Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rp-pppoe-3.12/gui/wrapper.c
Examining data/rp-pppoe-3.12/src/relay.c
Examining data/rp-pppoe-3.12/src/common.c
Examining data/rp-pppoe-3.12/src/pppoe.h
Examining data/rp-pppoe-3.12/src/debug.c
Examining data/rp-pppoe-3.12/src/md5.c
Examining data/rp-pppoe-3.12/src/md5.h
Examining data/rp-pppoe-3.12/src/pppoe-sniff.c
Examining data/rp-pppoe-3.12/src/pppoe-server.c
Examining data/rp-pppoe-3.12/src/ppp.c
Examining data/rp-pppoe-3.12/src/relay.h
Examining data/rp-pppoe-3.12/src/plugin.c
Examining data/rp-pppoe-3.12/src/libevent/event.c
Examining data/rp-pppoe-3.12/src/libevent/event.h
Examining data/rp-pppoe-3.12/src/libevent/event_tcp.h
Examining data/rp-pppoe-3.12/src/libevent/hash.h
Examining data/rp-pppoe-3.12/src/libevent/event_sig.c
Examining data/rp-pppoe-3.12/src/libevent/event_tcp.c
Examining data/rp-pppoe-3.12/src/libevent/hash.c
Examining data/rp-pppoe-3.12/src/libevent/eventpriv.h
Examining data/rp-pppoe-3.12/src/pppoe-server.h
Examining data/rp-pppoe-3.12/src/if.c
Examining data/rp-pppoe-3.12/src/pppoe.c
Examining data/rp-pppoe-3.12/src/discovery.c
FINAL RESULTS:
data/rp-pppoe-3.12/gui/wrapper.c:182:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "/etc/ppp/rp-pppoe-gui/conf.%s", argv[2]);
data/rp-pppoe-3.12/gui/wrapper.c:225:2: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(pppoe_start, "pppoe-start", fname, NULL);
data/rp-pppoe-3.12/gui/wrapper.c:228:2: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(pppoe_stop, "pppoe-stop", fname, NULL);
data/rp-pppoe-3.12/gui/wrapper.c:231:2: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(pppoe_status, "pppoe-status", fname, NULL);
data/rp-pppoe-3.12/src/common.c:271:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy, str);
data/rp-pppoe-3.12/src/common.c:536:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) err.payload, msg);
data/rp-pppoe-3.12/src/common.c:589:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), fmt, ap);
data/rp-pppoe-3.12/src/common.c:627:5: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(LOG_ERR, fmt, pkt, str, (int) len, data);
data/rp-pppoe-3.12/src/common.c:628:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, fmt, pkt, str, (int) len, data);
data/rp-pppoe-3.12/src/if.c:524:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sa.sa_data, ifname);
data/rp-pppoe-3.12/src/if.c:605:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sa.sa_data, conn->ifName);
data/rp-pppoe-3.12/src/if.c:1032:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(errmsg, "%s: alarm", caller);
data/rp-pppoe-3.12/src/if.c:1041:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(errmsg, "%s: getmsg", caller);
data/rp-pppoe-3.12/src/if.c:1049:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(errmsg, "%s: alarm", caller);
data/rp-pppoe-3.12/src/if.c:1058:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s: MORECTL|MOREDATA", caller);
data/rp-pppoe-3.12/src/if.c:1064:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s: MORECTL", caller);
data/rp-pppoe-3.12/src/if.c:1070:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s: MOREDATA", caller);
data/rp-pppoe-3.12/src/if.c:1093:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "expected %s got %s", dlprim(prim), dlprim(dlp->dl_primitive));
data/rp-pppoe-3.12/src/libevent/event.c:590:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(Event_DebugFP, fmt, ap);
data/rp-pppoe-3.12/src/plugin.c:335:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, 256, _PATH_ETHOPT "%s",devnam);
data/rp-pppoe-3.12/src/pppoe-server.c:1450:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(interfaces[0].name, DEFAULT_IF);
data/rp-pppoe-3.12/src/pppoe-server.c:1964:5: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(pppd_path, argv);
data/rp-pppoe-3.12/src/pppoe-server.c:2054:5: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(pppd_path, argv);
data/rp-pppoe-3.12/src/pppoe-server.c:2337:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) hurl.payload, url);
data/rp-pppoe-3.12/src/relay.c:1501:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) errTag.payload, errMsg);
data/rp-pppoe-3.12/src/pppoe-server.c:1225:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, options)) != -1) {
data/rp-pppoe-3.12/src/pppoe-server.c:1516:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(x);
data/rp-pppoe-3.12/src/pppoe-server.c:1520:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int) getpid() * (unsigned int) time(NULL));
data/rp-pppoe-3.12/src/pppoe-sniff.c:172:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "I:V")) != -1) {
data/rp-pppoe-3.12/src/pppoe.c:484:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, options)) != -1) {
data/rp-pppoe-3.12/src/relay.c:249:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "hC:S:B:n:i:F")) != -1) {
data/rp-pppoe-3.12/gui/wrapper.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[LINELEN];
data/rp-pppoe-3.12/gui/wrapper.c:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, fname, slash-fname);
data/rp-pppoe-3.12/gui/wrapper.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[64+CONN_NAME_LEN];
data/rp-pppoe-3.12/gui/wrapper.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINELEN+1];
data/rp-pppoe-3.12/gui/wrapper.c:188:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "r");
