Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/batmand-0.3.2+72+ga83038a/allocate.c
Examining data/batmand-0.3.2+72+ga83038a/allocate.h
Examining data/batmand-0.3.2+72+ga83038a/batman.c
Examining data/batmand-0.3.2+72+ga83038a/batman.h
Examining data/batmand-0.3.2+72+ga83038a/bitarray.c
Examining data/batmand-0.3.2+72+ga83038a/bitarray.h
Examining data/batmand-0.3.2+72+ga83038a/hash.c
Examining data/batmand-0.3.2+72+ga83038a/hash.h
Examining data/batmand-0.3.2+72+ga83038a/hna.c
Examining data/batmand-0.3.2+72+ga83038a/hna.h
Examining data/batmand-0.3.2+72+ga83038a/linux/kernel.c
Examining data/batmand-0.3.2+72+ga83038a/linux/route.c
Examining data/batmand-0.3.2+72+ga83038a/linux/tun.c
Examining data/batmand-0.3.2+72+ga83038a/list-batman.c
Examining data/batmand-0.3.2+72+ga83038a/list-batman.h
Examining data/batmand-0.3.2+72+ga83038a/originator.c
Examining data/batmand-0.3.2+72+ga83038a/originator.h
Examining data/batmand-0.3.2+72+ga83038a/os.h
Examining data/batmand-0.3.2+72+ga83038a/packet.h
Examining data/batmand-0.3.2+72+ga83038a/posix/posix.c
Examining data/batmand-0.3.2+72+ga83038a/posix/tunnel.c
Examining data/batmand-0.3.2+72+ga83038a/posix/unix_socket.c
Examining data/batmand-0.3.2+72+ga83038a/posix/init.c
Examining data/batmand-0.3.2+72+ga83038a/profile.c
Examining data/batmand-0.3.2+72+ga83038a/profile.h
Examining data/batmand-0.3.2+72+ga83038a/ring_buffer.c
Examining data/batmand-0.3.2+72+ga83038a/ring_buffer.h
Examining data/batmand-0.3.2+72+ga83038a/schedule.c
Examining data/batmand-0.3.2+72+ga83038a/schedule.h
Examining data/batmand-0.3.2+72+ga83038a/types.h
FINAL RESULTS:
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:50:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = fscanf(f, "%"SCNd32, &integer);
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:66:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, "%"PRId32, integer);
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:78:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "/proc/sys/net/ipv4/conf/%s/rp_filter", dev);
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:94:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "/proc/sys/net/ipv4/conf/%s/rp_filter", dev);
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:111:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "/proc/sys/net/ipv4/conf/%s/send_redirects", dev);
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:127:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "/proc/sys/net/ipv4/conf/%s/send_redirects", dev);
data/batmand-0.3.2+72+ga83038a/linux/tun.c:72:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
error = system(cmd);
data/batmand-0.3.2+72+ga83038a/linux/tun.c:113:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, IPTABLES_ADD_MASQ, dev);
data/batmand-0.3.2+72+ga83038a/linux/tun.c:116:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, IPTABLES_ADD_MSS, dev);
data/batmand-0.3.2+72+ga83038a/linux/tun.c:123:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, IPTABLES_DEL_MASQ, dev);
data/batmand-0.3.2+72+ga83038a/linux/tun.c:126:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, IPTABLES_ADD_MSS, dev);
data/batmand-0.3.2+72+ga83038a/linux/tun.c:136:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, IPTABLES_DEL_ACC, ip_addr, netmask);
data/batmand-0.3.2+72+ga83038a/linux/tun.c:138:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, IPTABLES_ADD_ACC, ip_addr, netmask);
data/batmand-0.3.2+72+ga83038a/os.h:104:89: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void debug_output( int8_t debug_prio, const char *format, ... ) __attribute__ ((format (printf, 2, 3)));
data/batmand-0.3.2+72+ga83038a/posix/init.c:101:7: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execl("/bin/sh", "/bin/sh", "-c", policy_routing_script, NULL) < 0)
data/batmand-0.3.2+72+ga83038a/posix/init.c:490:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( unix_if.addr.sun_path, UNIX_PATH );
data/batmand-0.3.2+72+ga83038a/posix/init.c:597:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( unix_if.addr.sun_path, UNIX_PATH );
data/batmand-0.3.2+72+ga83038a/posix/unix_socket.c:61:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/batmand-0.3.2+72+ga83038a/posix/unix_socket.c:80:4: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/batmand-0.3.2+72+ga83038a/posix/init.c:136:22: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( ( optchar = getopt_long( argc, argv, "a:A:bcd:hHio:g:p:r:s:vVD", long_options, &option_index ) ) != -1 ) {
data/batmand-0.3.2+72+ga83038a/posix/posix.c:623:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(getpid());
data/batmand-0.3.2+72+ga83038a/allocate.c:349:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, memoryParameter, copyLength);
