Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dns-flood-detector-1.20/dns_flood_detector.h
Examining data/dns-flood-detector-1.20/dns_flood_detector.c
FINAL RESULTS:
data/dns-flood-detector-1.20/dns_flood_detector.c:724:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt(argc, argv,"i:t:a:w:x:m:A:M:QbdDvsh");
data/dns-flood-detector-1.20/dns_flood_detector.c:161:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[HOST_NAME_MAX];
data/dns-flood-detector-1.20/dns_flood_detector.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[MAXMESSAGE];
data/dns-flood-detector-1.20/dns_flood_detector.c:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st_time[10];
data/dns-flood-detector-1.20/dns_flood_detector.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[MAXHEAD];
data/dns-flood-detector-1.20/dns_flood_detector.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datalet[MAXDATALET];
data/dns-flood-detector-1.20/dns_flood_detector.c:227:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff,head,strlen(head));
data/dns-flood-detector-1.20/dns_flood_detector.c:244:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff+buffhead,datalet,dlen);
data/dns-flood-detector-1.20/dns_flood_detector.c:264:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff,head,strlen(head));
data/dns-flood-detector-1.20/dns_flood_detector.c:270:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff+buffhead,datalet,dlen);
data/dns-flood-detector-1.20/dns_flood_detector.c:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st_time[10];
data/dns-flood-detector-1.20/dns_flood_detector.c:570:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dname[NS_MAXDNAME]="";
data/dns-flood-detector-1.20/dns_flood_detector.c:706:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/dns-flood-detector-1.20/dns_flood_detector.c:720:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( ( name = (char *)strdup(argv[0]) ) == NULL) malloc_fail("name", strlen(argv[0]) );
data/dns-flood-detector-1.20/dns_flood_detector.c:737:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( abs (atoi(optarg)) > 0) {
data/dns-flood-detector-1.20/dns_flood_detector.c:738:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
option_t = abs( atoi(optarg));
data/dns-flood-detector-1.20/dns_flood_detector.c:744:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( abs (atoi(optarg)) > 10) {
data/dns-flood-detector-1.20/dns_flood_detector.c:745:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
option_a = abs( atoi(optarg));
data/dns-flood-detector-1.20/dns_flood_detector.c:751:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( abs (atoi(optarg)) > 1) {
data/dns-flood-detector-1.20/dns_flood_detector.c:752:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
option_w = abs( atoi(optarg));
data/dns-flood-detector-1.20/dns_flood_detector.c:758:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( abs (atoi(optarg)) > 10) {
data/dns-flood-detector-1.20/dns_flood_detector.c:759:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
option_x = abs( atoi(optarg));
data/dns-flood-detector-1.20/dns_flood_detector.c:765:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( abs (atoi(optarg)) > 0) {
data/dns-flood-detector-1.20/dns_flood_detector.c:766:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
option_m = abs( atoi(optarg));
data/dns-flood-detector-1.20/dns_flood_detector.c:817:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
target_port = atoi(optarg);
data/dns-flood-detector-1.20/dns_flood_detector.c:989:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open("/dev/null",O_RDWR);
data/dns-flood-detector-1.20/dns_flood_detector.c:218:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int netsize = MAXMESSAGE - strlen(head) - strlen(tail);
data/dns-flood-detector-1.20/dns_flood_detector.c:218:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int netsize = MAXMESSAGE - strlen(head) - strlen(tail);
data/dns-flood-detector-1.20/dns_flood_detector.c:227:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buff,head,strlen(head));
data/dns-flood-detector-1.20/dns_flood_detector.c:228:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffhead = buffhead + strlen(head);
data/dns-flood-detector-1.20/dns_flood_detector.c:237:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(datalet);
data/dns-flood-detector-1.20/dns_flood_detector.c:254:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff+buffhead,tail, strlen(tail));
data/dns-flood-detector-1.20/dns_flood_detector.c:254:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(buff+buffhead,tail, strlen(tail));
data/dns-flood-detector-1.20/dns_flood_detector.c:258:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendto(sock,buff,strlen(buff)+1,0,(struct sockaddr *) &addr, addrlen);