data/rp-pppoe-3.12/src/common.c:156:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag, curTag, tagLen + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/common.c:291:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pseudoHeader[12];
data/rp-pppoe-3.12/src/common.c:296:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pseudoHeader, ipHdr+12, 8);
data/rp-pppoe-3.12/src/common.c:504:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_dest, conn->peerEth, ETH_ALEN);
data/rp-pppoe-3.12/src/common.c:505:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN);
data/rp-pppoe-3.12/src/common.c:523:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostUniq.payload, conn->hostUniq, len);
data/rp-pppoe-3.12/src/common.c:525:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &hostUniq, len + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/common.c:537:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &err, elen + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/common.c:546:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &conn->cookie, ntohs(conn->cookie.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/common.c:554:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &conn->relayId, ntohs(conn->relayId.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/common.c:585:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/rp-pppoe-3.12/src/debug.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[256];
data/rp-pppoe-3.12/src/discovery.c:172:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->cookie.payload, data, len);
data/rp-pppoe-3.12/src/discovery.c:186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->relayId.payload, data, len);
data/rp-pppoe-3.12/src/discovery.c:270:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->relayId.payload, data, len);
data/rp-pppoe-3.12/src/discovery.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN);
data/rp-pppoe-3.12/src/discovery.c:332:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(svc->payload, conn->serviceName, strlen(conn->serviceName));
data/rp-pppoe-3.12/src/discovery.c:345:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostUniq.payload, conn->hostUniq, len);
data/rp-pppoe-3.12/src/discovery.c:347:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &hostUniq, len + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/discovery.c:359:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maxPayload.payload, &mru, sizeof(mru));
data/rp-pppoe-3.12/src/discovery.c:361:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &maxPayload, sizeof(mru) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/discovery.c:507:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->peerEth, packet.ethHdr.h_source, ETH_ALEN);
data/rp-pppoe-3.12/src/discovery.c:551:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_dest, conn->peerEth, ETH_ALEN);
data/rp-pppoe-3.12/src/discovery.c:552:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN);
data/rp-pppoe-3.12/src/discovery.c:563:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(svc->payload, conn->serviceName, namelen);
data/rp-pppoe-3.12/src/discovery.c:573:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostUniq.payload, conn->hostUniq, len);
data/rp-pppoe-3.12/src/discovery.c:575:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &hostUniq, len + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/discovery.c:584:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &conn->cookie, ntohs(conn->cookie.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/discovery.c:592:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &conn->relayId, ntohs(conn->relayId.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/discovery.c:604:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maxPayload.payload, &mru, sizeof(mru));
data/rp-pppoe-3.12/src/discovery.c:606:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &maxPayload, sizeof(mru) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/if.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[8192];
data/rp-pppoe-3.12/src/if.c:177:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:178:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "interface %.16s has more than one ethernet address", ifname);
data/rp-pppoe-3.12/src/if.c:182:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hwaddr, LLADDR(sdl), ETH_ALEN);
data/rp-pppoe-3.12/src/if.c:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:189:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "interface %.16s has no ethernet address", ifname);
data/rp-pppoe-3.12/src/if.c:245:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bpfInsn, bpfRun, sizeof(bpfRun));
data/rp-pppoe-3.12/src/if.c:280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bpfName[32];
data/rp-pppoe-3.12/src/if.c:294:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bpfName, "/dev/bpf%d", i);
data/rp-pppoe-3.12/src/if.c:295:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open(bpfName, O_RDWR, 0)) >= 0) ||
data/rp-pppoe-3.12/src/if.c:304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:305:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Cannot open %.32s -- pppoe must be run as root.", bpfName);
data/rp-pppoe-3.12/src/if.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:332:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Interface %.16s is not up", ifname);
