Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rbootd-3.0/bpf.c
Examining data/rbootd-3.0/conf.c
Examining data/rbootd-3.0/defs.h
Examining data/rbootd-3.0/parseconf.c
Examining data/rbootd-3.0/pathnames.h
Examining data/rbootd-3.0/pcap.c
Examining data/rbootd-3.0/rbootd.c
Examining data/rbootd-3.0/rmp.h
Examining data/rbootd-3.0/rmp_var.h
Examining data/rbootd-3.0/rmpproto.c
Examining data/rbootd-3.0/utils.c
FINAL RESULTS:
data/rbootd-3.0/bpf.c:99:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(bpfdev, _PATH_BPF, n++);
data/rbootd-3.0/bpf.c:295:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(device, mp->ifr_name);
data/rbootd-3.0/pcap.c:113:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netdev, alldevsp->name);
data/rbootd-3.0/pcap.c:218:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (req.ifr_name, IntfName);
data/rbootd-3.0/rbootd.c:184:4: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(LOG_ERR, errmsg, 0);
data/rbootd-3.0/utils.c:144:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(DbgFp, BootFmt, rmp->r_brq.rmp_retcode,
data/rbootd-3.0/utils.c:155:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(DbgFp, BootFmt, rmp->r_brpl.rmp_retcode,
data/rbootd-3.0/utils.c:163:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(DbgFp, ReadFmt, rmp->r_rrq.rmp_retcode,
data/rbootd-3.0/utils.c:171:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(DbgFp, ReadFmt, rmp->r_rrpl.rmp_retcode,
data/rbootd-3.0/utils.c:350:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(stmp, str);
data/rbootd-3.0/rbootd.c:114:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "adi:")) != EOF)
data/rbootd-3.0/bpf.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bpfdev[32];
data/rbootd-3.0/bpf.c:100:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BpfFd = open(bpfdev, O_RDWR);
data/rbootd-3.0/bpf.c:150:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&RmpMcastAddr[0], (char *)&ifr.ifr_addr.sa_data[0], RMP_ADDRLEN);
data/rbootd-3.0/bpf.c:231:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char device[sizeof(ifrp->ifr_name)];
data/rbootd-3.0/bpf.c:232:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[128] = "No Error!";
data/rbootd-3.0/bpf.c:238:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(errbuf, "bpf: socket: %m");
data/rbootd-3.0/bpf.c:247:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(errbuf, "bpf: ioctl(OSIOCGIFCONF): %m");
data/rbootd-3.0/bpf.c:253:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(errbuf, "bpf: ioctl(SIOCGIFCONF): %m");
data/rbootd-3.0/bpf.c:264:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(errbuf, "bpf: ioctl(SIOCGIFFLAGS): %m");
data/rbootd-3.0/bpf.c:282:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(cp);
data/rbootd-3.0/bpf.c:291:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(errbuf, "bpf: no interfaces found");
data/rbootd-3.0/bpf.c:354:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char *)&bhp->bh_tstamp, (char *)&rconn->tstamp,
data/rbootd-3.0/bpf.c:356:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char *)bp + hdrlen, (char *)&rconn->rmp, caplen);
data/rbootd-3.0/bpf.c:419:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&RmpMcastAddr[0], (char *)&ifr.ifr_addr.sa_data[0], RMP_ADDRLEN);
data/rbootd-3.0/conf.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MyHost[MAXHOSTNAMELEN+1]; /* host name */
data/rbootd-3.0/conf.c:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *BootFiles[C_MAXFILE]; /* list of boot files */
data/rbootd-3.0/defs.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *files[C_MAXFILE]; /* boot-able files */
data/rbootd-3.0/parseconf.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[C_LINELEN];
data/rbootd-3.0/parseconf.c:100:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(ConfigFile, "r")) == NULL) {
data/rbootd-3.0/pcap.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[PCAP_ERRBUF_SIZE]; /* buffer we use to get error msgs */
data/rbootd-3.0/pcap.c:103:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char netdev[31];
data/rbootd-3.0/pcap.c:148:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char *)&h->ts, (char *)&rconn.tstamp, sizeof(struct timeval));
data/rbootd-3.0/pcap.c:149:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(sp, (char *)&rconn.rmp, datlen); /* and copy packet over */
data/rbootd-3.0/pcap.c:231:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sa.sll_addr, &(rconn->rmp.hp_hdr.daddr), RMP_ADDRLEN);
data/rbootd-3.0/rbootd.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[PCAP_ERRBUF_SIZE];
data/rbootd-3.0/rbootd.c:212:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PidFile, "w")) != NULL) {
data/rbootd-3.0/rbootd.c:569:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((DbgFp = fopen(DbgFile, "w")) == NULL)
data/rbootd-3.0/rmp_var.h:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rmp_machtype[RMP_MACHLEN]; /* machine type */
data/rbootd-3.0/rmpproto.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, filepath[RMPBOOTDATA+1];
data/rbootd-3.0/rmpproto.c:386:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rconn->bootfd = open(filename, O_RDONLY, 0600)) < 0) {
data/rbootd-3.0/rmpproto.c:595:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char *)&rconn->rmp.hp_hdr.saddr[0],
data/rbootd-3.0/utils.c:218:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char etherstr[RMP_ADDRLEN*3];
data/rbootd-3.0/utils.c:294:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(addr, &ctmp->addr[0], RMP_ADDRLEN);
data/rbootd-3.0/utils.c:395:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char *)rconn, (char *)rtmp, sizeof(RMPCONN));
data/rbootd-3.0/bpf.c:112:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(ifr.ifr_name, IntfName, sizeof(ifr.ifr_name));
data/rbootd-3.0/bpf.c:326:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cc = read(BpfFd, (char *)BpfPkt, (int)BpfLen)) < 0) {
data/rbootd-3.0/rmpproto.c:360:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename)==0) {
data/rbootd-3.0/rmpproto.c:365:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, filelist[0],RMPBOOTDATA);
data/rbootd-3.0/rmpproto.c:491:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((size = read(oldconn->bootfd, &rpl->r_rrpl.rmp_data,
data/rbootd-3.0/utils.c:345:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((stmp = (char *)malloc((unsigned) (strlen(str)+1))) == NULL) {
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 3507 in approximately 0.17 seconds (20445 lines/second)
Physical Source Lines of Code (SLOC) = 1656
Hits@level = [0] 77 [1] 6 [2] 34 [3] 1 [4] 10 [5] 0
Hits@level+ = [0+] 128 [1+] 51 [2+] 45 [3+] 11 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 77.2947 [1+] 30.7971 [2+] 27.1739 [3+] 6.64251 [4+] 6.03865 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.