data/dns-flood-detector-1.20/dns_flood_detector.c:264:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buff,head,strlen(head));
data/dns-flood-detector-1.20/dns_flood_detector.c:265:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffhead = strlen(head);
data/dns-flood-detector-1.20/dns_flood_detector.c:279:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( option_b == 0) && (buffhead>strlen(head)) ) {
data/dns-flood-detector-1.20/dns_flood_detector.c:285:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff+buffhead,tail,strlen(tail));
data/dns-flood-detector-1.20/dns_flood_detector.c:285:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(buff+buffhead,tail,strlen(tail));
data/dns-flood-detector-1.20/dns_flood_detector.c:288:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendto(sock,buff,strlen(buff)+1,0,(struct sockaddr *) &addr, addrlen);
data/dns-flood-detector-1.20/dns_flood_detector.c:720:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( name = (char *)strdup(argv[0]) ) == NULL) malloc_fail("name", strlen(argv[0]) );
data/dns-flood-detector-1.20/dns_flood_detector.c:732:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( dev = (char *)strdup(optarg) ) == NULL) malloc_fail("dev", strlen(optarg) );
data/dns-flood-detector-1.20/dns_flood_detector.c:773:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( dst_mask = (char *)strdup(optarg) ) == NULL) malloc_fail("filter mask", strlen(optarg) );
data/dns-flood-detector-1.20/dns_flood_detector.c:784:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( dst_addr = (char *)strdup(optarg) ) == NULL) malloc_fail("dest filter", strlen(optarg) );
data/dns-flood-detector-1.20/dns_flood_detector.c:900:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_size = strlen("port 53 ");
data/dns-flood-detector-1.20/dns_flood_detector.c:910:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( dst_addr = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_addr", strlen((char *)inet_ntoa(addr))+1 );
data/dns-flood-detector-1.20/dns_flood_detector.c:910:113: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( dst_addr = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_addr", strlen((char *)inet_ntoa(addr))+1 );
data/dns-flood-detector-1.20/dns_flood_detector.c:911:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst_addr,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr)));
data/dns-flood-detector-1.20/dns_flood_detector.c:911:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(dst_addr,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr)));
data/dns-flood-detector-1.20/dns_flood_detector.c:912:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst_addr[strlen((char *)inet_ntoa(addr))]='\0';
data/dns-flood-detector-1.20/dns_flood_detector.c:917:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( dst_mask = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_mask", strlen((char *)inet_ntoa(addr))+1 );
data/dns-flood-detector-1.20/dns_flood_detector.c:917:115: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( dst_mask = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_mask", strlen((char *)inet_ntoa(addr))+1 );
data/dns-flood-detector-1.20/dns_flood_detector.c:918:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst_mask,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr)));
data/dns-flood-detector-1.20/dns_flood_detector.c:918:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(dst_mask,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr)));
data/dns-flood-detector-1.20/dns_flood_detector.c:919:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst_mask[strlen((char *)inet_ntoa(addr))]='\0';
data/dns-flood-detector-1.20/dns_flood_detector.c:926:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dst_mask,"255.255.255.255",15);
data/dns-flood-detector-1.20/dns_flood_detector.c:930:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr);
data/dns-flood-detector-1.20/dns_flood_detector.c:930:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr);
data/dns-flood-detector-1.20/dns_flood_detector.c:930:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr);
data/dns-flood-detector-1.20/dns_flood_detector.c:1009:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
ANALYSIS SUMMARY:
Hits = 60
Lines analyzed = 1111 in approximately 0.05 seconds (23580 lines/second)
Physical Source Lines of Code (SLOC) = 737
Hits@level = [0] 59 [1] 34 [2] 25 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 119 [1+] 60 [2+] 26 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 161.465 [1+] 81.4111 [2+] 35.2782 [3+] 1.35685 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.