Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sipcrack-0.2/pcapstuff.h
Examining data/sipcrack-0.2/debug.c
Examining data/sipcrack-0.2/debug.h
Examining data/sipcrack-0.2/global.h
Examining data/sipcrack-0.2/md5.c
Examining data/sipcrack-0.2/md5.h
Examining data/sipcrack-0.2/wrap.c
Examining data/sipcrack-0.2/wrap.h
Examining data/sipcrack-0.2/SIPcrack.c
Examining data/sipcrack-0.2/SIPdump.c
FINAL RESULTS:
data/sipcrack-0.2/SIPcrack.c:54:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wordlist_file, optarg);
data/sipcrack-0.2/SIPcrack.c:83:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dump_file, argv[0]);
data/sipcrack-0.2/SIPdump.c:87:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev, optarg);
data/sipcrack-0.2/SIPdump.c:91:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filter, optarg);
data/sipcrack-0.2/SIPdump.c:98:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pcap_file, optarg);
data/sipcrack-0.2/SIPdump.c:122:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dump_file, argv[0]);
data/sipcrack-0.2/debug.c:17:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer)-1, fmt, ap);
data/sipcrack-0.2/wrap.c:77:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg)-1, fmt, ap);
data/sipcrack-0.2/SIPcrack.c:50:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, "w:p:s")) != -1) {
data/sipcrack-0.2/SIPdump.c:83:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, "i:mp:f:")) != -1) {
data/sipcrack-0.2/SIPcrack.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cracked_pass[PW_MAXLEN];
data/sipcrack-0.2/SIPcrack.c:60:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
print_process = atoi(optarg);
data/sipcrack-0.2/SIPcrack.c:82:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dump_file = (char *)Malloc(strlen(argv[0])+1);
data/sipcrack-0.2/SIPcrack.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[LOGIN_MAXLEN], input[8];
data/sipcrack-0.2/SIPcrack.c:134:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((lfile = fopen(dump_file, "r")) == NULL) {
data/sipcrack-0.2/SIPcrack.c:186:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
use = atoi(input);
data/sipcrack-0.2/SIPcrack.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(login_info, login_ptr , sizeof(login_t));
data/sipcrack-0.2/SIPcrack.c:223:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_bin_hash[MD5_LEN];
data/sipcrack-0.2/SIPcrack.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char static_hash[MD5_LEN_HEX+1], dynamic_hash[MD5_LEN_HEX+1], final_hash[MD5_LEN_HEX+1];
data/sipcrack-0.2/SIPcrack.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dynamic_hash_data[DYNAMIC_HASH_SIZE]; /* USER:REALM: */
data/sipcrack-0.2/SIPcrack.c:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char static_hash_data[STATIC_HASH_SIZE]; /* :nonce:nonce_count:cnonce:qop:static_hash */
data/sipcrack-0.2/SIPcrack.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pw[PW_MAXLEN];
data/sipcrack-0.2/SIPcrack.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin2hex_table[256][2]; /* table for bin<->hex mapping */
data/sipcrack-0.2/SIPcrack.c:292:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((passdb=fopen(wordlist, "rb")) == NULL) {
data/sipcrack-0.2/SIPdump.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[SIP_METHOD_LEN];
data/sipcrack-0.2/SIPdump.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SIP_LINE_LEN];
data/sipcrack-0.2/SIPdump.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/sipcrack-0.2/SIPdump.c:121:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dump_file = (char *)Malloc(strlen(argv[0])+1);
data/sipcrack-0.2/SIPdump.c:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SIP_LINE_LEN];
data/sipcrack-0.2/SIPdump.c:399:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[SIP_METHOD_LEN];
data/sipcrack-0.2/SIPdump.c:456:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)payload,
data/sipcrack-0.2/debug.c:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/sipcrack-0.2/global.h:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[HOST_MAXLEN];
data/sipcrack-0.2/global.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client[HOST_MAXLEN];
data/sipcrack-0.2/global.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[USER_MAXLEN];
data/sipcrack-0.2/global.h:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[HOST_MAXLEN];
data/sipcrack-0.2/global.h:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[METHOD_MAXLEN];
data/sipcrack-0.2/global.h:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[URI_MAXLEN];
data/sipcrack-0.2/global.h:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nonce[NONCE_MAXLEN];
data/sipcrack-0.2/global.h:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cnonce[NONCE_MAXLEN];
data/sipcrack-0.2/global.h:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nonce_count[CNONCE_MAXLEN];
