Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-ethtool-0.14/python-ethtool/etherinfo.c
Examining data/python-ethtool-0.14/python-ethtool/etherinfo_obj.c
Examining data/python-ethtool-0.14/python-ethtool/etherinfo_obj.h
Examining data/python-ethtool-0.14/python-ethtool/etherinfo_struct.h
Examining data/python-ethtool-0.14/python-ethtool/ethtool-copy.h
Examining data/python-ethtool-0.14/python-ethtool/ethtool.c
Examining data/python-ethtool-0.14/python-ethtool/include/py3c/compat.h
Examining data/python-ethtool-0.14/python-ethtool/netlink-address.c
Examining data/python-ethtool-0.14/python-ethtool/etherinfo.h
Examining data/python-ethtool-0.14/python-ethtool/netlink.c
FINAL RESULTS:
data/python-ethtool-0.14/python-ethtool/etherinfo.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hwaddr[130];
data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[32]; /* driver short name, "tulip", "eepro100" */
data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[32]; /* driver version string */
data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw_version[32]; /* firmware version string, if applicable */
data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bus_info[ETHTOOL_BUSINFO_LEN]; /* Bus info for this IF. */
data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved1[32];
data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved2[16];
data/python-ethtool-0.14/python-ethtool/ethtool.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/python-ethtool-0.14/python-ethtool/ethtool.c:88:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(_PATH_PROCNET_DEV, "r");
data/python-ethtool-0.14/python-ethtool/ethtool.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hwaddr[20];
data/python-ethtool-0.14/python-ethtool/ethtool.c:154:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hwaddr, "%02x:%02x:%02x:%02x:%02x:%02x",
data/python-ethtool-0.14/python-ethtool/ethtool.c:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[20];
data/python-ethtool-0.14/python-ethtool/ethtool.c:196:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ipaddr, "%u.%u.%u.%u",
data/python-ethtool-0.14/python-ethtool/ethtool.c:333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netmask[20];
data/python-ethtool-0.14/python-ethtool/ethtool.c:359:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(netmask, "%u.%u.%u.%u",
data/python-ethtool-0.14/python-ethtool/ethtool.c:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char broadcast[20];
data/python-ethtool-0.14/python-ethtool/ethtool.c:399:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(broadcast, "%u.%u.%u.%u",
data/python-ethtool-0.14/python-ethtool/ethtool.c:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/python-ethtool-0.14/python-ethtool/ethtool.c:426:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf, &ecmd, sizeof(ecmd));
data/python-ethtool-0.14/python-ethtool/ethtool.c:441:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[101], dev[101];
data/python-ethtool-0.14/python-ethtool/ethtool.c:445:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen("/var/lib/pcmcia/stab", "r");
data/python-ethtool-0.14/python-ethtool/ethtool.c:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/python-ethtool-0.14/python-ethtool/ethtool.c:497:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf, &ecmd, sizeof(ecmd));
data/python-ethtool-0.14/python-ethtool/ethtool.c:766:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/python-ethtool-0.14/python-ethtool/netlink-address.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN+1];
data/python-ethtool-0.14/python-ethtool/netlink-address.c:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/python-ethtool-0.14/python-ethtool/ethtool.c:135:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ);
data/python-ethtool-0.14/python-ethtool/ethtool.c:177:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ);
data/python-ethtool-0.14/python-ethtool/ethtool.c:308:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ);
data/python-ethtool-0.14/python-ethtool/ethtool.c:340:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ);
data/python-ethtool-0.14/python-ethtool/ethtool.c:380:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ);
data/python-ethtool-0.14/python-ethtool/ethtool.c:422:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ);
data/python-ethtool-0.14/python-ethtool/ethtool.c:455:21: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, "%*d\t%*s\t%100s\t%*d\t%100s\n",
data/python-ethtool-0.14/python-ethtool/ethtool.c:493:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ);
data/python-ethtool-0.14/python-ethtool/ethtool.c:526:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ);
data/python-ethtool-0.14/python-ethtool/ethtool.c:666:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iwr.ifr_name, devname, IFNAMSIZ-1);
ANALYSIS SUMMARY:
Hits = 36
Lines analyzed = 2686 in approximately 0.09 seconds (30753 lines/second)
Physical Source Lines of Code (SLOC) = 1770
Hits@level = [0] 3 [1] 10 [2] 26 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 39 [1+] 36 [2+] 26 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 22.0339 [1+] 20.339 [2+] 14.6893 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.