Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pchar-1.5/GetIfInfo.cc Examining data/pchar-1.5/Kendall.cc Examining data/pchar-1.5/Kendall.h Examining data/pchar-1.5/Pctest.cc Examining data/pchar-1.5/PctestIpv4.cc Examining data/pchar-1.5/PctestIpv4File.h Examining data/pchar-1.5/PctestIpv4Udp.cc Examining data/pchar-1.5/PctestIpv4Udp.h Examining data/pchar-1.5/PctestIpv4Raw.cc Examining data/pchar-1.5/PctestIpv4Raw.h Examining data/pchar-1.5/PctestIpv4Tcp.cc Examining data/pchar-1.5/PctestIpv4Tcp.h Examining data/pchar-1.5/PctestIpv4Icmp.cc Examining data/pchar-1.5/PctestIpv4Icmp.h Examining data/pchar-1.5/PctestIpv6.cc Examining data/pchar-1.5/PctestIpv6File.h Examining data/pchar-1.5/PctestIpv6Icmp.cc Examining data/pchar-1.5/PctestIpv6Icmp.h Examining data/pchar-1.5/PctestIpv6Tcp.cc Examining data/pchar-1.5/PctestIpv6Tcp.h Examining data/pchar-1.5/PctestIpv6Udp.cc Examining data/pchar-1.5/PctestIpv6Udp.h Examining data/pchar-1.5/ResultTable.h Examining data/pchar-1.5/TestRecord.cc Parsing failed to find end of parameter list; semicolon terminated it in (buffer2, buflen, #else sprintf(buffer2, #endif /* HAVE_SNPRINTF */ "probe t %ld.%06ld ", tvstart.tv_sec, tvstart.tv_usec); strncat(buffer, buffer2, buflen); #ifdef HAVE_SNPRINTF Parsing failed to find end of parameter list; semicolon terminated it in (buffer2, buflen, #else sprintf(buffer2, #endif /* HAVE_SNPRINTF */ "h %d b %d addr %s res %d rtt %ld.%06ld rb %d", hops, size, pct->GetPrintableAddress(icmpSourceAddress), result, tv.tv_s Examining data/pchar-1.5/TestRecord.h Examining data/pchar-1.5/pc.h Examining data/pchar-1.5/PctestIpv4.h Examining data/pchar-1.5/PctestIpv6.h Examining data/pchar-1.5/Pctest.h Examining data/pchar-1.5/GetIfInfo.h Examining data/pchar-1.5/PctestIpv4File.cc Examining data/pchar-1.5/PctestIpv6File.cc Examining data/pchar-1.5/ResultTable.cc Examining data/pchar-1.5/main.cc FINAL RESULTS: data/pchar-1.5/GetIfInfo.cc:146:1: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(session.peername, intoap); data/pchar-1.5/GetIfInfo.cc:152:1: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cbuff, pct->GetPrintableAddress(addr)); data/pchar-1.5/GetIfInfo.cc:216:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(query_B_names[ndx], query_B_names_master[ndx]); data/pchar-1.5/GetIfInfo.cc:217:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(query_B_names[ndx], cbuff); data/pchar-1.5/TestRecord.cc:52:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer2, buflen, data/pchar-1.5/TestRecord.cc:54:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buffer2, data/pchar-1.5/TestRecord.cc:60:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer2, buflen, data/pchar-1.5/TestRecord.cc:62:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buffer2, data/pchar-1.5/TestRecord.cc:94:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(s, "probe t %f h %d b %d addr %s res %d rtt %f rb %d", &tvstartFloat, &hops, &size, icmpsrcChars, &result, &tvFloat, &replsize) == 7) { data/pchar-1.5/Pctest.cc:181:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. buf[i] = random() & 0xff; data/pchar-1.5/main.cc:27:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random(void); data/pchar-1.5/main.cc:347:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "a:b:cCd:g:G:hH:i:I:l:m:M:np:P:qR:r:s:St:T:vVw:")) != -1) { data/pchar-1.5/main.cc:671:5: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/pchar-1.5/main.cc:893:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int swapIndex = random() % testsPerRep; data/pchar-1.5/main.cc:1240:8: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. u = random(); data/pchar-1.5/main.cc:1622:28: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. packetSize = Increment * (random() % (Mtu/Increment)); data/pchar-1.5/main.cc:1721:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. u = random(); data/pchar-1.5/pc.h:125:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random(void); data/pchar-1.5/pc.h:126:10: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void srandom(unsigned int); data/pchar-1.5/GetIfInfo.cc:85:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuff[128]; data/pchar-1.5/GetIfInfo.cc:97:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *query_A_names[AVBI_COUNT] = data/pchar-1.5/GetIfInfo.cc:115:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *query_B_names_master[BVBI_COUNT] = data/pchar-1.5/GetIfInfo.cc:123:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *query_B_names[BVBI_COUNT]; data/pchar-1.5/GetIfInfo.cc:151:1: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cbuff, "ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex."); data/pchar-1.5/GetIfInfo.cc:211:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cbuff, "%lu", ifnumber); data/pchar-1.5/PctestIpv4.cc:81:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dummyAddr.sin_addr, &targetAddress, data/pchar-1.5/PctestIpv4.cc:99:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&originAddress, &localAddr.sin_addr, sizeof(struct