data/rp-pppoe-3.12/src/if.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:351:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Interface %.16s has MTU of %d -- should be %d. You may have serious connection problems.",
data/rp-pppoe-3.12/src/if.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:369:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Unsupported BPF version: %d.%d (kernel: %d.%d)",
data/rp-pppoe-3.12/src/if.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:393:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "ioctl(BIOCSETIF) can't select interface %.16s",
data/rp-pppoe-3.12/src/if.c:467:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hwaddr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
data/rp-pppoe-3.12/src/if.c:485:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:486:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Interface %.16s is not Ethernet", ifname);
data/rp-pppoe-3.12/src/if.c:491:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:492:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,
data/rp-pppoe-3.12/src/if.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:506:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Interface %.16s has MTU of %d -- should be %d. You may have serious connection problems.",
data/rp-pppoe-3.12/src/if.c:577:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)phys, (char *)pkt->ethHdr.h_dest, ETHERADDRL);
data/rp-pppoe-3.12/src/if.c:578:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)sap, (char *)&tmp_sap, sizeof(ushort_t));
data/rp-pppoe-3.12/src/if.c:579:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)xmitbuf, (char *)pkt + sizeof(struct ethhdr), data_size);
data/rp-pppoe-3.12/src/if.c:582:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy((char*)addr, (char*)&sap, dl_abssaplen);
data/rp-pppoe-3.12/src/if.c:583:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy((char*)addr+dl_abssaplen, (char*)phys, ETHERADDRL);
data/rp-pppoe-3.12/src/if.c:585:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy((char*)addr, (char*)phys, ETHERADDRL);
data/rp-pppoe-3.12/src/if.c:586:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy((char*)addr+ETHERADDRL, (char*)&sap, dl_abssaplen);
data/rp-pppoe-3.12/src/if.c:684:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt, bpfBuffer + bpfOffset + hdr.bh_hdrlen, copylen);
data/rp-pppoe-3.12/src/if.c:738:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_dev[PATH_MAX];
data/rp-pppoe-3.12/src/if.c:749:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppa = atoi(&ifname[strlen(ifname)-1]);
data/rp-pppoe-3.12/src/if.c:756:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fd = open(base_dev, O_RDWR)) < 0) {
data/rp-pppoe-3.12/src/if.c:763:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[512];
data/rp-pppoe-3.12/src/if.c:765:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(ifname, O_RDWR)) < 0) {
data/rp-pppoe-3.12/src/if.c:793:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hwaddr, (u_char*)((char*)(dlp) + (int)(dlp->info_ack.dl_addr_offset)), ETHERADDRL);
data/rp-pppoe-3.12/src/if.c:859:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(OFFADDR(dlp, sizeof (dl_unitdata_req_t)), addrp, addrlen);
data/rp-pppoe-3.12/src/if.c:890:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:891:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "dlinfoack: response ctl.len too short: %d", ctl.len);
data/rp-pppoe-3.12/src/if.c:899:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:900:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "dlinfoack: short response ctl.len: %d", ctl.len);
data/rp-pppoe-3.12/src/if.c:964:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:965:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "dlokack: response ctl.len too short: %d", ctl.len);
data/rp-pppoe-3.12/src/if.c:973:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:974:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "dlokack: short response ctl.len: %d", ctl.len);
data/rp-pppoe-3.12/src/if.c:999:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:1000:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "dlbindack: short response ctl.len: %d", ctl.len);
data/rp-pppoe-3.12/src/if.c:1025:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmsg[80];
data/rp-pppoe-3.12/src/if.c:1057:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:1063:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:1069:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:1078:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:1079:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "getmsg: control portion length < sizeof (long): %d", ctlp->len);
data/rp-pppoe-3.12/src/if.c:1092:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/rp-pppoe-3.12/src/if.c:1102:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char primbuf[80];
data/rp-pppoe-3.12/src/if.c:1133:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(primbuf, "unknown primitive 0x%lx", prim);
data/rp-pppoe-3.12/src/libevent/event.c:610:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Event_DebugFP = fopen(fname, "w");
data/rp-pppoe-3.12/src/libevent/event_sig.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/rp-pppoe-3.12/src/libevent/event_tcp.c:460:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->buf, buf, len);
data/rp-pppoe-3.12/src/md5.c:78:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, len);
