5/src/function.c:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ystart[4]; data/packeth-1.6.5/src/function.c:96:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pkttable[10][1518]; data/packeth-1.6.5/src/function.c:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100], buf2[80]; data/packeth-1.6.5/src/function.c:344:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params1.xstart, &packet[params1.xbyte-1], 4); data/packeth-1.6.5/src/function.c:397:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params1.xstart, &packet[params1.xbyte-1], 4); data/packeth-1.6.5/src/function.c:403:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params1.ystart, &packet[params1.ybyte-1], 4); data/packeth-1.6.5/src/function.c:527:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff4[101]; data/packeth-1.6.5/src/function.c:616:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (file_p = fopen(en1_t, "r")) == NULL) { data/packeth-1.6.5/src/function.c:627:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkt_temp[100]; data/packeth-1.6.5/src/function.c:636:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fh, pkt_temp, 24); data/packeth-1.6.5/src/function.c:650:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ph, pkt_temp, 16); data/packeth-1.6.5/src/function.c:1030:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atol(plength_t) < 0) || (atol(plength_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1030:34: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atol(plength_t) < 0) || (atol(plength_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1040:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(plength_t)/256); data/packeth-1.6.5/src/function.c:1042:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(plength_t)%256); data/packeth-1.6.5/src/function.c:1055:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(hop_t) < 0) || (atoi(hop_t) > 255) ) { data/packeth-1.6.5/src/function.c:1055:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(hop_t) < 0) || (atoi(hop_t) > 255) ) { data/packeth-1.6.5/src/function.c:1064:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atoi(hop_t)); data/packeth-1.6.5/src/function.c:1313:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atol(total_length_t) < 0) || (atol(total_length_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1313:39: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atol(total_length_t) < 0) || (atol(total_length_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1324:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(total_length_t)/256); data/packeth-1.6.5/src/function.c:1326:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(total_length_t)%256); data/packeth-1.6.5/src/function.c:1348:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(flags_t) > 7) || (atoi(flags_t) < 0) ) { data/packeth-1.6.5/src/function.c:1348:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(flags_t) > 7) || (atoi(flags_t) < 0) ) { data/packeth-1.6.5/src/function.c:1354:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(frag_offset_t) > 8191) || (atoi(frag_offset_t) < 0) ) { data/packeth-1.6.5/src/function.c:1354:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(frag_offset_t) > 8191) || (atoi(frag_offset_t) < 0) ) { data/packeth-1.6.5/src/function.c:1371:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = (atoi(flags_t)<<13 & 0xE000) | data/packeth-1.6.5/src/function.c:1372:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(frag_offset_t) & 0x1FFF) ; data/packeth-1.6.5/src/function.c:1376:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&packet[number], &value, 2); data/packeth-1.6.5/src/function.c:1381:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(ttl_t) < 0) || (atoi(ttl_t) > 255) ) { data/packeth-1.6.5/src/function.c:1381:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(ttl_t) < 0) || (atoi(ttl_t) > 255) ) { data/packeth-1.6.5/src/function.c:1391:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atoi(ttl_t)); data/packeth-1.6.5/src/function.c:1395:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(protocol_t) < 0) || (atoi(protocol_t) > 255) ) { data/packeth-1.6.5/src/function.c:1395:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(protocol_t) < 0) || (atoi(protocol_t) > 255) ) { data/packeth-1.6.5/src/function.c:1405:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atoi(protocol_t)); data/packeth-1.6.5/src/function.c:1459:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (unsigned char)(atoi(tmp)); data/packeth-1.6.5/src/function.c:1480:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (unsigned char)(atoi(tmp)); data/packeth-1.6.5/src/function.c:1626:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(srcport_t) < 0) || (atoi(srcport_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1626:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(srcport_t) < 