in_addr)); data/pchar-1.5/PctestIpv4.cc:140:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&originAddress, host->h_addr_list[0], host->h_length); data/pchar-1.5/PctestIpv4.cc:199:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&targetAddress, host->h_addr_list[0], host->h_length); data/pchar-1.5/PctestIpv4.cc:209:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&targetSocketAddress.sin_addr, host->h_addr_list[0], host->h_length); data/pchar-1.5/PctestIpv4.cc:345:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ipHeader.ip_src), &(originAddress), sizeof(struct in_addr)); data/pchar-1.5/PctestIpv4.cc:346:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ipHeader.ip_dst), &(targetSocketAddress.sin_addr), sizeof(struct in_addr)); data/pchar-1.5/PctestIpv4.cc:377:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket, &ipHeader, sizeof(ipHeader)); data/pchar-1.5/PctestIpv4.cc:378:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket + sizeof(ipHeader), &icmpHeader, ICMP_MINLEN); data/pchar-1.5/PctestIpv4.cc:379:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket + sizeof(ipHeader) + ICMP_MINLEN, data/pchar-1.5/PctestIpv4File.cc:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[buflen]; // line buffer data/pchar-1.5/PctestIpv4File.cc:132:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(ReadFilename, "r"); data/pchar-1.5/PctestIpv4File.cc:198:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[128]; data/pchar-1.5/PctestIpv4File.cc:204:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[128]; data/pchar-1.5/PctestIpv4File.cc:239:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[128]; data/pchar-1.5/PctestIpv4File.cc:298:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, cur->icmpSourceAddress, sizeof(in_addr)); data/pchar-1.5/PctestIpv4Icmp.cc:164:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ipHeader.ip_src), &(originAddress), sizeof(struct in_addr)); data/pchar-1.5/PctestIpv4Icmp.cc:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ipHeader.ip_dst), &(targetSocketAddress.sin_addr), sizeof(struct in_addr)); data/pchar-1.5/PctestIpv4Icmp.cc:195:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket, &ipHeader, sizeof(ipHeader)); data/pchar-1.5/PctestIpv4Icmp.cc:196:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket + sizeof(ipHeader), &icmpHeader, ICMP_MINLEN); data/pchar-1.5/PctestIpv4Icmp.cc:197:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket + sizeof(ipHeader) + ICMP_MINLEN, data/pchar-1.5/PctestIpv4Icmp.cc:310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icmpPacket, packet, packetLength); data/pchar-1.5/PctestIpv4Icmp.cc:382:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr)); data/pchar-1.5/PctestIpv4Icmp.cc:431:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr)); data/pchar-1.5/PctestIpv4Raw.cc:178:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ipHeader.ip_src), &originAddress, sizeof(struct in_addr)); data/pchar-1.5/PctestIpv4Raw.cc:179:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ipHeader.ip_dst), &(targetSocketAddress.sin_addr), sizeof(struct in_addr)); data/pchar-1.5/PctestIpv4Raw.cc:203:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket, &ipHeader, sizeof(ipHeader)); data/pchar-1.5/PctestIpv4Raw.cc:204:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket + sizeof(ipHeader), &udpHeader, sizeof(udpHeader)); data/pchar-1.5/PctestIpv4Raw.cc:205:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket + sizeof(ipHeader) + sizeof(udpHeader), data/pchar-1.5/PctestIpv4Raw.cc:336:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icmpPacket, packet, packetLength); data/pchar-1.5/PctestIpv4Raw.cc:441:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr)); data/pchar-1.5/PctestIpv4Tcp.cc:166:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ipHeader.ip_src), &(originAddress), sizeof(struct in_addr)); data/pchar-1.5/PctestIpv4Tcp.cc:167:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ipHeader.ip_dst), &(targetSocketAddress.sin_addr), sizeof(struct in_addr)); data/pchar-1.5/PctestIpv4Tcp.cc:204:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket, &ipHeader, sizeof(ipHeader)); data/pchar-1.5/PctestIpv4Tcp.cc:205:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket + sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); data/pchar-1.5/PctestIpv4Tcp.cc:206:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipPacket + sizeof(ipHeader) + sizeof(tcpHeader), data/pchar-1.5/PctestIpv4Tcp.cc:294:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icmpPacket, packet, packetLength); data/pchar-1.5/PctestIpv4Tcp.cc:351:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr)); data/pchar-1.5/PctestIpv4Tcp.cc:385:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &(ipHeaderIn->ip_src), sizeof(in_addr)); data/pchar-1.5/PctestIpv4Udp.cc:74:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(originSocketAddress.sin_addr), &originAddress, sizeof(in_addr)); data/pchar-1.5/PctestIpv4Udp.cc:294:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &(ipHeader->ip_src), sizeof(in_addr)); data/pchar-1.5/PctestIpv6.cc:86:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dummyAddr.sin6_addr, &targetAddress, data/pchar-1.5/PctestIpv6.cc:104:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&originAddress, &localAddr.sin6_addr, sizeof(struct in6_addr)); data/pchar-1.5/PctestIpv6.cc:238:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&targetSocketAddress.sin6_addr, data/pchar-1.5/PctestIpv6.cc:340:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char PctestIpv6PrintableAddress[INET6_ADDRSTRLEN]; data/pchar-1.5/PctestIpv6.cc:354:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char PctestIpv6GetName[NI_MAXHOST]; data/pchar-1.5/PctestIpv6.cc:367:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(sa.sin6_addr), a, sizeof(struct in6_addr)); data/pchar-1.5/PctestIpv6.cc:426:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(originSocketAddress.sin6_addr), &originAddress, sizeof(in6_addr)); data/pchar-1.5/PctestIpv6.cc:492:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icmp6Packet, &icmp6Header, sizeof(icmp6Header)); data/pchar-1.5/PctestIpv6.cc:493:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icmp6Packet + sizeof(icmp6Header), icmp6Payload, icmp6PayloadSize); data/pchar-1.5/PctestIpv6File.cc:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[buflen]; // line buffer data/pchar-1.5/PctestIpv6File.cc:149:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(ReadFilename, "r"); data/pchar-1.5/PctestIpv6File.cc:215:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[128]; data/pchar-1.5/PctestIpv6File.cc:221:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[128]; data/pchar-1.5/PctestIpv6File.cc:256:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[128]; data/pchar-1.5/PctestIpv6File.cc:315:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, cur->icmpSourceAddress, sizeof(in6_addr)); data/pchar-1.5/PctestIpv6Icmp.cc:112:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(originSocketAddress.sin6_addr), &originAddress, sizeof(in6_addr)); data/pchar-1.5/PctestIpv6Icmp.cc:194:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icmp6Packet, &icmp6Header, sizeof(icmp6Header)); data/pchar-1.5/PctestIpv6Icmp.cc:195:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icmp6Packet + sizeof(icmp6Header), icmp6Payload, icmp6PayloadSize); data/pchar-1.5/PctestIpv6Icmp.cc:327:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icmp6PacketIn, packet + sizeof(ip6_hdr), packetLength - sizeof(ip6_hdr)); data/pchar-1.5/PctestIpv6Icmp.cc:332:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&icmpSourceSocketAddress.sin6_addr, data/pchar-1.5/PctestIpv6Icmp.cc:471:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &icmpSourceSocketAddress.sin6_addr, sizeof(in6_addr)); data/pchar-1.5/PctestIpv6Tcp.cc:130:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(originSocketAddress.sin6_addr), &originAddress, sizeof(in6_addr)); data/pchar-1.5/PctestIpv6Tcp.cc:226:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tcpPacket, &tcpHeader, sizeof(tcpHeader)); data/pchar-1.5/PctestIpv6Tcp.cc:227:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tcpPacket + sizeof(tcpHeader), tcpPayload, tcpPayloadSize); data/pchar-1.5/PctestIpv6Tcp.cc:317:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icmp6PacketIn, packet + sizeof(ip6_hdr), packetLength - sizeof(ip6_hdr)); data/pchar-1.5/PctestIpv6Tcp.cc:322:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&icmpSourceSocketAddress.sin6_addr, data/pchar-1.5/PctestIpv6Tcp.cc:408:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &icmpSourceSocketAddress.sin6_addr, sizeof(in6_addr)); data/pchar-1.5/PctestIpv6Tcp.cc:433:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &(ipv6HeaderIn->ip6_src), sizeof(in6_addr)); data/pchar-1.5/PctestIpv6Udp.cc:100:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(originSocketAddress.sin6_addr), &originAddress, sizeof(in6_addr)); data/pchar-1.5/PctestIpv6Udp.cc:353:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr.icmpSourceAddress, &icmpSourceSocketAddress.sin6_addr, sizeof(in6_addr)); data/pchar-1.5/TestRecord.cc:29:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[buflen]; data/pchar-1.5/TestRecord.cc:30:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer2[buflen]; data/pchar-1.5/TestRecord.cc:89:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char