Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pchar-1.5/GetIfInfo.cc
Examining data/pchar-1.5/Kendall.cc
Examining data/pchar-1.5/Kendall.h
Examining data/pchar-1.5/Pctest.cc
Examining data/pchar-1.5/PctestIpv4.cc
Examining data/pchar-1.5/PctestIpv4File.h
Examining data/pchar-1.5/PctestIpv4Udp.cc
Examining data/pchar-1.5/PctestIpv4Udp.h
Examining data/pchar-1.5/PctestIpv4Raw.cc
Examining data/pchar-1.5/PctestIpv4Raw.h
Examining data/pchar-1.5/PctestIpv4Tcp.cc
Examining data/pchar-1.5/PctestIpv4Tcp.h
Examining data/pchar-1.5/PctestIpv4Icmp.cc
Examining data/pchar-1.5/PctestIpv4Icmp.h
Examining data/pchar-1.5/PctestIpv6.cc
Examining data/pchar-1.5/PctestIpv6File.h
Examining data/pchar-1.5/PctestIpv6Icmp.cc
Examining data/pchar-1.5/PctestIpv6Icmp.h
Examining data/pchar-1.5/PctestIpv6Tcp.cc
Examining data/pchar-1.5/PctestIpv6Tcp.h
Examining data/pchar-1.5/PctestIpv6Udp.cc
Examining data/pchar-1.5/PctestIpv6Udp.h
Examining data/pchar-1.5/ResultTable.h
Examining data/pchar-1.5/TestRecord.cc
Parsing failed to find end of parameter list; semicolon terminated it in (buffer2, buflen,
#else
sprintf(buffer2,
#endif /* HAVE_SNPRINTF */
"probe t %ld.%06ld ", tvstart.tv_sec, tvstart.tv_usec);
strncat(buffer, buffer2, buflen);
#ifdef HAVE_SNPRINTF
Parsing failed to find end of parameter list; semicolon terminated it in (buffer2, buflen,
#else
sprintf(buffer2,
#endif /* HAVE_SNPRINTF */
"h %d b %d addr %s res %d rtt %ld.%06ld rb %d", hops, size, pct->GetPrintableAddress(icmpSourceAddress), result, tv.tv_s
Examining data/pchar-1.5/TestRecord.h
Examining data/pchar-1.5/pc.h
Examining data/pchar-1.5/PctestIpv4.h
Examining data/pchar-1.5/PctestIpv6.h
Examining data/pchar-1.5/Pctest.h
Examining data/pchar-1.5/GetIfInfo.h
Examining data/pchar-1.5/PctestIpv4File.cc
Examining data/pchar-1.5/PctestIpv6File.cc
Examining data/pchar-1.5/ResultTable.cc
Examining data/pchar-1.5/main.cc
FINAL RESULTS:
data/pchar-1.5/GetIfInfo.cc:146:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(session.peername, intoap);
data/pchar-1.5/GetIfInfo.cc:152:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cbuff, pct->GetPrintableAddress(addr));
data/pchar-1.5/GetIfInfo.cc:216:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(query_B_names[ndx], query_B_names_master[ndx]);
data/pchar-1.5/GetIfInfo.cc:217:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(query_B_names[ndx], cbuff);
data/pchar-1.5/TestRecord.cc:52:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buffer2, buflen,
data/pchar-1.5/TestRecord.cc:54:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer2,
data/pchar-1.5/TestRecord.cc:60:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buffer2, buflen,
data/pchar-1.5/TestRecord.cc:62:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer2,
data/pchar-1.5/TestRecord.cc:94:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(s, "probe t %f h %d b %d addr %s res %d rtt %f rb %d", &tvstartFloat, &hops, &size, icmpsrcChars, &result, &tvFloat, &replsize) == 7) {
data/pchar-1.5/Pctest.cc:181:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
buf[i] = random() & 0xff;
data/pchar-1.5/main.cc:27:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random(void);
data/pchar-1.5/main.cc:347:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:b:cCd:g:G:hH:i:I:l:m:M:np:P:qR:r:s:St:T:vVw:")) != -1) {
data/pchar-1.5/main.cc:671:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/pchar-1.5/main.cc:893:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int swapIndex = random() % testsPerRep;
data/pchar-1.5/main.cc:1240:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u = random();
data/pchar-1.5/main.cc:1622:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
packetSize = Increment * (random() % (Mtu/Increment));
data/pchar-1.5/main.cc:1721:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u = random();
data/pchar-1.5/pc.h:125:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long random(void);
data/pchar-1.5/pc.h:126:10: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void srandom(unsigned int);
data/pchar-1.5/GetIfInfo.cc:85:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuff[128];
data/pchar-1.5/GetIfInfo.cc:97:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *query_A_names[AVBI_COUNT] =
data/pchar-1.5/GetIfInfo.cc:115:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *query_B_names_master[BVBI_COUNT] =
data/pchar-1.5/GetIfInfo.cc:123:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *query_B_names[BVBI_COUNT];
data/pchar-1.5/GetIfInfo.cc:151:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cbuff, "ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex.");