data/rp-pppoe-3.12/src/md5.c:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, t);
data/rp-pppoe-3.12/src/md5.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/rp-pppoe-3.12/src/md5.c:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/rp-pppoe-3.12/src/md5.c:106:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
data/rp-pppoe-3.12/src/md5.c:143:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, ctx->buf, 16);
data/rp-pppoe-3.12/src/md5.h:20:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[64];
data/rp-pppoe-3.12/src/md5.h:26:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void MD5Final(unsigned char digest[16], struct MD5Context *context);
data/rp-pppoe-3.12/src/plugin.c:227:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sp.sa_addr.pppoe.dev, conn->ifName, strlen(conn->ifName));
data/rp-pppoe-3.12/src/plugin.c:228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN);
data/rp-pppoe-3.12/src/plugin.c:231:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(remote_number, "%02X:%02X:%02X:%02X:%02X:%02X",
data/rp-pppoe-3.12/src/plugin.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sp.sa_addr.pppoe.dev, conn->ifName, strlen(conn->ifName));
data/rp-pppoe-3.12/src/plugin.c:317:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN);
data/rp-pppoe-3.12/src/plugin.c:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/rp-pppoe-3.12/src/plugin.c:487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rp-pppoe-3.12/src/plugin.c:489:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.256s: %.256s", str, strerror(i));
data/rp-pppoe-3.12/src/plugin.c:491:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "RP-PPPoE: %.256s: %.256s", str, strerror(i));
data/rp-pppoe-3.12/src/ppp.c:101:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dummy[2];
data/rp-pppoe-3.12/src/ppp.c:111:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ETH_JUMBO_LEN - PPPOE_OVERHEAD + 2];
data/rp-pppoe-3.12/src/ppp.c:114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->payload, buf+2, r-2);
data/rp-pppoe-3.12/src/ppp.c:167:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[READ_CHUNK];
data/rp-pppoe-3.12/src/pppoe-server.c:100:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const *ServiceNames[MAX_SERVICE_NAMES];
data/rp-pppoe-3.12/src/pppoe-server.c:162:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char CookieSeed[SEED_LEN];
data/rp-pppoe-3.12/src/pppoe-server.c:173:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PppoeOptions[SMALLBUF] = "";
data/rp-pppoe-3.12/src/pppoe-server.c:176:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char LocalIP[IPV4ALEN] = {10, 0, 0, 1}; /* Counter optionally STARTS here */
data/rp-pppoe-3.12/src/pppoe-server.c:177:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char RemoteIP[IPV4ALEN] = {10, 67, 15, 1}; /* Counter STARTS here */
data/rp-pppoe-3.12/src/pppoe-server.c:254:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn.myEth, session->ethif->mac, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:257:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn.peerEth, session->eth, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:285:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
incrementIPAddress(unsigned char ip[IPV4ALEN])
data/rp-pppoe-3.12/src/pppoe-server.c:334:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fname, "r");
data/rp-pppoe-3.12/src/pppoe-server.c:338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/rp-pppoe-3.12/src/pppoe-server.c:365:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Sessions[numAddrs].realpeerip,
data/rp-pppoe-3.12/src/pppoe-server.c:387:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Sessions[numAddrs].realpeerip,
data/rp-pppoe-3.12/src/pppoe-server.c:405:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Sessions[numAddrs].realpeerip,
data/rp-pppoe-3.12/src/pppoe-server.c:449:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(requestedService.payload, data, len);
data/rp-pppoe-3.12/src/pppoe-server.c:454:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(relayId.payload, data, len);
data/rp-pppoe-3.12/src/pppoe-server.c:459:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostUniq.payload, data, len);
data/rp-pppoe-3.12/src/pppoe-server.c:493:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(relayId.payload, data, len);
data/rp-pppoe-3.12/src/pppoe-server.c:498:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostUniq.payload, data, len);
data/rp-pppoe-3.12/src/pppoe-server.c:503:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(receivedCookie.payload, data, len);
data/rp-pppoe-3.12/src/pppoe-server.c:508:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(requestedService.payload, data, len);
data/rp-pppoe-3.12/src/pppoe-server.c:525:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SMALLBUF];
data/rp-pppoe-3.12/src/pppoe-server.c:544:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rp-pppoe-3.12/src/pppoe-server.c:545:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.256s: %.256s", str, strerror(errno));
data/rp-pppoe-3.12/src/pppoe-server.c:594:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie+MD5_LEN, &pid, sizeof(pid));
data/rp-pppoe-3.12/src/pppoe-server.c:655:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acname.payload, ACName, acname_len);