data/batmand-0.3.2+72+ga83038a/batman.c:228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/batman.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_str[ADDR_STR_LEN], next_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/batman.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/batman.c:552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_str[ADDR_STR_LEN], neigh_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/batman.c:650:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct vis_packet *)vis_packet)->sender_ip, (unsigned char *)&(((struct batman_if *)if_list.next)->addr.sin_addr.s_addr), 4);
data/batmand-0.3.2+72+ga83038a/batman.c:671:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vis_data->ip, (unsigned char *)&orig_node->orig, 4);
data/batmand-0.3.2+72+ga83038a/batman.c:694:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vis_data->ip, (unsigned char *)&batman_if->addr.sin_addr.s_addr, 4);
data/batmand-0.3.2+72+ga83038a/batman.c:777:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[2001], *hna_recv_buff;
data/batmand-0.3.2+72+ga83038a/batman.c:778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_str[ADDR_STR_LEN], neigh_str[ADDR_STR_LEN], ifaddr_str[ADDR_STR_LEN], prev_sender_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/hna.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hna_addr_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/hna.c:298:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vis_data->ip, (unsigned char *)&hna_local_entry->addr, 4);
data/batmand-0.3.2+72+ga83038a/hna.c:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hna_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/hna.c:514:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(orig_node->hna_buff, new_hna, new_hna_len);
data/batmand-0.3.2+72+ga83038a/hna.c:619:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(orig_node->hna_buff, new_hna, new_hna_len);
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:47:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f = fopen(filename, "r")) == NULL)
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:63:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(filename, "w")) == NULL)
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100], *colon_ptr;
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100], *colon_ptr;
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100], *colon_ptr;
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100], *colon_ptr;
data/batmand-0.3.2+72+ga83038a/linux/route.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[16], str2[16], str3[16];
data/batmand-0.3.2+72+ga83038a/linux/route.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096], str1[16], str2[16], str3[16];
data/batmand-0.3.2+72+ga83038a/linux/route.c:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4 * (sizeof(struct rtattr) + 4)];
data/batmand-0.3.2+72+ga83038a/linux/route.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req_buf[NLMSG_LENGTH(sizeof(struct req_s))] ALIGN_WORD;
data/batmand-0.3.2+72+ga83038a/linux/route.c:296:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)req->buff) + sizeof(struct rtattr), (char *)&dest, 4);
data/batmand-0.3.2+72+ga83038a/linux/route.c:303:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)req->buff) + 2 * sizeof(struct rtattr) + 4, (char *)&my_router, 4);
data/batmand-0.3.2+72+ga83038a/linux/route.c:308:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)req->buff) + 3 * sizeof(struct rtattr) + 8, (char *)&ifi, 4);
data/batmand-0.3.2+72+ga83038a/linux/route.c:314:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)req->buff) + 4 * sizeof(struct rtattr) + 12, (char *)&src_ip, 4);
data/batmand-0.3.2+72+ga83038a/linux/route.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096], str1[16];
data/batmand-0.3.2+72+ga83038a/linux/route.c:377:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2 * (sizeof(struct rtattr) + 4)];
data/batmand-0.3.2+72+ga83038a/linux/route.c:379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req_buf[NLMSG_LENGTH(sizeof(struct req_s))] ALIGN_WORD;
data/batmand-0.3.2+72+ga83038a/linux/route.c:434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)req->buff) + sizeof(struct rtattr), (char *)&network, 4);
data/batmand-0.3.2+72+ga83038a/linux/route.c:441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)req->buff) + sizeof(struct rtattr), (char *)&network, 4);
data/batmand-0.3.2+72+ga83038a/linux/route.c:449:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)req->buff) + sizeof(struct rtattr), (char *)&network, 4);
data/batmand-0.3.2+72+ga83038a/linux/route.c:452:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)req->buff) + sizeof(struct rtattr), iif, 4);
data/batmand-0.3.2+72+ga83038a/linux/route.c:464:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)req->buff) + 2 * sizeof(struct rtattr) + 4, (char *)&prio, 4);
data/batmand-0.3.2+72+ga83038a/linux/route.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *dev = NULL;