data/pchar-1.5/GetIfInfo.cc:211:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cbuff, "%lu", ifnumber);
data/pchar-1.5/PctestIpv4.cc:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dummyAddr.sin_addr, &targetAddress,
data/pchar-1.5/PctestIpv4.cc:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&originAddress, &localAddr.sin_addr, sizeof(struct in_addr));
data/pchar-1.5/PctestIpv4.cc:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&originAddress, host->h_addr_list[0], host->h_length);
data/pchar-1.5/PctestIpv4.cc:199:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&targetAddress, host->h_addr_list[0], host->h_length);
data/pchar-1.5/PctestIpv4.cc:209:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&targetSocketAddress.sin_addr, host->h_addr_list[0], host->h_length);
data/pchar-1.5/PctestIpv4.cc:345:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipHeader.ip_src), &(originAddress), sizeof(struct in_addr));
data/pchar-1.5/PctestIpv4.cc:346:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipHeader.ip_dst), &(targetSocketAddress.sin_addr), sizeof(struct in_addr));
data/pchar-1.5/PctestIpv4.cc:377:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket, &ipHeader, sizeof(ipHeader));
data/pchar-1.5/PctestIpv4.cc:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket + sizeof(ipHeader), &icmpHeader, ICMP_MINLEN);
data/pchar-1.5/PctestIpv4.cc:379:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket + sizeof(ipHeader) + ICMP_MINLEN,
data/pchar-1.5/PctestIpv4File.cc:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buflen]; // line buffer
data/pchar-1.5/PctestIpv4File.cc:132:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(ReadFilename, "r");
data/pchar-1.5/PctestIpv4File.cc:198:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[128];
data/pchar-1.5/PctestIpv4File.cc:204:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[128];
data/pchar-1.5/PctestIpv4File.cc:239:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[128];
data/pchar-1.5/PctestIpv4File.cc:298:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, cur->icmpSourceAddress, sizeof(in_addr));
data/pchar-1.5/PctestIpv4Icmp.cc:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipHeader.ip_src), &(originAddress), sizeof(struct in_addr));
data/pchar-1.5/PctestIpv4Icmp.cc:165:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipHeader.ip_dst), &(targetSocketAddress.sin_addr), sizeof(struct in_addr));
data/pchar-1.5/PctestIpv4Icmp.cc:195:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket, &ipHeader, sizeof(ipHeader));
data/pchar-1.5/PctestIpv4Icmp.cc:196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket + sizeof(ipHeader), &icmpHeader, ICMP_MINLEN);
data/pchar-1.5/PctestIpv4Icmp.cc:197:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket + sizeof(ipHeader) + ICMP_MINLEN,
data/pchar-1.5/PctestIpv4Icmp.cc:310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(icmpPacket, packet, packetLength);
data/pchar-1.5/PctestIpv4Icmp.cc:382:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr));
data/pchar-1.5/PctestIpv4Icmp.cc:431:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr));
data/pchar-1.5/PctestIpv4Raw.cc:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipHeader.ip_src), &originAddress, sizeof(struct in_addr));
data/pchar-1.5/PctestIpv4Raw.cc:179:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipHeader.ip_dst), &(targetSocketAddress.sin_addr), sizeof(struct in_addr));
data/pchar-1.5/PctestIpv4Raw.cc:203:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket, &ipHeader, sizeof(ipHeader));
data/pchar-1.5/PctestIpv4Raw.cc:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket + sizeof(ipHeader), &udpHeader, sizeof(udpHeader));
data/pchar-1.5/PctestIpv4Raw.cc:205:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket + sizeof(ipHeader) + sizeof(udpHeader),
data/pchar-1.5/PctestIpv4Raw.cc:336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(icmpPacket, packet, packetLength);
data/pchar-1.5/PctestIpv4Raw.cc:441:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr));
data/pchar-1.5/PctestIpv4Tcp.cc:166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipHeader.ip_src), &(originAddress), sizeof(struct in_addr));
data/pchar-1.5/PctestIpv4Tcp.cc:167:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipHeader.ip_dst), &(targetSocketAddress.sin_addr), sizeof(struct in_addr));
data/pchar-1.5/PctestIpv4Tcp.cc:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket, &ipHeader, sizeof(ipHeader));
data/pchar-1.5/PctestIpv4Tcp.cc:205:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket + sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