data/rp-pppoe-3.12/src/pppoe-server.c:694:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pado.ethHdr.h_dest, packet->ethHdr.h_source, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:695:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pado.ethHdr.h_source, myAddr, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:704:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &acname, acname_len + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:721:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maxPayload.payload, &mru, sizeof(mru));
data/rp-pppoe-3.12/src/pppoe-server.c:723:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &maxPayload, sizeof(mru) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:734:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &servname, TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:742:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &servname, TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:743:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor+TAG_HDR_SIZE, ServiceNames[i], slen);
data/rp-pppoe-3.12/src/pppoe-server.c:750:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &cookie, TAG_HDR_SIZE + COOKIE_LEN);
data/rp-pppoe-3.12/src/pppoe-server.c:756:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &relayId, ntohs(relayId.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:762:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &hostUniq, ntohs(hostUniq.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:841:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cookieBuffer[COOKIE_LEN];
data/rp-pppoe-3.12/src/pppoe-server.c:982:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cliSession->eth, packet->ethHdr.h_source, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:1027:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pads.ethHdr.h_dest, packet->ethHdr.h_source, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:1028:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pads.ethHdr.h_source, myAddr, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:1042:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&requestedService.payload, ServiceNames[0], slen);
data/rp-pppoe-3.12/src/pppoe-server.c:1045:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &requestedService, TAG_HDR_SIZE+slen);
data/rp-pppoe-3.12/src/pppoe-server.c:1063:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maxPayload.payload, &mru, sizeof(mru));
data/rp-pppoe-3.12/src/pppoe-server.c:1065:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &maxPayload, sizeof(mru) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:1073:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &relayId, ntohs(relayId.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:1078:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &hostUniq, ntohs(hostUniq.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:1484:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Sessions[i].myip, LocalIP, sizeof(LocalIP));
data/rp-pppoe-3.12/src/pppoe-server.c:1502:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Sessions[i].peerip, RemoteIP, sizeof(RemoteIP));
data/rp-pppoe-3.12/src/pppoe-server.c:1504:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Sessions[i].realpeerip, RemoteIP, sizeof(RemoteIP));
data/rp-pppoe-3.12/src/pppoe-server.c:1512:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/dev/urandom", "r");
data/rp-pppoe-3.12/src/pppoe-server.c:1702:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open("/dev/null", O_RDWR);
data/rp-pppoe-3.12/src/pppoe-server.c:1715:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/rp-pppoe-3.12/src/pppoe-server.c:1720:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LockFD = open(pidfile, O_RDWR|O_CREAT, 0666);
data/rp-pppoe-3.12/src/pppoe-server.c:1847:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pads.ethHdr.h_dest, dest, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:1848:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pads.ethHdr.h_source, source, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:1860:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(err.payload, errorMsg, elen);
data/rp-pppoe-3.12/src/pppoe-server.c:1861:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &err, TAG_HDR_SIZE+elen);
data/rp-pppoe-3.12/src/pppoe-server.c:1866:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &relayId, ntohs(relayId.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:1871:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &hostUniq, ntohs(hostUniq.length) + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.c:1893:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[64];
data/rp-pppoe-3.12/src/pppoe-server.c:1895:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SMALLBUF];
data/rp-pppoe-3.12/src/pppoe-server.c:1946:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%u", (unsigned int) (ntohs(session->sess) - 1));
data/rp-pppoe-3.12/src/pppoe-server.c:1950:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%u", (unsigned int) session->requested_mtu);
data/rp-pppoe-3.12/src/pppoe-server.c:1981:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[32];
data/rp-pppoe-3.12/src/pppoe-server.c:1985:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SMALLBUF];
data/rp-pppoe-3.12/src/pppoe-server.c:2038:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%u", (unsigned int) (ntohs(session->sess) - 1 - SessOffset));
