Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bpfmon-2.49/psort.c
Examining data/bpfmon-2.49/bpfmon.c
FINAL RESULTS:
data/bpfmon-2.49/bpfmon.c:182:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(s,l,"%"PRIu64,v); // 4 or less digits
data/bpfmon-2.49/bpfmon.c:184:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(s+strlen(s),l-strlen(s),".%02"PRIu64,rr); // exactly 3 chars
data/bpfmon-2.49/bpfmon.c:428:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((f=popen("iptables-save 2>/dev/null","r"))) {
data/bpfmon-2.49/bpfmon.c:529:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((f=popen(s,"r"))) {
data/bpfmon-2.49/bpfmon.c:530:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (2==fscanf(f,"%"SCNu64" %"SCNu64,&pc,&bc)) {
data/bpfmon-2.49/psort.c:387:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(s,l,"%"PRIu64,v); // 4 or less digits
data/bpfmon-2.49/psort.c:389:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(s+strlen(s),l-strlen(s),".%02"PRIu64,rr); // exactly 3 chars
data/bpfmon-2.49/psort.c:438:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf," %15s %8s %15s %8s %15s %8s %15s %8s","from ip","pps","to ip","pps","from ip","bps","to ip","bps");
data/bpfmon-2.49/psort.c:449:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%*s%2d: %15s %8s ",rem,"",i,ip2s(bypkti[i].ip),xps);
data/bpfmon-2.49/psort.c:451:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%*s%2d: %15s %8s ",rem,"",i,"","");
data/bpfmon-2.49/psort.c:455:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+strlen(buf),"%15s %8s ",ip2s(bypkto[i].ip),xps);
data/bpfmon-2.49/psort.c:457:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+strlen(buf),"%15s %8s ","","");
data/bpfmon-2.49/psort.c:461:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+strlen(buf),"%15s %8s ",ip2s(bybtsi[i].ip),xps);
data/bpfmon-2.49/psort.c:463:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+strlen(buf),"%15s %8s ","","");
data/bpfmon-2.49/psort.c:467:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+strlen(buf),"%15s %8s\n",ip2s(bybtso[i].ip),xps);
data/bpfmon-2.49/psort.c:469:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+strlen(buf),"%15s %8s\n","","");
data/bpfmon-2.49/psort.c:598:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sa,ip2s(si));
data/bpfmon-2.49/psort.c:599:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(da,ip2s(di));
data/bpfmon-2.49/psort.c:824:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info," ip %"PRIu64" pg %"PRIu64" %8s ",ips,pgs,mems);
data/bpfmon-2.49/bpfmon.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bs[20],ps[20];
data/bpfmon-2.49/bpfmon.c:235:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[20];
data/bpfmon-2.49/bpfmon.c:291:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[20];
data/bpfmon-2.49/bpfmon.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[sx+30];
data/bpfmon-2.49/bpfmon.c:336:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bs[20],ps[20];
data/bpfmon-2.49/bpfmon.c:385:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bs[20],ps[20];
data/bpfmon-2.49/bpfmon.c:421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rl[4096];
data/bpfmon-2.49/bpfmon.c:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[(!(chain&&rulenum))?1:100+strlen(table)+strlen(chain)];
data/bpfmon-2.49/bpfmon.c:544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[PCAP_ERRBUF_SIZE];
data/bpfmon-2.49/bpfmon.c:549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[100];
data/bpfmon-2.49/bpfmon.c:712:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rulenum=atoi(a2);
data/bpfmon-2.49/bpfmon.c:725:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rulenum=atoi(a3);
data/bpfmon-2.49/bpfmon.c:837:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[mymax(strlen(sbps),strlen(spps))+1];
data/bpfmon-2.49/psort.c:193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[20];
data/bpfmon-2.49/psort.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexb[16*3+2]="";
data/bpfmon-2.49/psort.c:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascb[16+2]="";
data/bpfmon-2.49/psort.c:242:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hexb+strlen(hexb),"%02x",buf[i]);
data/bpfmon-2.49/psort.c:243:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ascb+strlen(ascb),"%c",isprint(buf[i])?buf[i]:'.');
data/bpfmon-2.49/psort.c:255:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[50];
data/bpfmon-2.49/psort.c:257:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d.%d.%d.%d",(ip>>24)&0xff,(ip>>16)&0xff,(ip>>8)&0xff,ip&0xff);
data/bpfmon-2.49/psort.c:394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xps[50];
data/bpfmon-2.49/psort.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200]; // enough to handle one line
data/bpfmon-2.49/psort.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xps[50]; // ip2s uses static buffer...