icmpsrcChars[256]; data/pchar-1.5/main.cc:116:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char PcapErrBuf[PCAP_ERRBUF_SIZE]; data/pchar-1.5/main.cc:234:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[buflen]; // line buffer data/pchar-1.5/main.cc:247:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(ReadFilename, "r"); data/pchar-1.5/main.cc:376:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Burst = atoi(optarg); data/pchar-1.5/main.cc:404:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). DebugLevel = atoi(optarg); data/pchar-1.5/main.cc:439:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Hops = atoi(optarg); data/pchar-1.5/main.cc:464:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Increment = atoi(optarg); data/pchar-1.5/main.cc:480:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Mtu = atoi(optarg); data/pchar-1.5/main.cc:547:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Port = atoi(optarg); data/pchar-1.5/main.cc:573:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Repetitions = atoi(optarg); data/pchar-1.5/main.cc:579:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). StartHop = atoi(optarg); data/pchar-1.5/main.cc:601:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Timeout = atoi(optarg); data/pchar-1.5/main.cc:611:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Tos = atoi(optarg); data/pchar-1.5/main.cc:1010:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). df = fopen(WriteFilename, "w"); data/pchar-1.5/main.cc:1048:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *checkAddress[MaxAddressesPerHop]; data/pchar-1.5/main.cc:1169:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(checkAddress[addressesSeen], data/pchar-1.5/main.cc:1580:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). df = fopen(WriteFilename, "w"); data/pchar-1.5/GetIfInfo.cc:141:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). session.peername = new char[strlen(intoap)+1]; data/pchar-1.5/GetIfInfo.cc:149:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). session.community_len = strlen(community); data/pchar-1.5/GetIfInfo.cc:189:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nsp, (char *)(vars->val.string), vars->val_len); data/pchar-1.5/GetIfInfo.cc:212:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ilen = strlen(cbuff); data/pchar-1.5/GetIfInfo.cc:215:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). query_B_names[ndx] = new char[ilen + strlen(query_B_names_master[ndx]) + 1]; data/pchar-1.5/GetIfInfo.cc:243:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(IfDescription, (char *)(vars->val.string), vars->val_len); data/pchar-1.5/PctestIpv4File.cc:199:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(s, "src %127s", t); data/pchar-1.5/PctestIpv4File.cc:205:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(s, "dest %127s", t); data/pchar-1.5/PctestIpv4File.cc:240:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(s, "targethost %127s", t); data/pchar-1.5/PctestIpv4Icmp.cc:315:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(socketIn, icmpPacket, IP_MAXPACKET); data/pchar-1.5/PctestIpv4Raw.cc:341:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(socketIn, icmpPacket, IP_MAXPACKET); data/pchar-1.5/PctestIpv4Udp.cc:197:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(socketIn, icmpPacket, IP_MAXPACKET); data/pchar-1.5/PctestIpv6File.cc:216:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(s, "src %127s", t); data/pchar-1.5/PctestIpv6File.cc:222:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(s, "dest %127s", t); data/pchar-1.5/PctestIpv6File.cc:257:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(s, "targethost %127s", t); data/pchar-1.5/TestRecord.cc:57:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buffer, buffer2, buflen); data/pchar-1.5/TestRecord.cc:65:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buffer, buffer2, buflen); ANALYSIS SUMMARY: Hits = 133 Lines analyzed = 10001 in approximately 0.23 seconds (44026 lines/second) Physical Source Lines of Code (SLOC) = 6101 Hits@level = [0] 378 [1] 17 [2] 97 [3] 10 [4] 9 [5] 0 Hits@level+ = [0+] 511 [1+] 133 [2+] 116 [3+] 19 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 83.7568 [1+] 21.7997 [2+] 19.0133 [3+] 3.11424 [4+] 1.47517 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.