data/pchar-1.5/PctestIpv4Tcp.cc:206:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipPacket + sizeof(ipHeader) + sizeof(tcpHeader),
data/pchar-1.5/PctestIpv4Tcp.cc:294:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(icmpPacket, packet, packetLength);
data/pchar-1.5/PctestIpv4Tcp.cc:351:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr));
data/pchar-1.5/PctestIpv4Tcp.cc:385:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr));
data/pchar-1.5/PctestIpv4Udp.cc:74:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(originSocketAddress.sin_addr), &originAddress, sizeof(in_addr));
data/pchar-1.5/PctestIpv4Udp.cc:294:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &(ipHeader->ip_src), sizeof(in_addr));
data/pchar-1.5/PctestIpv6.cc:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dummyAddr.sin6_addr, &targetAddress,
data/pchar-1.5/PctestIpv6.cc:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&originAddress, &localAddr.sin6_addr, sizeof(struct in6_addr));
data/pchar-1.5/PctestIpv6.cc:238:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&targetSocketAddress.sin6_addr,
data/pchar-1.5/PctestIpv6.cc:340:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PctestIpv6PrintableAddress[INET6_ADDRSTRLEN];
data/pchar-1.5/PctestIpv6.cc:354:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PctestIpv6GetName[NI_MAXHOST];
data/pchar-1.5/PctestIpv6.cc:367:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sa.sin6_addr), a, sizeof(struct in6_addr));
data/pchar-1.5/PctestIpv6.cc:426:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(originSocketAddress.sin6_addr), &originAddress, sizeof(in6_addr));
data/pchar-1.5/PctestIpv6.cc:492:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(icmp6Packet, &icmp6Header, sizeof(icmp6Header));
data/pchar-1.5/PctestIpv6.cc:493:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(icmp6Packet + sizeof(icmp6Header), icmp6Payload, icmp6PayloadSize);
data/pchar-1.5/PctestIpv6File.cc:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buflen]; // line buffer
data/pchar-1.5/PctestIpv6File.cc:149:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(ReadFilename, "r");
data/pchar-1.5/PctestIpv6File.cc:215:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[128];
data/pchar-1.5/PctestIpv6File.cc:221:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[128];
data/pchar-1.5/PctestIpv6File.cc:256:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[128];
data/pchar-1.5/PctestIpv6File.cc:315:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, cur->icmpSourceAddress, sizeof(in6_addr));
data/pchar-1.5/PctestIpv6Icmp.cc:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(originSocketAddress.sin6_addr), &originAddress, sizeof(in6_addr));
data/pchar-1.5/PctestIpv6Icmp.cc:194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(icmp6Packet, &icmp6Header, sizeof(icmp6Header));
data/pchar-1.5/PctestIpv6Icmp.cc:195:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(icmp6Packet + sizeof(icmp6Header), icmp6Payload, icmp6PayloadSize);
data/pchar-1.5/PctestIpv6Icmp.cc:327:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(icmp6PacketIn, packet + sizeof(ip6_hdr), packetLength - sizeof(ip6_hdr));
data/pchar-1.5/PctestIpv6Icmp.cc:332:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&icmpSourceSocketAddress.sin6_addr,
data/pchar-1.5/PctestIpv6Icmp.cc:471:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &icmpSourceSocketAddress.sin6_addr, sizeof(in6_addr));
data/pchar-1.5/PctestIpv6Tcp.cc:130:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(originSocketAddress.sin6_addr), &originAddress, sizeof(in6_addr));
data/pchar-1.5/PctestIpv6Tcp.cc:226:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tcpPacket, &tcpHeader, sizeof(tcpHeader));
data/pchar-1.5/PctestIpv6Tcp.cc:227:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tcpPacket + sizeof(tcpHeader), tcpPayload, tcpPayloadSize);
data/pchar-1.5/PctestIpv6Tcp.cc:317:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(icmp6PacketIn, packet + sizeof(ip6_hdr), packetLength - sizeof(ip6_hdr));
data/pchar-1.5/PctestIpv6Tcp.cc:322:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&icmpSourceSocketAddress.sin6_addr,
data/pchar-1.5/PctestIpv6Tcp.cc:408:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &icmpSourceSocketAddress.sin6_addr, sizeof(in6_addr));
data/pchar-1.5/PctestIpv6Tcp.cc:433:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &(ipv6HeaderIn->ip6_src), sizeof(in6_addr));
data/pchar-1.5/PctestIpv6Udp.cc:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(originSocketAddress.sin6_addr), &originAddress, sizeof(in6_addr));