data/sipcrack-0.2/global.h:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qop[QOP_MAXLEN];
data/sipcrack-0.2/global.h:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char algorithm[ALG_MAXLEN];
data/sipcrack-0.2/global.h:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[MD5_LEN_HEX+1];
data/sipcrack-0.2/md5.c:153:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
data/sipcrack-0.2/md5.c:162:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i);
data/sipcrack-0.2/md5.c:164:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i),
data/sipcrack-0.2/md5.c:178:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((void *)md5_paddat,
data/sipcrack-0.2/md5.c:183:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((void *)md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i),
data/sipcrack-0.2/md5.c:186:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((void *)(md5_paddat + gap),
data/sipcrack-0.2/md5.c:193:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8);
data/sipcrack-0.2/md5.c:215:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&ctxt->md5_st8[0], digest, 16);
data/sipcrack-0.2/pcapstuff.h:13:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ether_dhost[ETHER_ADDR_LEN];
data/sipcrack-0.2/pcapstuff.h:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ether_shost[ETHER_ADDR_LEN];
data/sipcrack-0.2/wrap.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[128];
data/sipcrack-0.2/wrap.c:105:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void init_bin2hex(char bin2hex_table[256][2])
data/sipcrack-0.2/wrap.c:118:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void bin_to_hex(char bin2hex_table[256][2],
data/sipcrack-0.2/wrap.c:143:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((lfile = fopen(file, "a")) == NULL) {
data/sipcrack-0.2/wrap.c:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024], orig_string[1024];
data/sipcrack-0.2/wrap.c:183:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((login_file = fopen(file, "r")) == NULL) {
data/sipcrack-0.2/wrap.c:189:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((temp_file = fopen(tempfile, "w")) == NULL) {
data/sipcrack-0.2/SIPcrack.c:53:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wordlist_file = (char *)Malloc(strlen(optarg)+1);
data/sipcrack-0.2/SIPcrack.c:82:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dump_file = (char *)Malloc(strlen(argv[0])+1);
data/sipcrack-0.2/SIPcrack.c:243:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(login->algorithm, "MD5", strlen(login->algorithm))) {
data/sipcrack-0.2/SIPcrack.c:258:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5_ctx, (unsigned char*)login->method, strlen( login->method ));
data/sipcrack-0.2/SIPcrack.c:260:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5_ctx, (unsigned char*)login->uri, strlen( login->uri ));
data/sipcrack-0.2/SIPcrack.c:272:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(login->qop))
data/sipcrack-0.2/SIPcrack.c:285:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dynamic_hash_data_len = strlen(dynamic_hash_data);
data/sipcrack-0.2/SIPcrack.c:286:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static_hash_data_len = strlen(static_hash_data);
data/sipcrack-0.2/SIPcrack.c:321:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pw_len = strlen(pw);
data/sipcrack-0.2/SIPcrack.c:377:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cracked_pw, pw, PW_MAXLEN - 1);
data/sipcrack-0.2/SIPcrack.c:399:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/sipcrack-0.2/SIPcrack.c:414:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->server, lines[0], sizeof(login->server) - 1 );
data/sipcrack-0.2/SIPcrack.c:415:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->client, lines[1], sizeof(login->client) - 1 );
data/sipcrack-0.2/SIPcrack.c:416:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->user, lines[2], sizeof(login->user) - 1 );
data/sipcrack-0.2/SIPcrack.c:417:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->realm, lines[3], sizeof(login->realm) - 1 );
data/sipcrack-0.2/SIPcrack.c:418:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->method, lines[4], sizeof(login->method) - 1 );
data/sipcrack-0.2/SIPcrack.c:419:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->uri, lines[5], sizeof(login->uri) - 1 );
data/sipcrack-0.2/SIPcrack.c:420:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->nonce, lines[6], sizeof(login->nonce) - 1 );
data/sipcrack-0.2/SIPcrack.c:421:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->cnonce, lines[7], sizeof(login->cnonce) - 1 );
data/sipcrack-0.2/SIPcrack.c:422:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->nonce_count, lines[8], sizeof(login->nonce_count) - 1 );
data/sipcrack-0.2/SIPcrack.c:423:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->qop, lines[9], sizeof(login->qop) - 1 );
