stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tcpxtract-1.0.1/search.h
Examining data/tcpxtract-1.0.1/conf.h
Examining data/tcpxtract-1.0.1/extract.h
Examining data/tcpxtract-1.0.1/search.c
Examining data/tcpxtract-1.0.1/confy.h
Examining data/tcpxtract-1.0.1/sessionlist.h
Examining data/tcpxtract-1.0.1/util.h
Examining data/tcpxtract-1.0.1/confy.c
Examining data/tcpxtract-1.0.1/util.c
Examining data/tcpxtract-1.0.1/conf.c
Examining data/tcpxtract-1.0.1/confl.c
Examining data/tcpxtract-1.0.1/sessionlist.c
Examining data/tcpxtract-1.0.1/tcpxtract.c
Examining data/tcpxtract-1.0.1/extract.c

FINAL RESULTS:

data/tcpxtract-1.0.1/confy.c:502:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/tcpxtract-1.0.1/tcpxtract.c:287:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(output_prefix, optarg);
data/tcpxtract-1.0.1/util.c:41:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(fmt, args);
data/tcpxtract-1.0.1/tcpxtract.c:269:13:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        c = getopt_long(argc, argv, "f:d:o:c:hv", long_options, &option_index);
data/tcpxtract-1.0.1/extract.c:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_BUFFER_SIZE] = {'\0'};      /* buffer to snprintf our filename to */
data/tcpxtract-1.0.1/extract.c:117:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    while ((retval = open(fname, O_WRONLY|O_CREAT|O_EXCL, S_IRWXU)) == -1);
data/tcpxtract-1.0.1/search.c:74:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char code[3] = {'\0'};
data/tcpxtract-1.0.1/sessionlist.c:61:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(*last_slist)->connection, conn, sizeof (*conn));
data/tcpxtract-1.0.1/tcpxtract.c:200:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(conn.eth_src, ethernet->ether_shost, ETHER_ADDR_LEN);
data/tcpxtract-1.0.1/tcpxtract.c:201:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(conn.eth_dst, ethernet->ether_dhost, ETHER_ADDR_LEN);
data/tcpxtract-1.0.1/tcpxtract.c:241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errbuf[PCAP_ERRBUF_SIZE];  /* Error buffer */
data/tcpxtract-1.0.1/tcpxtract.c:306:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    yyin = fopen(yyinfname, "r");
data/tcpxtract-1.0.1/util.c:49:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(addr, &ip, 4);
data/tcpxtract-1.0.1/confl.c:484:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/tcpxtract-1.0.1/confy.c:623:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/tcpxtract-1.0.1/search.c:48:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    speclen = strlen(spec);
data/tcpxtract-1.0.1/tcpxtract.c:285:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (optarg[strlen(optarg) - 1] != '/') {
data/tcpxtract-1.0.1/tcpxtract.c:286:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                output_prefix = emalloc(strlen(optarg) + 2);
data/tcpxtract-1.0.1/tcpxtract.c:288:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                output_prefix[strlen(optarg)] = '/';
data/tcpxtract-1.0.1/tcpxtract.c:289:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                output_prefix[strlen(optarg) + 1] = '\0';

ANALYSIS SUMMARY:

Hits = 20
Lines analyzed = 4452 in approximately 0.12 seconds (37350 lines/second)
Physical Source Lines of Code (SLOC) = 2884
Hits@level = [0]  16 [1]   7 [2]   9 [3]   1 [4]   3 [5]   0
Hits@level+ = [0+]  36 [1+]  20 [2+]  13 [3+]   4 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 12.4827 [1+] 6.93481 [2+] 4.50763 [3+] 1.38696 [4+] 1.04022 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.