data/bpfmon-2.49/psort.c:592:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[50],da[50];
data/bpfmon-2.49/psort.c:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[PCAP_ERRBUF_SIZE];
data/bpfmon-2.49/psort.c:636:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[100];
data/bpfmon-2.49/psort.c:820:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mems[50];
data/bpfmon-2.49/psort.c:821:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[200];
data/bpfmon-2.49/bpfmon.c:177:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos>=strlen(u)) { // number is too big
data/bpfmon-2.49/bpfmon.c:178:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s," ERROR! ",l); // keep exactly 8 chars of output
data/bpfmon-2.49/bpfmon.c:184:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s+strlen(s),l-strlen(s),".%02"PRIu64,rr); // exactly 3 chars
data/bpfmon-2.49/bpfmon.c:184:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s+strlen(s),l-strlen(s),".%02"PRIu64,rr); // exactly 3 chars
data/bpfmon-2.49/bpfmon.c:185:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s+strlen(s),l-strlen(s),"%c",u[pos]); // exactly 1 char; total = 8 chars
data/bpfmon-2.49/bpfmon.c:185:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s+strlen(s),l-strlen(s),"%c",u[pos]); // exactly 1 char; total = 8 chars
data/bpfmon-2.49/bpfmon.c:233:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t *ws=calloc(sizeof *ws,strlen(cap)+1),tws[2];
data/bpfmon-2.49/bpfmon.c:239:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (-1!=(wl=mbstowcs(ws,cap,strlen(cap)))) {
data/bpfmon-2.49/bpfmon.c:430:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rl)>0) // nuke end of line
data/bpfmon-2.49/bpfmon.c:431:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rl[strlen(rl)-1]=0;
data/bpfmon-2.49/bpfmon.c:448:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rl)>4&&rl[0]=='-'&&rl[1]=='A'&&rl[2]==' ') {
data/bpfmon-2.49/bpfmon.c:492:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chainlen=mymax(chainlen,strlen(r->chain));
data/bpfmon-2.49/bpfmon.c:493:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tablelen=mymax(tablelen,strlen(r->table));
data/bpfmon-2.49/bpfmon.c:521:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char s[(!(chain&&rulenum))?1:100+strlen(table)+strlen(chain)];
data/bpfmon-2.49/bpfmon.c:521:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char s[(!(chain&&rulenum))?1:100+strlen(table)+strlen(chain)];
data/bpfmon-2.49/bpfmon.c:625:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=1;j<strlen(av[i]);j++)
data/bpfmon-2.49/bpfmon.c:789:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tslen=strlen(ts);
data/bpfmon-2.49/bpfmon.c:837:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char t[mymax(strlen(sbps),strlen(spps))+1];
data/bpfmon-2.49/bpfmon.c:837:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char t[mymax(strlen(sbps),strlen(spps))+1];
data/bpfmon-2.49/bpfmon.c:843:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(t,sbps,sizeof t);
data/bpfmon-2.49/bpfmon.c:844:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gsx<strlen(sbps))
data/bpfmon-2.49/bpfmon.c:846:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yascreen_printxy(s,gx-1-1,0,DA|(YAS_INVERSE^inverse),"%*s",(unsigned)mymin(gsx,strlen(t)),t);
data/bpfmon-2.49/bpfmon.c:848:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(t,spps,sizeof t);
data/bpfmon-2.49/bpfmon.c:849:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gsx<strlen(spps))
data/bpfmon-2.49/bpfmon.c:851:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yascreen_printxy(s,gx-1-1,g2y-1-1,DA|(YAS_INVERSE^inverse),"%*s",(unsigned)mymin(gsx,strlen(t)),t);
data/bpfmon-2.49/bpfmon.c:852:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=gx-1+strlen(t);i<=wssx;i++)
data/bpfmon-2.49/bpfmon.c:868:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yascreen_printxy(s,wssx-strlen(ts)-1-2,0,DA|(YAS_INVERSE^inverse)," %s ",ts);
