Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/packit-1.7/src/capture.c
Examining data/packit-1.7/src/capture.h
Examining data/packit-1.7/src/capture_defs.h
Examining data/packit-1.7/src/contrib/pcap-int.h
Examining data/packit-1.7/src/contrib/pcap_setnonblock.c
Examining data/packit-1.7/src/define_defaults.c
Examining data/packit-1.7/src/define_defaults.h
Examining data/packit-1.7/src/error.c
Examining data/packit-1.7/src/error.h
Examining data/packit-1.7/src/exit.c
Examining data/packit-1.7/src/exit.h
Examining data/packit-1.7/src/globals.h
Examining data/packit-1.7/src/init.c
Examining data/packit-1.7/src/init.h
Examining data/packit-1.7/src/inject_defs.h
Examining data/packit-1.7/src/injection.c
Examining data/packit-1.7/src/injection.h
Examining data/packit-1.7/src/main.c
Examining data/packit-1.7/src/main.h
Examining data/packit-1.7/src/print_arp_hdr.c
Examining data/packit-1.7/src/print_arp_hdr.h
Examining data/packit-1.7/src/print_capture.c
Examining data/packit-1.7/src/print_capture.h
Examining data/packit-1.7/src/print_defs.h
Examining data/packit-1.7/src/print_ethernet_hdr.c
Examining data/packit-1.7/src/print_ethernet_hdr.h
Examining data/packit-1.7/src/print_icmpv4_hdr.c
Examining data/packit-1.7/src/print_icmpv4_hdr.h
Examining data/packit-1.7/src/print_injection.c
Examining data/packit-1.7/src/print_injection.h
Examining data/packit-1.7/src/print_ipv4_hdr.c
Examining data/packit-1.7/src/print_ipv4_hdr.h
Examining data/packit-1.7/src/print_pktdump.c
Examining data/packit-1.7/src/print_pktdump.h
Examining data/packit-1.7/src/print_tcp_hdr.c
Examining data/packit-1.7/src/print_tcp_hdr.h
Examining data/packit-1.7/src/print_ts.c
Examining data/packit-1.7/src/print_ts.h
Examining data/packit-1.7/src/print_udp_hdr.c
Examining data/packit-1.7/src/print_udp_hdr.h
Examining data/packit-1.7/src/shape_arp_hdr.c
Examining data/packit-1.7/src/shape_arp_hdr.h
Examining data/packit-1.7/src/shape_defs.h
Examining data/packit-1.7/src/shape_ethernet_hdr.c
Examining data/packit-1.7/src/shape_ethernet_hdr.h
Examining data/packit-1.7/src/shape_icmpv4_hdr.c
Examining data/packit-1.7/src/shape_icmpv4_hdr.h
Examining data/packit-1.7/src/shape_ipv4_hdr.c
Examining data/packit-1.7/src/shape_ipv4_hdr.h
Examining data/packit-1.7/src/shape_packet.c
Examining data/packit-1.7/src/shape_packet.h
Examining data/packit-1.7/src/shape_tcp_hdr.c
Examining data/packit-1.7/src/shape_tcp_hdr.h
Examining data/packit-1.7/src/shape_udp_hdr.c
Examining data/packit-1.7/src/shape_udp_hdr.h
Examining data/packit-1.7/src/stats.c
Examining data/packit-1.7/src/stats.h
Examining data/packit-1.7/src/usage.c
Examining data/packit-1.7/src/usage.h
Examining data/packit-1.7/src/utils.c
Examining data/packit-1.7/src/utils.h
FINAL RESULTS:
data/packit-1.7/src/error.c:42:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(error_buf, ERRBUF_MAXLEN, err, va);
data/packit-1.7/src/utils.c:101:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char*)ip, "%s.%d", ip, oct);
data/packit-1.7/src/utils.c:122:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char*)eaddr, "%s:%0x", eaddr, oct);
data/packit-1.7/src/utils.c:145:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, 255, msgp, va);
data/packit-1.7/src/main.c:123:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "c:eGi:nNr:Rs:vw:xX")) != -1)
data/packit-1.7/src/main.c:191:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "t:")) != -1)
data/packit-1.7/src/main.c:305:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, opts)) != -1)
data/packit-1.7/src/main.c:608:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "m:")) != -1)
data/packit-1.7/src/utils.c:43:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0) ^ getpid() * r_int);
data/packit-1.7/src/contrib/pcap-int.h:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/packit-1.7/src/error.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[ERRBUF_MAXLEN];
data/packit-1.7/src/error.h:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char error_buf[ERRBUF_MAXLEN];
data/packit-1.7/src/exit.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[2];
data/packit-1.7/src/globals.h:142:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char g_w_file[OPT_MAXLEN];
data/packit-1.7/src/globals.h:143:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char g_r_file[OPT_MAXLEN];
data/packit-1.7/src/inject_defs.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[6]; /* total number of possible flags */
data/packit-1.7/src/injection.c:85:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_d_port = (u_int16_t)atoi((char*)g_s_d_port);
data/packit-1.7/src/injection.c:91:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(strstr(g_device, "any")) strcpy(g_device, "lo");
data/packit-1.7/src/injection.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ufilter[1024];
data/packit-1.7/src/main.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_w_file[OPT_MAXLEN];
data/packit-1.7/src/main.c:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_r_file[OPT_MAXLEN];
data/packit-1.7/src/main.c:128:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cnt = (u_int64_t)atoi(optarg);
data/packit-1.7/src/main.c:153:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_snap_len = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:314:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_ahdr_o.op_type = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:318:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_burst_rate = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:322:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(g_p_mode == M_TRACE && (u_int64_t)atoi(optarg) > 0xFF)