data/rp-pppoe-3.12/src/pppoe-server.c:2042:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%u", (unsigned int) session->requested_mtu);
data/rp-pppoe-3.12/src/pppoe-server.c:2115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn.myEth, ses->ethif->mac, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:2118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn.peerEth, ses->eth, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:2155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/rp-pppoe-3.12/src/pppoe-server.c:2157:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/proc/meminfo", "r");
data/rp-pppoe-3.12/src/pppoe-server.c:2320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_dest, conn->peerEth, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:2321:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe-server.c:2338:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor, &hurl, elen + TAG_HDR_SIZE);
data/rp-pppoe-3.12/src/pppoe-server.h:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ+1]; /* Interface name */
data/rp-pppoe-3.12/src/pppoe-server.h:30:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[ETH_ALEN]; /* MAC address */
data/rp-pppoe-3.12/src/pppoe-server.h:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char myip[IPV4ALEN]; /* Local IP address */
data/rp-pppoe-3.12/src/pppoe-server.h:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char peerip[IPV4ALEN]; /* Desired IP address of peer */
data/rp-pppoe-3.12/src/pppoe-server.h:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char eth[ETH_ALEN]; /* Peer's Ethernet address */
data/rp-pppoe-3.12/src/pppoe-server.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[MAX_USERNAME_LEN+1]; /* Authenticated user-name */
data/rp-pppoe-3.12/src/pppoe-server.h:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[MAX_USERNAME_LEN+1]; /* Realm */
data/rp-pppoe-3.12/src/pppoe-server.h:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char realpeerip[IPV4ALEN]; /* Actual IP address -- may be assigned
data/rp-pppoe-3.12/src/pppoe-server.h:124:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char LocalIP[IPV4ALEN];
data/rp-pppoe-3.12/src/pppoe-server.h:125:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char RemoteIP[IPV4ALEN];
data/rp-pppoe-3.12/src/pppoe-sniff.c:69:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ServiceName, data, len);
data/rp-pppoe-3.12/src/pppoe-sniff.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rp-pppoe-3.12/src/pppoe-sniff.c:89:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.256s: %.256s", str, strerror(errno));
data/rp-pppoe-3.12/src/pppoe-sniff.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rp-pppoe-3.12/src/pppoe-sniff.c:264:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.256s: %.256s", str, strerror(errno));
data/rp-pppoe-3.12/src/pppoe.c:286:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_dest, conn->peerEth, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe.c:287:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN);
data/rp-pppoe-3.12/src/pppoe.c:565:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfile = fopen(optarg, "w");
data/rp-pppoe-3.12/src/pppoe.c:592:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conn.hostUniq, "%lx", (unsigned long) getpid());
data/rp-pppoe-3.12/src/pppoe.c:604:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
conn.debugFile = fopen(optarg, "w");
data/rp-pppoe-3.12/src/pppoe.c:757:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rp-pppoe-3.12/src/pppoe.c:758:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.256s: Session %d: %.256s",
data/rp-pppoe-3.12/src/pppoe.c:778:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rp-pppoe-3.12/src/pppoe.c:779:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.256s: %.256s", str, strerror(errno));
data/rp-pppoe-3.12/src/pppoe.c:820:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pppBuf[4096];
data/rp-pppoe-3.12/src/pppoe.c:824:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[2] = {FRAME_ADDR, FRAME_CTRL};
data/rp-pppoe-3.12/src/pppoe.c:825:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tail[2];
data/rp-pppoe-3.12/src/pppoe.c:954:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dummy[2];
data/rp-pppoe-3.12/src/pppoe.h:239:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[ETH_JUMBO_LEN]; /* A bit of room to spare */
data/rp-pppoe-3.12/src/pppoe.h:258:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[ETH_JUMBO_LEN]; /* A LOT of room to spare */
data/rp-pppoe-3.12/src/pppoe.h:281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char myEth[ETH_ALEN]; /* My MAC address */
data/rp-pppoe-3.12/src/pppoe.h:282:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char peerEth[ETH_ALEN]; /* Peer's MAC address */
data/rp-pppoe-3.12/src/pppoe.h:284:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req_peer_mac[ETH_ALEN]; /* required peer MAC address */
data/rp-pppoe-3.12/src/relay.c:152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loc, bytes, len);
data/rp-pppoe-3.12/src/relay.c:518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acHash->peerMac, acMac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:522:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cliHash->peerMac, cliMac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:702:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rp-pppoe-3.12/src/relay.c:703:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.256s: %.256s", str, strerror(errno));