data/bpfmon-2.49/bpfmon.c:1017:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (FD_ISSET(STDIN_FILENO,&r)&&sizeof c==read(STDIN_FILENO,&c,sizeof c))
data/bpfmon-2.49/psort.c:191:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t *ws=calloc(sizeof *ws,strlen(cap)+1),tws[2];
data/bpfmon-2.49/psort.c:197:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (-1!=(wl=mbstowcs(ws,cap,strlen(cap)))) {
data/bpfmon-2.49/psort.c:241:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(hexb," ");
data/bpfmon-2.49/psort.c:242:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(hexb+strlen(hexb),"%02x",buf[i]);
data/bpfmon-2.49/psort.c:243:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(ascb+strlen(ascb),"%c",isprint(buf[i])?buf[i]:'.');
data/bpfmon-2.49/psort.c:249:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ascb)) {
data/bpfmon-2.49/psort.c:382:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos>=strlen(u)) { // number is too big
data/bpfmon-2.49/psort.c:383:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s," ERROR! ",l); // keep exactly 8 chars of output
data/bpfmon-2.49/psort.c:389:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s+strlen(s),l-strlen(s),".%02"PRIu64,rr); // exactly 3 chars
data/bpfmon-2.49/psort.c:389:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s+strlen(s),l-strlen(s),".%02"PRIu64,rr); // exactly 3 chars
data/bpfmon-2.49/psort.c:390:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s+strlen(s),l-strlen(s),"%c",u[pos]); // exactly 1 char; total = 8 chars
data/bpfmon-2.49/psort.c:390:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s+strlen(s),l-strlen(s),"%c",u[pos]); // exactly 1 char; total = 8 chars
data/bpfmon-2.49/psort.c:439:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rem=(int)strlen(buf)<sx?(sx-strlen(buf))/2:0;
data/bpfmon-2.49/psort.c:439:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rem=(int)strlen(buf)<sx?(sx-strlen(buf))/2:0;
data/bpfmon-2.49/psort.c:455:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf),"%15s %8s ",ip2s(bypkto[i].ip),xps);
data/bpfmon-2.49/psort.c:457:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf),"%15s %8s ","","");
data/bpfmon-2.49/psort.c:461:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf),"%15s %8s ",ip2s(bybtsi[i].ip),xps);
data/bpfmon-2.49/psort.c:463:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf),"%15s %8s ","","");
data/bpfmon-2.49/psort.c:467:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf),"%15s %8s\n",ip2s(bybtso[i].ip),xps);
data/bpfmon-2.49/psort.c:469:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf),"%15s %8s\n","","");
data/bpfmon-2.49/psort.c:471:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf,"");
data/bpfmon-2.49/psort.c:668:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=1;j<strlen(av[i]);j++)
data/bpfmon-2.49/psort.c:691:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i+1>=ac||j!=strlen(av[i])-1) {
data/bpfmon-2.49/psort.c:699:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i+1>=ac||j!=strlen(av[i])-1) {
data/bpfmon-2.49/psort.c:825:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned)wssx>14+3+strlen(info))
data/bpfmon-2.49/psort.c:826:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yascreen_printxy(s,wssx-1-strlen(info),0,DA|(inverse^YAS_INVERSE),"%s",info);
data/bpfmon-2.49/psort.c:864:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (FD_ISSET(STDIN_FILENO,&r)&&sizeof c==read(STDIN_FILENO,&c,sizeof c))
ANALYSIS SUMMARY:
Hits = 102
Lines analyzed = 2087 in approximately 0.08 seconds (24910 lines/second)
Physical Source Lines of Code (SLOC) = 1824
Hits@level = [0] 60 [1] 55 [2] 28 [3] 0 [4] 19 [5] 0
Hits@level+ = [0+] 162 [1+] 102 [2+] 47 [3+] 19 [4+] 19 [5+] 0
Hits/KSLOC@level+ = [0+] 88.8158 [1+] 55.9211 [2+] 25.7675 [3+] 10.4167 [4+] 10.4167 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.