0) || (atoi(srcport_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1636:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(srcport_t)/256); data/packeth-1.6.5/src/function.c:1638:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(srcport_t)%256); data/packeth-1.6.5/src/function.c:1642:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(dstport_t) < 0) || (atoi(dstport_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1642:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(dstport_t) < 0) || (atoi(dstport_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1652:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(dstport_t)/256); data/packeth-1.6.5/src/function.c:1654:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(dstport_t)%256); data/packeth-1.6.5/src/function.c:1666:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(length_t) < 0) || (atoi(length_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1666:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(length_t) < 0) || (atoi(length_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1676:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(length_t)/256); data/packeth-1.6.5/src/function.c:1678:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(length_t)%256); data/packeth-1.6.5/src/function.c:1844:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(srcport_t) < 0) || (atoi(srcport_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1844:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(srcport_t) < 0) || (atoi(srcport_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1854:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(srcport_t)/256); data/packeth-1.6.5/src/function.c:1856:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(srcport_t)%256); data/packeth-1.6.5/src/function.c:1860:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(dstport_t) < 0) || (atoi(dstport_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1860:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(dstport_t) < 0) || (atoi(dstport_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1870:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(dstport_t)/256); data/packeth-1.6.5/src/function.c:1872:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(dstport_t)%256); data/packeth-1.6.5/src/function.c:1919:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(header_length_t) < 0) || (atoi(header_length_t) > 60) ) { data/packeth-1.6.5/src/function.c:1919:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(header_length_t) < 0) || (atoi(header_length_t) > 60) ) { data/packeth-1.6.5/src/function.c:1926:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( atoi(header_length_t) % 4 != 0) { data/packeth-1.6.5/src/function.c:1937:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)((atoi(header_length_t)*4)); data/packeth-1.6.5/src/function.c:1969:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(window_size_t) < 0) || (atoi(window_size_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1969:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(window_size_t) < 0) || (atoi(window_size_t) > 65535) ) { data/packeth-1.6.5/src/function.c:1979:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(window_size_t)/256); data/packeth-1.6.5/src/function.c:1981:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(window_size_t)%256); data/packeth-1.6.5/src/function.c:2013:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(urgent_pointer_t) < 0) || (atoi(urgent_pointer_t) > 65535) ) { data/packeth-1.6.5/src/function.c:2013:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(urgent_pointer_t) < 0) || (atoi(urgent_pointer_t) > 65535) ) { data/packeth-1.6.5/src/function.c:2024:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(urgent_pointer_t)/256); data/packeth-1.6.5/src/function.c:2026:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (char)(atol(urgent_pointer_t)%256); data/packeth-1.6.5/src/function.c:2223:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (unsigned char)(atoi(tmp)); data/packeth-1.6.5/src/function.c:2379:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (unsigned char)(atoi(tmp)); data/packeth-1.6.5/src/function.c:2428:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(type_t)) { data/packeth-1.6.5/src/function.c:3013:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (unsigned char)(atoi(tmp)); data/packeth-1.6.5/src/function.c:3034:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). packet[number] = (unsigned char)(atoi(tmp)); data/packeth-1.6.5/src/function.c:3277:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2]; data/packeth-1.6.5/src/function.c:3468:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(tmp) < 0) || (atoi(tmp) > 255) || (strlen(tmp)==0) || (strlen(tmp)>3) ) data/packeth-1.6.5/src/function.c:3468:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( (atoi(tmp) < 0) || (atoi(tmp) > 255) || (strlen(tmp)==0) || (strlen(tmp)>3) ) data/packeth-1.6.5/src/function.c:3816:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[101]; data/packeth-1.6.5/src/function_send.c:48:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char packet[1522]; data/packeth-1.6.5/src/function_send.c:51:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iftext[20]; data/packeth-1.6.5/src/function_send.