data/packit-1.7/src/main.c:325:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cnt = (u_int64_t)atoi(optarg);
data/packit-1.7/src/main.c:329:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.code = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:407:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_r_timeout = (u_int8_t)atoi(optarg);
data/packit-1.7/src/main.c:424:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.orig_s_port = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:429:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.rtime = (u_int32_t)atoi(optarg);
data/packit-1.7/src/main.c:433:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.type = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:444:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.orig_d_port = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:449:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.orig_ttl = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:456:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.orig_id = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:460:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_ip4hdr_o.id = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:468:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.id = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:472:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_ip4hdr_o.tos = (u_int8_t)atoi(optarg);
data/packit-1.7/src/main.c:476:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.orig_tos = (u_int8_t)atoi(optarg);
data/packit-1.7/src/main.c:528:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_s_port = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:532:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(optarg) > 0xFF)
data/packit-1.7/src/main.c:535:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_ip4hdr_o.ttl = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:540:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_thdr_o.urp = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:544:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.otime = (u_int32_t)atoi(optarg);
data/packit-1.7/src/main.c:555:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_ip4hdr_o.p = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:559:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_interval_sec = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:563:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_thdr_o.win = (u_int16_t)atoi(optarg);
data/packit-1.7/src/main.c:583:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_i4hdr_o.ttime = (u_int32_t)atoi(optarg);
data/packit-1.7/src/main.c:587:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_pkt_len = (u_int16_t)atoi(optarg);
data/packit-1.7/src/print_injection.c:69:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(g_thdr_o.flags, "None");
data/packit-1.7/src/print_pktdump.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex_data[HEXDUMP_SHORTS_PER_LINE*HEXDUMP_HEXSTUFF_PER_SHORT+1], *hsp;
data/packit-1.7/src/print_pktdump.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_data[HEXDUMP_BYTES_PER_LINE+1], *asp;
data/packit-1.7/src/print_tcp_hdr.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[7];
data/packit-1.7/src/print_tcp_hdr.c:70:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(flags, "None");
data/packit-1.7/src/print_ts.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[TIMESTAMP_MAXLEN];
data/packit-1.7/src/utils.c:103:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*)ip, "%d", oct);
data/packit-1.7/src/utils.c:124:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*)eaddr, "%0x", oct);
data/packit-1.7/src/utils.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[255];
data/packit-1.7/src/utils.c:177:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Network");
data/packit-1.7/src/utils.c:181:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Host");
data/packit-1.7/src/utils.c:185:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Protocol");
data/packit-1.7/src/utils.c:189:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Port");
data/packit-1.7/src/utils.c:193:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Need Fragment");
data/packit-1.7/src/utils.c:197:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Source Fail");
data/packit-1.7/src/utils.c:201:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Network Unknown");
data/packit-1.7/src/utils.c:205:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Host Unknown");
data/packit-1.7/src/utils.c:209:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Isolated");
data/packit-1.7/src/utils.c:213:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Network Prohibited");
data/packit-1.7/src/utils.c:217:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Host Prohibited");
data/packit-1.7/src/utils.c:221:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "ToS Network");
data/packit-1.7/src/utils.c:225:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "ToS Host");
data/packit-1.7/src/utils.c:229:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Filter Prohibited");