data/rp-pppoe-3.12/src/relay.c:720:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/rp-pppoe-3.12/src/relay.c:721:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.256s: %.256s", str, strerror(errno));
data/rp-pppoe-3.12/src/relay.c:926:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_source, sh->interface->mac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:927:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_dest, sh->peerMac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:971:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->ethHdr.h_source, sh->interface->mac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:972:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->ethHdr.h_dest, sh->peerMac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1049:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag.payload, &ifIndex, sizeof(ifIndex));
data/rp-pppoe-3.12/src/relay.c:1050:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag.payload+sizeof(ifIndex), packet->ethHdr.h_source, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1067:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->ethHdr.h_source, Interfaces[i].mac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1176:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loc+TAG_HDR_SIZE, &acIndex, sizeof(acIndex));
data/rp-pppoe-3.12/src/relay.c:1177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loc+TAG_HDR_SIZE+sizeof(ifIndex), packet->ethHdr.h_source, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1180:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->ethHdr.h_dest, tag.payload + sizeof(ifIndex), ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->ethHdr.h_source, Interfaces[ifIndex].mac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1292:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loc+TAG_HDR_SIZE, &cliIndex, sizeof(cliIndex));
data/rp-pppoe-3.12/src/relay.c:1293:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loc+TAG_HDR_SIZE+sizeof(ifIndex), packet->ethHdr.h_source, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1296:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->ethHdr.h_dest, tag.payload + sizeof(ifIndex), ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1299:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->ethHdr.h_source, Interfaces[ifIndex].mac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1452:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->ethHdr.h_dest, tag.payload + sizeof(ifIndex), ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1455:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->ethHdr.h_source, Interfaces[ifIndex].mac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1488:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_source, iface->mac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.c:1489:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet.ethHdr.h_dest, mac, ETH_ALEN);
data/rp-pppoe-3.12/src/relay.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ+1]; /* Interface name */
data/rp-pppoe-3.12/src/relay.h:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[ETH_ALEN]; /* MAC address */
data/rp-pppoe-3.12/src/relay.h:47:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char peerMac[ETH_ALEN]; /* Peer's MAC address */
data/rp-pppoe-3.12/gui/wrapper.c:51:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) > LINELEN) {
data/rp-pppoe-3.12/gui/wrapper.c:82:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slash = fname + strlen(fname);
data/rp-pppoe-3.12/gui/wrapper.c:166:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[2]) > CONN_NAME_LEN) {
data/rp-pppoe-3.12/src/common.c:267:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *copy = malloc(strlen(str)+1);
data/rp-pppoe-3.12/src/common.c:520:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int) strlen(conn->hostUniq);
data/rp-pppoe-3.12/src/common.c:533:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t elen = strlen(msg);
data/rp-pppoe-3.12/src/discovery.c:81:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (type == TAG_HOST_UNIQ && len == strlen(hi->hostUniq) && !memcmp(data, hi->hostUniq, len)) {
data/rp-pppoe-3.12/src/discovery.c:145:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (conn->acName && len == strlen(conn->acName) &&
data/rp-pppoe-3.12/src/discovery.c:155:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (conn->serviceName && len == strlen(conn->serviceName) &&
data/rp-pppoe-3.12/src/discovery.c:308:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = (UINT16_t) strlen(conn->serviceName);
data/rp-pppoe-3.12/src/discovery.c:332:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(svc->payload, conn->serviceName, strlen(conn->serviceName));
data/rp-pppoe-3.12/src/discovery.c:342:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int) strlen(conn->hostUniq);
data/rp-pppoe-3.12/src/discovery.c:546:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = (UINT16_t) strlen(conn->serviceName);
data/rp-pppoe-3.12/src/discovery.c:570:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int) strlen(conn->hostUniq);