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xstart[4]; data/packeth-1.6.5/src/function_send.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ystart[4]; data/packeth-1.6.5/src/function_send.c:81:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pkttable[10][1518]; data/packeth-1.6.5/src/function_send.c:93:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/packeth-1.6.5/src/function_send.c:167:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/packeth-1.6.5/src/function_send.c:495:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&packet[p->xbyte-1], p->xstart, 4); data/packeth-1.6.5/src/function_send.c:507:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&packet[p->xbyte-1], p->xstart, 4); data/packeth-1.6.5/src/function_send.c:553:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&packet[p->xbyte-1], p->xstart, 4); data/packeth-1.6.5/src/function_send.c:565:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&packet[p->xbyte-1], p->xstart, 4); data/packeth-1.6.5/src/function_send.c:599:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&packet[p->ybyte-1], p->ystart, 4); data/packeth-1.6.5/src/function_send.c:611:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&packet[p->ybyte-1], p->ystart, 4); data/packeth-1.6.5/src/function_send.c:734:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/packeth-1.6.5/src/headers.h:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[40]; data/packeth-1.6.5/src/headers.h:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst[40]; data/packeth-1.6.5/src/loadpacket.c:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field[3100]; data/packeth-1.6.5/src/loadpacket.c:37:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/packeth-1.6.5/src/loadpacket.c:38:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp6[40]; data/packeth-1.6.5/src/loadpacket.c:50:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[10]; data/packeth-1.6.5/src/loadpacket.c:51:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffc[11][200]; data/packeth-1.6.5/src/loadpacket.c:158:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/packeth-1.6.5/src/loadpacket.c:159:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffc[11][200]; data/packeth-1.6.5/src/loadpacket.c:354:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkt_temp[3100]; data/packeth-1.6.5/src/loadpacket.c:363:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fh, pkt_temp, 24); data/packeth-1.6.5/src/loadpacket.c:380:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ph, pkt_temp, 16); data/packeth-1.6.5/src/loadpacket.c:414:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ph, pkt_temp, 16); data/packeth-1.6.5/src/loadpacket.c:584:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clptr->dst, temp, 20); data/packeth-1.6.5/src/loadpacket.c:601:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clptr->src, temp, 20); data/packeth-1.6.5/src/loadpacket.c:888:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[5]; data/packeth-1.6.5/src/loadpacket.c:1005:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[5]; data/packeth-1.6.5/src/loadpacket.c:1261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600]; data/packeth-1.6.5/src/loadpacket.c:1296:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600], tmp2[3], ch; data/packeth-1.6.5/src/loadpacket.c:1428:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4600]; data/packeth-1.6.5/src/loadpacket.c:1499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[5]; data/packeth-1.6.5/src/loadpacket.c:1627:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clptr->src, temp, 20); data/packeth-1.6.5/src/loadpacket.c:1650:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clptr->dst, temp, 20); data/packeth-1.6.5/src/loadpacket.c:1797:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[11]; data/packeth-1.6.5/src/loadpacket.c:1871:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f1[8]; data/packeth-1.6.5/src/loadpacket.c:1874:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(f1, from, 