data/packit-1.7/src/utils.c:233:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Host Precedence");
data/packit-1.7/src/utils.c:237:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Precedence Cutoff");
data/packit-1.7/src/utils.c:241:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Unknown");
data/packit-1.7/src/utils.c:251:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Network");
data/packit-1.7/src/utils.c:255:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Host");
data/packit-1.7/src/utils.c:259:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "ToS Net");
data/packit-1.7/src/utils.c:263:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "ToS Host");
data/packit-1.7/src/utils.c:267:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Unknown");
data/packit-1.7/src/utils.c:277:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "In Transit");
data/packit-1.7/src/utils.c:281:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Reassembly");
data/packit-1.7/src/utils.c:285:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Unknown");
data/packit-1.7/src/utils.c:295:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Missing Option");
data/packit-1.7/src/utils.c:299:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Unknown");
data/packit-1.7/src/utils.c:305:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_c, "Unknown");
data/packit-1.7/src/utils.c:324:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Echo Reply");
data/packit-1.7/src/utils.c:328:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Unreachable");
data/packit-1.7/src/utils.c:332:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Source Quench");
data/packit-1.7/src/utils.c:336:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Redirect");
data/packit-1.7/src/utils.c:340:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Echo Request");
data/packit-1.7/src/utils.c:344:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Time Exceeded");
data/packit-1.7/src/utils.c:348:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Param Problem");
data/packit-1.7/src/utils.c:352:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Timestamp");
data/packit-1.7/src/utils.c:356:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Timestamp Reply");
data/packit-1.7/src/utils.c:360:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Info Request");
data/packit-1.7/src/utils.c:364:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Info Reply");
data/packit-1.7/src/utils.c:368:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Router Advertise");
data/packit-1.7/src/utils.c:372:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Router Selection");
data/packit-1.7/src/utils.c:376:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Address Mask Request");
data/packit-1.7/src/utils.c:380:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Address Mask Reply");
data/packit-1.7/src/utils.c:384:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Traceroute");
data/packit-1.7/src/utils.c:388:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icmp_t, "Unknown");
data/packit-1.7/src/utils.c:407:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arp_t, "Request");
data/packit-1.7/src/utils.c:411:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arp_t, "Reply");
data/packit-1.7/src/utils.c:415:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arp_t, "Reverse Request");
data/packit-1.7/src/utils.c:419:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arp_t, "Reverse Reply");
data/packit-1.7/src/utils.c:423:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arp_t, "Inverse Request");
data/packit-1.7/src/utils.c:427:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arp_t, "Inverse Reply");
data/packit-1.7/src/utils.c:431:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arp_t, "Unknown");
data/packit-1.7/src/utils.c:454:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "Net/ROM Pseudo");
data/packit-1.7/src/utils.c:458:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "Ethernet 10/100");
data/packit-1.7/src/utils.c:462:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "Experimental Ethernet");
data/packit-1.7/src/utils.c:466:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "AX.25 Level 2");
data/packit-1.7/src/utils.c:470:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "ProNet Token Ring");
data/packit-1.7/src/utils.c:474:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "IEEE 802.2 Ethernet");
data/packit-1.7/src/utils.c:478:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "ARCNet");
data/packit-1.7/src/utils.c:482:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "AppleTalk");
data/packit-1.7/src/utils.c:486:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "Lanstar");
data/packit-1.7/src/utils.c:490:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "Frame Relay DLCI");
data/packit-1.7/src/utils.c:494:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "ATM");
data/packit-1.7/src/utils.c:498:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "Metricom STRIP");
data/packit-1.7/src/utils.c:502:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw_t, "IPsec Tunnel");
data/packit-1.7/src/utils.c:581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char o_rangestr[11], *ptr, *delim = "-";
data/packit-1.7/src/utils.c:596:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spread[i] = (int)atoi(ptr);
