stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/scanlogd-2.2.5/scanlogd.c
Examining data/scanlogd-2.2.5/in.h
Examining data/scanlogd-2.2.5/in_nids.c
Examining data/scanlogd-2.2.5/in_linux.c
Examining data/scanlogd-2.2.5/in_pcap.c
Examining data/scanlogd-2.2.5/params.h

FINAL RESULTS:

data/scanlogd-2.2.5/scanlogd.c:107:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(s_saddr, sizeof(s_saddr),
data/scanlogd-2.2.5/scanlogd.c:144:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(s_tos, sizeof(s_tos),
data/scanlogd-2.2.5/scanlogd.c:149:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(s_ttl, sizeof(s_ttl),
data/scanlogd-2.2.5/scanlogd.c:383:6:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
	if (chroot(SCANLOGD_CHROOT)) return pexit("chroot");
data/scanlogd-2.2.5/in.h:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char space[60 - sizeof(struct ip)];
data/scanlogd-2.2.5/in_pcap.c:14:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char error[PCAP_ERRBUF_SIZE];
data/scanlogd-2.2.5/scanlogd.c:92:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s_saddr[32];
data/scanlogd-2.2.5/scanlogd.c:93:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s_daddr[64 + 8 * SCAN_MAX_COUNT];
data/scanlogd-2.2.5/scanlogd.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s_flags[16];
data/scanlogd-2.2.5/scanlogd.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s_tos[16];
data/scanlogd-2.2.5/scanlogd.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s_ttl[16];
data/scanlogd-2.2.5/scanlogd.c:97:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s_time[32];
data/scanlogd-2.2.5/scanlogd.c:413:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	dev_null_fd = open("/dev/null", O_RDONLY);
data/scanlogd-2.2.5/in_linux.c:42:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((size = read(raw, &packet, sizeof(packet))) >= sizeof(packet.ip))
data/scanlogd-2.2.5/scanlogd.c:119:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = strlen(s_daddr);
data/scanlogd-2.2.5/scanlogd.c:158:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s_saddr) + strlen(s_daddr) +
data/scanlogd-2.2.5/scanlogd.c:158:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s_saddr) + strlen(s_daddr) +
data/scanlogd-2.2.5/scanlogd.c:159:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strlen(s_tos) + strlen(s_ttl) + strlen(s_time) +
data/scanlogd-2.2.5/scanlogd.c:159:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strlen(s_tos) + strlen(s_ttl) + strlen(s_time) +
data/scanlogd-2.2.5/scanlogd.c:159:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strlen(s_tos) + strlen(s_ttl) + strlen(s_time) +

ANALYSIS SUMMARY:

Hits = 20
Lines analyzed = 772 in approximately 0.03 seconds (26679 lines/second)
Physical Source Lines of Code (SLOC) = 492
Hits@level = [0]   8 [1]   7 [2]   9 [3]   1 [4]   3 [5]   0
Hits@level+ = [0+]  28 [1+]  20 [2+]  13 [3+]   4 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 56.9106 [1+] 40.6504 [2+] 26.4228 [3+] 8.13008 [4+] 6.09756 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.