8); data/packeth-1.6.5/src/loadpacket.c:1876:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to+0, f1+6,1); data/packeth-1.6.5/src/loadpacket.c:1877:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to+1, f1+7,1); data/packeth-1.6.5/src/loadpacket.c:1878:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to+2, f1+4,1); data/packeth-1.6.5/src/loadpacket.c:1879:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to+3, f1+5,1); data/packeth-1.6.5/src/loadpacket.c:1880:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to+4, f1+2,1); data/packeth-1.6.5/src/loadpacket.c:1881:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to+5, f1+3,1); data/packeth-1.6.5/src/loadpacket.c:1882:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to+6, f1+0,1); data/packeth-1.6.5/src/loadpacket.c:1883:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to+7, f1+1,1); data/packeth-1.6.5/src/loadpacket.c:1888:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[5]; data/packeth-1.6.5/src/loadpacket.c:1958:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clptr->src, temp6, 40); data/packeth-1.6.5/src/loadpacket.c:1979:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clptr->dst, temp6, 40); data/packeth-1.6.5/src/savepacket.c:34:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char packet[1522]; data/packeth-1.6.5/src/savepacket.c:145:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pkttable[10][71]; data/packeth-1.6.5/src/savepacket.c:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff4[101]; data/packeth-1.6.5/src/callbacks.c:673:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(en_ip_t) == 0) && (strlen(en_mac_t) == 0) ) data/packeth-1.6.5/src/callbacks.c:673:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(en_ip_t) == 0) && (strlen(en_mac_t) == 0) ) data/packeth-1.6.5/src/callbacks.c:684:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(en_ip_t) != 0) && (check_ip_address(en_ip_t) == -1) ) { data/packeth-1.6.5/src/callbacks.c:690:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(en_mac_t) != 0) && (check_mac_address(en_mac_t) == -1) ) { data/packeth-1.6.5/src/callbacks.c:915:40: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (i=1, first = 0, second = 0; (ch=getc(fp)) != '\n' && i<84 && ch != EOF ;i++ ) { data/packeth-1.6.5/src/callbacks.c:959:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(row[0], tmp, first ); data/packeth-1.6.5/src/callbacks.c:960:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(row[1], &tmp[first], (second-first)); data/packeth-1.6.5/src/callbacks.c:961:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(row[2], &tmp[second], (i-second)); data/packeth-1.6.5/src/callbacks.c:963:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (check_ip_address(row[0]) == -1) && (strlen(row[0]) !=0) ) { data/packeth-1.6.5/src/callbacks.c:977:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (check_mac_address(row[1]) == -1) && (strlen(row[1]) !=0) ) { data/packeth-1.6.5/src/callbacks.c:2067:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (length + strlen(pIfr->ifr_name) + 1) < 100) { data/packeth-1.6.5/src/callbacks.c:2070:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = ptr + strlen(pIfr->ifr_name) + 1; data/packeth-1.6.5/src/callbacks.c:2071:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = length + strlen(pIfr->ifr_name) + 1; data/packeth-1.6.5/src/callbacks.c:2262:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(freq_entry_t, strlen(freq_entry_t), data/packeth-1.6.5/src/callbacks.c:2274:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(length_entry_t, strlen(length_entry_t), data/packeth-1.6.5/src/callbacks.c:2373:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(vers_t, strlen(vers_t), "Error: RTP version value") == -1) data/packeth-1.6.5/src/callbacks.c:2396:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(csrc_nr_t, strlen(csrc_nr_t), "Error: rtp csrc value") == -1) data/packeth-1.6.5/src/callbacks.c:2417:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(payload_type_t, strlen(payload_type_t), data/packeth-1.6.5/src/callbacks.c:2428:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(seq_nr_t, strlen(seq_nr_t), "Error: rtp sequence number value") == -1) data/packeth-1.6.5/src/callbacks.c:2444:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(timestamp_t, strlen(timestamp_t), "Error: rtp timestamp value") == -1) data/packeth-1.6.5/src/callbacks.c:2460:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(ssrc_t, strlen(ssrc_t), "Error: rtp ssrc value") == -1) data/packeth-1.6.5/src/callbacks.c:2473:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(csrc_t)%8) != 0) { data/packeth-1.6.5/src/callbacks.c:2480:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(csrc_t) == 0)) data/packeth-1.6.5/src/callbacks.c:2482:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (check_hex(csrc_t, strlen(csrc_t), "Error: rtp crsc identifiers