data/sipcrack-0.2/SIPcrack.c:424:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->algorithm, lines[10], sizeof(login->algorithm) - 1 );
data/sipcrack-0.2/SIPcrack.c:425:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login->hash, lines[11], sizeof(login->hash) - 1 );
data/sipcrack-0.2/SIPdump.c:86:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dev = (char *)Malloc(strlen(optarg)+1);
data/sipcrack-0.2/SIPdump.c:90:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter = (char *)Malloc(strlen(optarg)+1);
data/sipcrack-0.2/SIPdump.c:97:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcap_file = (char *)Malloc(strlen(optarg)+1);
data/sipcrack-0.2/SIPdump.c:121:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dump_file = (char *)Malloc(strlen(argv[0])+1);
data/sipcrack-0.2/SIPdump.c:232:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(DEFAULT_PCAP_FILTER, filter, strlen(DEFAULT_PCAP_FILTER)))
data/sipcrack-0.2/SIPdump.c:314:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
payload_buffer_len = payload_len + strlen(conn_table[i].buffer) + 1;
data/sipcrack-0.2/SIPdump.c:317:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(payload_buffer, conn_table[i].buffer, payload_buffer_len - 1);
data/sipcrack-0.2/SIPdump.c:318:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(payload_buffer,
data/sipcrack-0.2/SIPdump.c:320:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
payload_buffer_len - strlen(payload_buffer) - 1);
data/sipcrack-0.2/SIPdump.c:364:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(conn_table[i].buffer, buffer, sizeof(conn_table[i].buffer) - 1);
data/sipcrack-0.2/SIPdump.c:463:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(conn_table[i].buffer, buffer, SIP_LINE_LEN);
data/sipcrack-0.2/SIPdump.c:569:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((!strncmp(lines[i], "Proxy-Authorization:", strlen("Proxy-Authorization:")) ||
data/sipcrack-0.2/SIPdump.c:570:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(lines[i], "WWW-Authenticate:", strlen("WWW-Authenticate:")) ||
data/sipcrack-0.2/SIPdump.c:571:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(lines[i], "Authorization:", strlen("Authorization:"))) &&
data/sipcrack-0.2/SIPdump.c:577:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(out_len - 1 < strlen(lines[i])) {
data/sipcrack-0.2/SIPdump.c:582:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out, lines[i], out_len - 1);
data/sipcrack-0.2/SIPdump.c:609:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(out_len - 1 < strlen(lines[num_lines - 1])) {
data/sipcrack-0.2/SIPdump.c:615:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out, lines[num_lines - 1], out_len - 1);
data/sipcrack-0.2/SIPdump.c:687:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(login.qop)) {
data/sipcrack-0.2/SIPdump.c:695:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Toupper(login.algorithm, strlen(login.algorithm));
data/sipcrack-0.2/SIPdump.c:744:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login_data.server, inet_ntoa(srv), sizeof(login_data.server) - 1);
data/sipcrack-0.2/SIPdump.c:745:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login_data.client, inet_ntoa(cli), sizeof(login_data.client) - 1);
data/sipcrack-0.2/SIPdump.c:749:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(login_data.method, method, sizeof(login_data.method) - 1);
data/sipcrack-0.2/SIPdump.c:780:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(login_data.algorithm, "MD5", sizeof(login_data.algorithm));
data/sipcrack-0.2/SIPdump.c:782:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Toupper(login_data.algorithm, strlen(login_data.algorithm));
data/sipcrack-0.2/wrap.c:86:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(outbuf[strlen(outbuf)-1] == 0x0d)
data/sipcrack-0.2/wrap.c:87:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf[strlen(outbuf)-1] = 0x00;
data/sipcrack-0.2/wrap.c:178:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempfile_len = (strlen(file) + strlen(".tmp") + 1);
data/sipcrack-0.2/wrap.c:178:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempfile_len = (strlen(file) + strlen(".tmp") + 1);
data/sipcrack-0.2/wrap.c:256:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr1 += strlen(value);
data/sipcrack-0.2/wrap.c:258:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b = strlen(ptr1);
data/sipcrack-0.2/wrap.c:279:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outbuf, tempbuf, outbuf_len - 1);
ANALYSIS SUMMARY:
Hits = 116
Lines analyzed = 2142 in approximately 0.09 seconds (23959 lines/second)
Physical Source Lines of Code (SLOC) = 1368
Hits@level = [0] 53 [1] 55 [2] 51 [3] 2 [4] 8 [5] 0
Hits@level+ = [0+] 169 [1+] 116 [2+] 61 [3+] 10 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 123.538 [1+] 84.7953 [2+] 44.5906 [3+] 7.30994 [4+] 5.84795 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.