data/batmand-0.3.2+72+ga83038a/linux/route.c:644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req_buf[NLMSG_LENGTH(sizeof(struct req_s))] ALIGN_WORD;
data/batmand-0.3.2+72+ga83038a/linux/tun.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_log[256];
data/batmand-0.3.2+72+ga83038a/linux/tun.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[150];
data/batmand-0.3.2+72+ga83038a/linux/tun.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[150];
data/batmand-0.3.2+72+ga83038a/linux/tun.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100], ip_addr[16];
data/batmand-0.3.2+72+ga83038a/linux/tun.c:148:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = open( "/dev/net/tun", O_RDWR ) ) < 0 ) {
data/batmand-0.3.2+72+ga83038a/linux/tun.c:197:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( *fd = open( "/dev/net/tun", O_RDWR ) ) < 0 ) {
data/batmand-0.3.2+72+ga83038a/linux/tun.c:234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &ifr_tun.ifr_addr, &addr, sizeof(struct sockaddr) );
data/batmand-0.3.2+72+ga83038a/linux/tun.c:336:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &ifr_tun.ifr_addr, &addr, sizeof(struct sockaddr) );
data/batmand-0.3.2+72+ga83038a/originator.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/originator.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_str[ADDR_STR_LEN], neigh_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/originator.c:425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ADDR_STR_LEN], str2[ADDR_STR_LEN], orig_str[ADDR_STR_LEN], debug_out_str[1001];
data/batmand-0.3.2+72+ga83038a/posix/init.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[16], str2[16], *slash_ptr, *unix_buff, *buff_ptr, *cr_ptr;
data/batmand-0.3.2+72+ga83038a/posix/posix.c:350:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &tmp_wait_set, &receive_wait_set, sizeof(fd_set) );
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:94:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[100];
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tun_addr, buff + 1, 4);
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tun_if[IFNAMSIZ], my_str[ADDR_STR_LEN], gw_str[ADDR_STR_LEN], gw_state = GW_STATE_UNKNOWN;
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:175:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[1501];
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_wait_sockets, &wait_sockets, sizeof(fd_set));
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gw_addr[16], str[16], tun_dev[IFNAMSIZ];
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:558:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[1501];
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:608:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_wait_sockets, &wait_sockets, sizeof(fd_set));
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:694:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + 1, (char *)&gw_client->vip_addr, 4);
data/batmand-0.3.2+72+ga83038a/posix/unix_socket.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100], str[16], was_gateway, tmp_unix_value;
data/batmand-0.3.2+72+ga83038a/posix/unix_socket.c:186:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_wait_sockets, &wait_sockets, sizeof(fd_set));
data/batmand-0.3.2+72+ga83038a/schedule.c:66:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(forw_node_new->pack_buff, (unsigned char *)&batman_if->out, sizeof(struct bat_packet));
data/batmand-0.3.2+72+ga83038a/schedule.c:67:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(forw_node_new->pack_buff + sizeof(struct bat_packet), hna_buff_local, num_hna_local * 5);
data/batmand-0.3.2+72+ga83038a/schedule.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(forw_node_new->pack_buff, &batman_if->out, sizeof(struct bat_packet));
data/batmand-0.3.2+72+ga83038a/schedule.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(forw_node_new->pack_buff, in, forw_node_new->pack_buff_len);
data/batmand-0.3.2+72+ga83038a/schedule.c:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(forw_node_aggregate->pack_buff + forw_node_aggregate->pack_buff_len, in, sizeof(struct bat_packet) + hna_buff_len);
data/batmand-0.3.2+72+ga83038a/schedule.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_str[ADDR_STR_LEN];
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:154:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, dev, strlen(dev) + 1) < 0) {
data/batmand-0.3.2+72+ga83038a/linux/kernel.c:175:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(int_req.ifr_name, dev, IFNAMSIZ - 1);
data/batmand-0.3.2+72+ga83038a/linux/route.c:575:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr_tmp.ifr_name, ifr->ifr_name, IFNAMSIZ - 1);
data/batmand-0.3.2+72+ga83038a/linux/tun.c:79:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(pipes[0], error_log, sizeof(error_log));
data/batmand-0.3.2+72+ga83038a/linux/tun.c:195:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( ifr_tun.ifr_name, "gate%d", IFNAMSIZ );