field") == -1) data/packeth-1.6.5/src/callbacks.c:2485:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp[ij], csrc_t, strlen(csrc_t)); data/packeth-1.6.5/src/callbacks.c:2485:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(&tmp[ij], csrc_t, strlen(csrc_t)); data/packeth-1.6.5/src/callbacks.c:2486:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ij = ij + strlen(csrc_t); data/packeth-1.6.5/src/callbacks.c:2489:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(extension_t)%8) != 0) { data/packeth-1.6.5/src/callbacks.c:2496:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(extension_t) == 0) ) data/packeth-1.6.5/src/callbacks.c:2498:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (check_hex(extension_t, strlen(extension_t), "Error: rtp extension value") == -1) data/packeth-1.6.5/src/callbacks.c:2501:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp[ij], extension_t, strlen(extension_t)); data/packeth-1.6.5/src/callbacks.c:2501:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(&tmp[ij], extension_t, strlen(extension_t)); data/packeth-1.6.5/src/callbacks.c:2502:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ij = ij + strlen(extension_t); data/packeth-1.6.5/src/callbacks.c:2504:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(rtp_payload_t)> 1460) || (strlen(rtp_payload_t)%2 != 0) ) { data/packeth-1.6.5/src/callbacks.c:2504:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(rtp_payload_t)> 1460) || (strlen(rtp_payload_t)%2 != 0) ) { data/packeth-1.6.5/src/callbacks.c:2509:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp[ij], rtp_payload_t, strlen(rtp_payload_t)); data/packeth-1.6.5/src/callbacks.c:2509:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(&tmp[ij], rtp_payload_t, strlen(rtp_payload_t)); data/packeth-1.6.5/src/callbacks.c:2510:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ij = ij + strlen(rtp_payload_t); data/packeth-1.6.5/src/callbacks.c:2887:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) == 0) data/packeth-1.6.5/src/callbacks.c:2890:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) > 99) { data/packeth-1.6.5/src/callbacks.c:2895:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(address_filename, fname, strlen(fname)); data/packeth-1.6.5/src/callbacks.c:2895:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(address_filename, fname, strlen(fname)); data/packeth-1.6.5/src/callbacks.c:3058:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(en5_t); data/packeth-1.6.5/src/callbacks.c:3124:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(en5_t); data/packeth-1.6.5/src/callbacks.c:3700:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tmpmac, ":"); data/packeth-1.6.5/src/callbacks.c:3706:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tmpmac, ":"); data/packeth-1.6.5/src/callbacks.c:3841:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(mbps_t)==0) data/packeth-1.6.5/src/function.c:330:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(en5_t); data/packeth-1.6.5/src/function.c:355:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(en5_t); data/packeth-1.6.5/src/function.c:379:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(en5_t); data/packeth-1.6.5/src/function.c:386:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(en6_t); data/packeth-1.6.5/src/function.c:414:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(en5_t); data/packeth-1.6.5/src/function.c:432:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(en5_t); data/packeth-1.6.5/src/function.c:451:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(en1_t, strlen(en1_t), "Error: Number of packets to send field") == -1) data/packeth-1.6.5/src/function.c:468:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(en2_t, strlen(en2_t), "Error: Delay between packets field") == -1) data/packeth-1.6.5/src/function.c:559:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(en1_t, strlen(en1_t), data/packeth-1.6.5/src/function.c:577:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(en2_t, strlen(en2_t), "Error: Delay between sequences field") == -1) data/packeth-1.6.5/src/function.c:608:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(en1_t) == 0 ) { data/packeth-1.6.5/src/function.c:668:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(en2_t,strlen(en2_t), buff4) == -1) data/packeth-1.6.5/src/function.c:685:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(en3_t,strlen(en3_t), buff4) == -1) data/packeth-1.6.5/src/function.c:702:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(en4_t,strlen(en4_t), buff4) == -1) data/packeth-1.6.5/src/function.c:985:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp[0], version_t, 1); data/packeth-1.6.5/src/function.c:986:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp[1], tos_t, 1); data/packeth-1.6.5/src/function.c:987:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp2[0], (tos_t+1), 1); data/packeth-1.6.5/src/function.c:988:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp2[1], flowlabel_t, 