data/rp-pppoe-3.12/src/if.c:326:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/rp-pppoe-3.12/src/if.c:345:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/rp-pppoe-3.12/src/if.c:390:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/rp-pppoe-3.12/src/if.c:459:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/rp-pppoe-3.12/src/if.c:500:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/rp-pppoe-3.12/src/if.c:517:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/rp-pppoe-3.12/src/if.c:657:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bpfSize = read(sock, bpfBuffer, bpfLength)) < 0) {
data/rp-pppoe-3.12/src/if.c:741:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ifname) > PATH_MAX) {
data/rp-pppoe-3.12/src/if.c:745:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ifname) < 2) {
data/rp-pppoe-3.12/src/if.c:749:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ppa = atoi(&ifname[strlen(ifname)-1]);
data/rp-pppoe-3.12/src/if.c:750:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base_dev, ifname, PATH_MAX);
data/rp-pppoe-3.12/src/if.c:751:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_dev[strlen(base_dev)-1] = '\0';
data/rp-pppoe-3.12/src/libevent/event_sig.c:97:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, buf, 64) == 64) {
data/rp-pppoe-3.12/src/libevent/event_tcp.c:210:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(fd, state->cur, togo);
data/rp-pppoe-3.12/src/libevent/event_tcp.c:234:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (togo > 0) && (nread = read(fd, state->cur, 1)) == 1) {
data/rp-pppoe-3.12/src/plugin.c:120:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(devnam) > IFNAMSIZ) {
data/rp-pppoe-3.12/src/plugin.c:164:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, conn->ifName, sizeof(ifr.ifr_name));
data/rp-pppoe-3.12/src/plugin.c:227:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sp.sa_addr.pppoe.dev, conn->ifName, strlen(conn->ifName));
data/rp-pppoe-3.12/src/plugin.c:316:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sp.sa_addr.pppoe.dev, conn->ifName, strlen(conn->ifName));
data/rp-pppoe-3.12/src/plugin.c:397:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, cmd, IFNAMSIZ);
data/rp-pppoe-3.12/src/plugin.c:417:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(devnam, cmd, sizeof(devnam));
data/rp-pppoe-3.12/src/ppp.c:112:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(0, buf, ETH_JUMBO_LEN - PPPOE_OVERHEAD + 2);
data/rp-pppoe-3.12/src/ppp.c:173:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(0, buf, READ_CHUNK);
data/rp-pppoe-3.12/src/pppoe-server.c:653:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
acname_len = strlen(ACName);
data/rp-pppoe-3.12/src/pppoe-server.c:670:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (slen == strlen(ServiceNames[i]) &&
data/rp-pppoe-3.12/src/pppoe-server.c:739:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(ServiceNames[i]);
data/rp-pppoe-3.12/src/pppoe-server.c:921:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (slen == strlen(ServiceNames[i]) &&
data/rp-pppoe-3.12/src/pppoe-server.c:1041:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(ServiceNames[0]);
data/rp-pppoe-3.12/src/pppoe-server.c:1311:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(PppoeOptions + strlen(PppoeOptions),
data/rp-pppoe-3.12/src/pppoe-server.c:1312:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SMALLBUF-strlen(PppoeOptions),
data/rp-pppoe-3.12/src/pppoe-server.c:1324:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(PppoeOptions + strlen(PppoeOptions),
data/rp-pppoe-3.12/src/pppoe-server.c:1325:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SMALLBUF-strlen(PppoeOptions),
data/rp-pppoe-3.12/src/pppoe-server.c:1375:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(interfaces[NumInterfaces].name, optarg, IFNAMSIZ);
data/rp-pppoe-3.12/src/pppoe-server.c:1407:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(PppoeOptions + strlen(PppoeOptions),
data/rp-pppoe-3.12/src/pppoe-server.c:1408:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SMALLBUF-strlen(PppoeOptions),
data/rp-pppoe-3.12/src/pppoe-server.c:1654:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = read(KidPipe[0], &c, 1);
data/rp-pppoe-3.12/src/pppoe-server.c:1672:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = read(KidPipe[0], &c, 1);
data/rp-pppoe-3.12/src/pppoe-server.c:1733:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(LockFD, buf, strlen(buf));
data/rp-pppoe-3.12/src/pppoe-server.c:1845:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int elen = strlen(errorMsg);
data/rp-pppoe-3.12/src/pppoe-server.c:2329:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elen = strlen(url);
data/rp-pppoe-3.12/src/pppoe.c:90:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
return strncpy(dst,src,size-1);
data/rp-pppoe-3.12/src/relay.c:390:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(i->name, ifname, IFNAMSIZ);
data/rp-pppoe-3.12/src/relay.c:801:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(CleanPipe[0], &dummy, 1);
data/rp-pppoe-3.12/src/relay.c:1500:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errTag.length = htons(strlen(errMsg));
ANALYSIS SUMMARY:
Hits = 346
Lines analyzed = 12151 in approximately 0.40 seconds (30488 lines/second)
Physical Source Lines of Code (SLOC) = 8058
Hits@level = [0] 318 [1] 58 [2] 257 [3] 6 [4] 25 [5] 0
Hits@level+ = [0+] 664 [1+] 346 [2+] 288 [3+] 31 [4+] 25 [5+] 0
Hits/KSLOC@level+ = [0+] 82.4026 [1+] 42.9387 [2+] 35.7409 [3+] 3.84711 [4+] 3.10251 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.