data/packit-1.7/src/utils.c:658:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tchar[2];
data/packit-1.7/src/utils.c:679:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tchar,"%c",(u_int8_t)c);
data/packit-1.7/src/capture.c:56:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(g_r_file) > 0)
data/packit-1.7/src/capture.c:73:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(g_w_file) > 0)
data/packit-1.7/src/capture.c:105:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(g_r_file) > 0)
data/packit-1.7/src/contrib/pcap-int.h:191:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(strncpy((x), (y), (z)), \
data/packit-1.7/src/contrib/pcap-int.h:193:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((y)))
data/packit-1.7/src/define_defaults.c:43:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy((char*)g_s_d_port, "0");
data/packit-1.7/src/injection.c:67:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/main.c:145:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(g_w_file, optarg, OPT_MAXLEN);
data/packit-1.7/src/main.c:149:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(g_r_file, optarg, OPT_MAXLEN);
data/packit-1.7/src/main.c:337:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) == 1 && !strncmp(optarg, "R", 1))
data/packit-1.7/src/main.c:421:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) == 1 && !strncmp(optarg, "R", 1))
data/packit-1.7/src/main.c:441:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) == 1 && !strncmp(optarg, "R", 1))
data/packit-1.7/src/main.c:453:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) == 1 && !strncmp(optarg, "R", 1))
data/packit-1.7/src/main.c:465:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) == 1 && !strncmp(optarg, "R", 1))
data/packit-1.7/src/main.c:508:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) == 1 && !strncmp(optarg, "R", 1))
data/packit-1.7/src/main.c:523:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) == 1 && !strncmp(optarg, "R", 1))
data/packit-1.7/src/main.c:552:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) == 1 && !strncmp(optarg, "R", 1))
data/packit-1.7/src/print_injection.c:51:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(g_thdr_o.flags, "S");
data/packit-1.7/src/print_injection.c:54:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(g_thdr_o.flags, "A");
data/packit-1.7/src/print_injection.c:57:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(g_thdr_o.flags, "F");
data/packit-1.7/src/print_injection.c:60:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(g_thdr_o.flags, "R");
data/packit-1.7/src/print_injection.c:63:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(g_thdr_o.flags, "P");
data/packit-1.7/src/print_injection.c:66:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(g_thdr_o.flags, "U");
data/packit-1.7/src/print_injection.c:68:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(g_thdr_o.flags) < 1)
data/packit-1.7/src/print_tcp_hdr.c:52:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(flags, "U");
data/packit-1.7/src/print_tcp_hdr.c:55:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(flags, "A");
data/packit-1.7/src/print_tcp_hdr.c:58:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(flags, "P");
data/packit-1.7/src/print_tcp_hdr.c:61:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(flags, "R");
data/packit-1.7/src/print_tcp_hdr.c:64:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(flags, "S");
data/packit-1.7/src/print_tcp_hdr.c:67:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(flags, "F");
data/packit-1.7/src/print_tcp_hdr.c:69:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(flags) == 0)
data/packit-1.7/src/shape_icmpv4_hdr.c:63:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/shape_icmpv4_hdr.c:142:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/shape_icmpv4_hdr.c:197:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/shape_icmpv4_hdr.c:244:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/shape_icmpv4_hdr.c:297:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/shape_icmpv4_hdr.c:340:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/shape_ipv4_hdr.c:73:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/shape_tcp_hdr.c:58:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/shape_udp_hdr.c:51:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_payload_len = strlen((char*)g_payload);
data/packit-1.7/src/utils.c:147:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_len = strlen(msg);
data/packit-1.7/src/utils.c:554:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)o_ethstr, (char*)ethstr, 18);
data/packit-1.7/src/utils.c:590:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(o_rangestr, rangestr, 11);
data/packit-1.7/src/utils.c:669:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(string, 0, strlen(string));
data/packit-1.7/src/utils.c:680:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string+len,tchar,2);
ANALYSIS SUMMARY:
Hits = 172
Lines analyzed = 6161 in approximately 0.22 seconds (28519 lines/second)
Physical Source Lines of Code (SLOC) = 3490
Hits@level = [0] 324 [1] 45 [2] 118 [3] 5 [4] 4 [5] 0
Hits@level+ = [0+] 496 [1+] 172 [2+] 127 [3+] 9 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 142.12 [1+] 49.2837 [2+] 36.3897 [3+] 2.5788 [4+] 1.14613 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.