5); data/packeth-1.6.5/src/function.c:1036:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(plength_t, strlen(plength_t), data/packeth-1.6.5/src/function.c:1061:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(hop_t, strlen(hop_t), "Error: ipv6 hop limit field values") == -1) data/packeth-1.6.5/src/function.c:1069:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x_length = strlen(src_t); data/packeth-1.6.5/src/function.c:1103:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x_length = strlen(dst_t); data/packeth-1.6.5/src/function.c:1141:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x_length = strlen(ext_t); data/packeth-1.6.5/src/function.c:1282:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp[0], version_t, 1); data/packeth-1.6.5/src/function.c:1283:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&tmp[1], header_length_t, 1); data/packeth-1.6.5/src/function.c:1320:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(total_length_t, strlen(total_length_t), data/packeth-1.6.5/src/function.c:1361:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(flags_t, strlen(flags_t), "Error: ipv4 flags values") == -1) data/packeth-1.6.5/src/function.c:1365:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(frag_offset_t, strlen(frag_offset_t), data/packeth-1.6.5/src/function.c:1388:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(ttl_t, strlen(ttl_t), "Error: ipv4 ttl field values") == -1) data/packeth-1.6.5/src/function.c:1402:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(protocol_t, strlen(protocol_t), "Error: ipv4 protocol field values") == -1) data/packeth-1.6.5/src/function.c:1492:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(options_t)%8) != 0) { data/packeth-1.6.5/src/function.c:1498:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(options_t) > 80) { data/packeth-1.6.5/src/function.c:1504:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(options_t)/2; data/packeth-1.6.5/src/function.c:1633:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(srcport_t, strlen(srcport_t), "Error: Udp srcport field values") == -1) data/packeth-1.6.5/src/function.c:1649:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(dstport_t, strlen(dstport_t), "Error: Udp destination port field values") == -1) data/packeth-1.6.5/src/function.c:1673:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(length_t, strlen(length_t), "Error: Udp length field values") == -1) data/packeth-1.6.5/src/function.c:1851:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(srcport_t, strlen(srcport_t), "Error: tcp srcport field values") == -1) data/packeth-1.6.5/src/function.c:1867:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(dstport_t, strlen(dstport_t), "Error: tcp destination port field values") == -1) data/packeth-1.6.5/src/function.c:1883:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(sequence_number_t, strlen(sequence_number_t), data/packeth-1.6.5/src/function.c:1905:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(ack_number_t, strlen(ack_number_t), "Error: tcp ack number field values") == -1) data/packeth-1.6.5/src/function.c:1933:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(header_length_t, strlen(header_length_t), data/packeth-1.6.5/src/function.c:1976:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(window_size_t, strlen(window_size_t), "Error: tcp window size field values") == -1) data/packeth-1.6.5/src/function.c:2020:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(urgent_pointer_t, strlen(urgent_pointer_t), data/packeth-1.6.5/src/function.c:2030:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(options_t)%8) != 0) { data/packeth-1.6.5/src/function.c:2036:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(options_t) > 80) { data/packeth-1.6.5/src/function.c:2042:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(options_t)/2; data/packeth-1.6.5/src/function.c:2268:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload_length = strlen(sourceaddresses_t); data/packeth-1.6.5/src/function.c:2334:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload_length = strlen(sourceaddresses_t); data/packeth-1.6.5/src/function.c:2517:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload_length = strlen(data_t); data/packeth-1.6.5/src/function.c:2634:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload_length = strlen(data_t); data/packeth-1.6.5/src/function.c:2747:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload_length = strlen(data_t); data/packeth-1.6.5/src/function.c:2823:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload_length = strlen(data_t); data/packeth-1.6.5/src/function.c:3468:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (atoi(tmp) < 0) || (atoi(tmp) > 