data/batmand-0.3.2+72+ga83038a/linux/tun.c:280:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ifr_if.ifr_name, batman_if->dev, IFNAMSIZ - 1 );
data/batmand-0.3.2+72+ga83038a/linux/tun.c:317:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( tun_dev, ifr_tun.ifr_name, tun_dev_size - 1 );
data/batmand-0.3.2+72+ga83038a/linux/tun.c:338:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ifr_tun.ifr_name, tun_dev, IFNAMSIZ - 1 );
data/batmand-0.3.2+72+ga83038a/posix/init.c:203:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( strlen( optarg ) > 4 ) && ( ( strncmp( optarg + strlen( optarg ) - 4, "MBit", 4 ) == 0 ) || ( strncmp( optarg + strlen( optarg ) - 4, "mbit", 4 ) == 0 ) || ( strncmp( optarg + strlen( optarg ) - 4, "Mbit", 4 ) == 0 ) ) )
data/batmand-0.3.2+72+ga83038a/posix/init.c:203:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( strlen( optarg ) > 4 ) && ( ( strncmp( optarg + strlen( optarg ) - 4, "MBit", 4 ) == 0 ) || ( strncmp( optarg + strlen( optarg ) - 4, "mbit", 4 ) == 0 ) || ( strncmp( optarg + strlen( optarg ) - 4, "Mbit", 4 ) == 0 ) ) )
data/batmand-0.3.2+72+ga83038a/posix/init.c:203:124: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( strlen( optarg ) > 4 ) && ( ( strncmp( optarg + strlen( optarg ) - 4, "MBit", 4 ) == 0 ) || ( strncmp( optarg + strlen( optarg ) - 4, "mbit", 4 ) == 0 ) || ( strncmp( optarg + strlen( optarg ) - 4, "Mbit", 4 ) == 0 ) ) )
data/batmand-0.3.2+72+ga83038a/posix/init.c:203:188: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( strlen( optarg ) > 4 ) && ( ( strncmp( optarg + strlen( optarg ) - 4, "MBit", 4 ) == 0 ) || ( strncmp( optarg + strlen( optarg ) - 4, "mbit", 4 ) == 0 ) || ( strncmp( optarg + strlen( optarg ) - 4, "Mbit", 4 ) == 0 ) ) )
data/batmand-0.3.2+72+ga83038a/posix/init.c:217:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( strlen( slash_ptr + 1 ) > 4 ) && ( ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "MBit", 4 ) == 0 ) || ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "mbit", 4 ) == 0 ) || ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "Mbit", 4 ) == 0 ) ) )
data/batmand-0.3.2+72+ga83038a/posix/init.c:217:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( strlen( slash_ptr + 1 ) > 4 ) && ( ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "MBit", 4 ) == 0 ) || ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "mbit", 4 ) == 0 ) || ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "Mbit", 4 ) == 0 ) ) )
data/batmand-0.3.2+72+ga83038a/posix/init.c:217:153: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( strlen( slash_ptr + 1 ) > 4 ) && ( ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "MBit", 4 ) == 0 ) || ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "mbit", 4 ) == 0 ) || ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "Mbit", 4 ) == 0 ) ) )
data/batmand-0.3.2+72+ga83038a/posix/init.c:217:231: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( strlen( slash_ptr + 1 ) > 4 ) && ( ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "MBit", 4 ) == 0 ) || ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "mbit", 4 ) == 0 ) || ( strncmp( slash_ptr + 1 + strlen( slash_ptr + 1 ) - 4, "Mbit", 4 ) == 0 ) ) )
data/batmand-0.3.2+72+ga83038a/posix/init.c:679:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( ( recv_buff_len = read( unix_if.unix_sock, unix_buff, 1500 ) ) > 0 ) {
data/batmand-0.3.2+72+ga83038a/posix/init.c:707:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes_written += strlen( buff_ptr ) + 1;
data/batmand-0.3.2+72+ga83038a/posix/init.c:771:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(int_req.ifr_name, dev, IFNAMSIZ - 1);
data/batmand-0.3.2+72+ga83038a/posix/init.c:837:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( int_req.ifr_name, batman_if->dev, IFNAMSIZ - 1 );
data/batmand-0.3.2+72+ga83038a/posix/init.c:978:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen( batman_if->dev ) > IFNAMSIZ - 1) {
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:315:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((buff_len = read(tun_fd, buff + 1, sizeof(buff) - 2)) > 0) {
data/batmand-0.3.2+72+ga83038a/posix/tunnel.c:718:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((buff_len = read(tun_fd, buff + 1, sizeof(buff) - 2 )) > 0) {
data/batmand-0.3.2+72+ga83038a/posix/unix_socket.c:230:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read( unix_client->sock, buff, sizeof( buff ) );
ANALYSIS SUMMARY:
Hits = 114
Lines analyzed = 9599 in approximately 0.25 seconds (38356 lines/second)
Physical Source Lines of Code (SLOC) = 5625
Hits@level = [0] 126 [1] 24 [2] 69 [3] 2 [4] 19 [5] 0
Hits@level+ = [0+] 240 [1+] 114 [2+] 90 [3+] 21 [4+] 19 [5+] 0
Hits/KSLOC@level+ = [0+] 42.6667 [1+] 20.2667 [2+] 16 [3+] 3.73333 [4+] 3.37778 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.