data/pchar-1.5/PctestIpv6Udp.cc:353:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr.icmpSourceAddress, &icmpSourceSocketAddress.sin6_addr, sizeof(in6_addr));
data/pchar-1.5/TestRecord.cc:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[buflen];
data/pchar-1.5/TestRecord.cc:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer2[buflen];
data/pchar-1.5/TestRecord.cc:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char icmpsrcChars[256];
data/pchar-1.5/main.cc:116:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PcapErrBuf[PCAP_ERRBUF_SIZE];
data/pchar-1.5/main.cc:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buflen]; // line buffer
data/pchar-1.5/main.cc:247:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(ReadFilename, "r");
data/pchar-1.5/main.cc:376:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Burst = atoi(optarg);
data/pchar-1.5/main.cc:404:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
DebugLevel = atoi(optarg);
data/pchar-1.5/main.cc:439:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Hops = atoi(optarg);
data/pchar-1.5/main.cc:464:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Increment = atoi(optarg);
data/pchar-1.5/main.cc:480:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Mtu = atoi(optarg);
data/pchar-1.5/main.cc:547:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Port = atoi(optarg);
data/pchar-1.5/main.cc:573:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Repetitions = atoi(optarg);
data/pchar-1.5/main.cc:579:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
StartHop = atoi(optarg);
data/pchar-1.5/main.cc:601:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Timeout = atoi(optarg);
data/pchar-1.5/main.cc:611:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Tos = atoi(optarg);
data/pchar-1.5/main.cc:1010:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
df = fopen(WriteFilename, "w");
data/pchar-1.5/main.cc:1048:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *checkAddress[MaxAddressesPerHop];
data/pchar-1.5/main.cc:1169:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(checkAddress[addressesSeen],
data/pchar-1.5/main.cc:1580:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
df = fopen(WriteFilename, "w");
data/pchar-1.5/GetIfInfo.cc:141:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session.peername = new char[strlen(intoap)+1];
data/pchar-1.5/GetIfInfo.cc:149:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session.community_len = strlen(community);
data/pchar-1.5/GetIfInfo.cc:189:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nsp, (char *)(vars->val.string), vars->val_len);
data/pchar-1.5/GetIfInfo.cc:212:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = strlen(cbuff);
data/pchar-1.5/GetIfInfo.cc:215:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_B_names[ndx] = new char[ilen + strlen(query_B_names_master[ndx]) + 1];
data/pchar-1.5/GetIfInfo.cc:243:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(IfDescription, (char *)(vars->val.string), vars->val_len);
data/pchar-1.5/PctestIpv4File.cc:199:6: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(s, "src %127s", t);
data/pchar-1.5/PctestIpv4File.cc:205:6: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(s, "dest %127s", t);
data/pchar-1.5/PctestIpv4File.cc:240:6: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(s, "targethost %127s", t);
data/pchar-1.5/PctestIpv4Icmp.cc:315:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(socketIn, icmpPacket, IP_MAXPACKET);
data/pchar-1.5/PctestIpv4Raw.cc:341:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(socketIn, icmpPacket, IP_MAXPACKET);
data/pchar-1.5/PctestIpv4Udp.cc:197:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(socketIn, icmpPacket, IP_MAXPACKET);
data/pchar-1.5/PctestIpv6File.cc:216:6: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(s, "src %127s", t);
data/pchar-1.5/PctestIpv6File.cc:222:6: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(s, "dest %127s", t);
data/pchar-1.5/PctestIpv6File.cc:257:6: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(s, "targethost %127s", t);
data/pchar-1.5/TestRecord.cc:57:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buffer2, buflen);
data/pchar-1.5/TestRecord.cc:65:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buffer2, buflen);
ANALYSIS SUMMARY:
Hits = 133
Lines analyzed = 10001 in approximately 0.23 seconds (44026 lines/second)
Physical Source Lines of Code (SLOC) = 6101
Hits@level = [0] 378 [1] 17 [2] 97 [3] 10 [4] 9 [5] 0
Hits@level+ = [0+] 511 [1+] 133 [2+] 116 [3+] 19 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 83.7568 [1+] 21.7997 [2+] 19.0133 [3+] 3.11424 [4+] 1.47517 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.