255) || (strlen(tmp)==0) || (strlen(tmp)>3) ) data/packeth-1.6.5/src/function.c:3468:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (atoi(tmp) < 0) || (atoi(tmp) > 255) || (strlen(tmp)==0) || (strlen(tmp)>3) ) data/packeth-1.6.5/src/function.c:3480:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(ptr) > 17) data/packeth-1.6.5/src/function.c:3507:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst_length = strlen(dstmac_t); data/packeth-1.6.5/src/function.c:3508:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src_length = strlen(srcmac_t); data/packeth-1.6.5/src/function.c:3779:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( (c = fgetc( file_p )) != EOF ) { data/packeth-1.6.5/src/function.c:3784:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( getc(file_p) != 10); data/packeth-1.6.5/src/function.c:3821:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buff, strlen(text)+1, text ); data/packeth-1.6.5/src/function_send.c:112:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ifr.ifr_name, iftext, sizeof(ifr.ifr_name) - 1); data/packeth-1.6.5/src/function_send.c:216:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ifr.ifr_name, iftext, sizeof(ifr.ifr_name) - 1); data/packeth-1.6.5/src/function_send.c:769:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ifr.ifr_name, iftext, sizeof(ifr.ifr_name) - 1); data/packeth-1.6.5/src/loadpacket.c:71:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( (c = fgetc( file_p )) != EOF ) { data/packeth-1.6.5/src/loadpacket.c:75:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( getc(file_p) != 10); data/packeth-1.6.5/src/loadpacket.c:93:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buff) == 0) data/packeth-1.6.5/src/loadpacket.c:97:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&buffc[k][j], buff, 9); data/packeth-1.6.5/src/loadpacket.c:173:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( (c = fgetc( file_p )) != EOF ) { data/packeth-1.6.5/src/loadpacket.c:176:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( getc(file_p) != 10); data/packeth-1.6.5/src/loadpacket.c:273:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(&buffc[j][0]) > 0 ) && (strlen(&buffc[j][0]) < 70) ) { data/packeth-1.6.5/src/loadpacket.c:273:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen(&buffc[j][0]) > 0 ) && (strlen(&buffc[j][0]) < 70) ) { data/packeth-1.6.5/src/loadpacket.c:1578:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp+1, ptrf+1, 3); data/packeth-1.6.5/src/loadpacket.c:1782:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ptr, from, length); data/packeth-1.6.5/src/loadpacket.c:1946:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ptrt, ptrf, 4); data/packeth-1.6.5/src/loadpacket.c:1948:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ptrt, ":"); data/packeth-1.6.5/src/loadpacket.c:1952:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ptrt, ptrf, 4); data/packeth-1.6.5/src/loadpacket.c:1967:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ptrt, ptrf, 4); data/packeth-1.6.5/src/loadpacket.c:1969:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ptrt, ":"); data/packeth-1.6.5/src/loadpacket.c:1973:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ptrt, ptrf, 4); data/packeth-1.6.5/src/savepacket.c:93:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(bt1_t, strlen(bt1_t), "Error: Number of packets to send field") == -1) data/packeth-1.6.5/src/savepacket.c:110:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(bt2_t, strlen(bt2_t), "Error: Delay between packets field") == -1) data/packeth-1.6.5/src/savepacket.c:168:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(bt1_t, strlen(bt1_t), data/packeth-1.6.5/src/savepacket.c:186:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(bt2_t, strlen(bt2_t), "Error: Delay between sequences field") == -1) data/packeth-1.6.5/src/savepacket.c:206:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(bt1_t) == 0 ) { data/packeth-1.6.5/src/savepacket.c:213:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&pkttable[i][0], bt1_t, 70); data/packeth-1.6.5/src/savepacket.c:220:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(bt2_t,strlen(bt2_t), buff4) == -1) data/packeth-1.6.5/src/savepacket.c:237:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(bt2_t,strlen(bt2_t), buff4) == -1) data/packeth-1.6.5/src/savepacket.c:254:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_digit(bt2_t,strlen(bt2_t), buff4) == -1) ANALYSIS SUMMARY: Hits = 331 Lines analyzed = 21247 in approximately 0.57 seconds (37284 lines/second) Physical Source Lines of Code (SLOC) = 16233 Hits@level = [0] 115 [1] 135 [2] 182 [3] 0 [4] 14 [5] 0 Hits@level+ = [0+] 446 [1+] 331 [2+] 196 [3+] 14 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 27.4749 [1+] 20.3906 [2+] 12.0742 [3+] 0.862441 [4+] 0.862441 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.