Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dns-flood-detector-1.20/dns_flood_detector.h Examining data/dns-flood-detector-1.20/dns_flood_detector.c FINAL RESULTS: data/dns-flood-detector-1.20/dns_flood_detector.c:724:9: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt(argc, argv,"i:t:a:w:x:m:A:M:QbdDvsh"); data/dns-flood-detector-1.20/dns_flood_detector.c:161:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[HOST_NAME_MAX]; data/dns-flood-detector-1.20/dns_flood_detector.c:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[MAXMESSAGE]; data/dns-flood-detector-1.20/dns_flood_detector.c:208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char st_time[10]; data/dns-flood-detector-1.20/dns_flood_detector.c:215:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char head[MAXHEAD]; data/dns-flood-detector-1.20/dns_flood_detector.c:223:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datalet[MAXDATALET]; data/dns-flood-detector-1.20/dns_flood_detector.c:227:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff,head,strlen(head)); data/dns-flood-detector-1.20/dns_flood_detector.c:244:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff+buffhead,datalet,dlen); data/dns-flood-detector-1.20/dns_flood_detector.c:264:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff,head,strlen(head)); data/dns-flood-detector-1.20/dns_flood_detector.c:270:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff+buffhead,datalet,dlen); data/dns-flood-detector-1.20/dns_flood_detector.c:302:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char st_time[10]; data/dns-flood-detector-1.20/dns_flood_detector.c:570:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dname[NS_MAXDNAME]=""; data/dns-flood-detector-1.20/dns_flood_detector.c:706:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PCAP_ERRBUF_SIZE]; data/dns-flood-detector-1.20/dns_flood_detector.c:720:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ( ( name = (char *)strdup(argv[0]) ) == NULL) malloc_fail("name", strlen(argv[0]) ); data/dns-flood-detector-1.20/dns_flood_detector.c:737:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( abs (atoi(optarg)) > 0) { data/dns-flood-detector-1.20/dns_flood_detector.c:738:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). option_t = abs( atoi(optarg)); data/dns-flood-detector-1.20/dns_flood_detector.c:744:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( abs (atoi(optarg)) > 10) { data/dns-flood-detector-1.20/dns_flood_detector.c:745:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). option_a = abs( atoi(optarg)); data/dns-flood-detector-1.20/dns_flood_detector.c:751:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( abs (atoi(optarg)) > 1) { data/dns-flood-detector-1.20/dns_flood_detector.c:752:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). option_w = abs( atoi(optarg)); data/dns-flood-detector-1.20/dns_flood_detector.c:758:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( abs (atoi(optarg)) > 10) { data/dns-flood-detector-1.20/dns_flood_detector.c:759:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). option_x = abs( atoi(optarg)); data/dns-flood-detector-1.20/dns_flood_detector.c:765:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( abs (atoi(optarg)) > 0) { data/dns-flood-detector-1.20/dns_flood_detector.c:766:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). option_m = abs( atoi(optarg)); data/dns-flood-detector-1.20/dns_flood_detector.c:817:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). target_port = atoi(optarg); data/dns-flood-detector-1.20/dns_flood_detector.c:989:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=open("/dev/null",O_RDWR); data/dns-flood-detector-1.20/dns_flood_detector.c:218:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int netsize = MAXMESSAGE - strlen(head) - strlen(tail); data/dns-flood-detector-1.20/dns_flood_detector.c:218:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int netsize = MAXMESSAGE - strlen(head) - strlen(tail); data/dns-flood-detector-1.20/dns_flood_detector.c:227:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buff,head,strlen(head)); data/dns-flood-detector-1.20/dns_flood_detector.c:228:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffhead = buffhead + strlen(head); data/dns-flood-detector-1.20/dns_flood_detector.c:237:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen = strlen(datalet); data/dns-flood-detector-1.20/dns_flood_detector.c:254:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buff+buffhead,tail, strlen(tail)); data/dns-flood-detector-1.20/dns_flood_detector.c:254:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(buff+buffhead,tail, strlen(tail)); data/dns-flood-detector-1.20/dns_flood_detector.c:258:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendto(sock,buff,strlen(buff)+1,0,(struct sockaddr *) &addr, addrlen); data/dns-flood-detector-1.20/dns_flood_detector.c:264:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buff,head,strlen(head)); data/dns-flood-detector-1.20/dns_flood_detector.c:265:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffhead = strlen(head); data/dns-flood-detector-1.20/dns_flood_detector.c:279:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( option_b == 0) && (buffhead>strlen(head)) ) { data/dns-flood-detector-1.20/dns_flood_detector.c:285:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buff+buffhead,tail,strlen(tail)); data/dns-flood-detector-1.20/dns_flood_detector.c:285:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(buff+buffhead,tail,strlen(tail)); data/dns-flood-detector-1.20/dns_flood_detector.c:288:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendto(sock,buff,strlen(buff)+1,0,(struct sockaddr *) &addr, addrlen); data/dns-flood-detector-1.20/dns_flood_detector.c:720:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( name = (char *)strdup(argv[0]) ) == NULL) malloc_fail("name", strlen(argv[0]) ); data/dns-flood-detector-1.20/dns_flood_detector.c:732:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( dev = (char *)strdup(optarg) ) == NULL) malloc_fail("dev", strlen(optarg) ); data/dns-flood-detector-1.20/dns_flood_detector.c:773:92: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( dst_mask = (char *)strdup(optarg) ) == NULL) malloc_fail("filter mask", strlen(optarg) ); data/dns-flood-detector-1.20/dns_flood_detector.c:784:92: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( dst_addr = (char *)strdup(optarg) ) == NULL) malloc_fail("dest filter", strlen(optarg) ); data/dns-flood-detector-1.20/dns_flood_detector.c:900:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f_size = strlen("port 53 "); data/dns-flood-detector-1.20/dns_flood_detector.c:910:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( dst_addr = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_addr", strlen((char *)inet_ntoa(addr))+1 ); data/dns-flood-detector-1.20/dns_flood_detector.c:910:113: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( dst_addr = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_addr", strlen((char *)inet_ntoa(addr))+1 ); data/dns-flood-detector-1.20/dns_flood_detector.c:911:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst_addr,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); data/dns-flood-detector-1.20/dns_flood_detector.c:911:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(dst_addr,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); data/dns-flood-detector-1.20/dns_flood_detector.c:912:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst_addr[strlen((char *)inet_ntoa(addr))]='\0'; data/dns-flood-detector-1.20/dns_flood_detector.c:917:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( dst_mask = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_mask", strlen((char *)inet_ntoa(addr))+1 ); data/dns-flood-detector-1.20/dns_flood_detector.c:917:115: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( dst_mask = (char *)malloc( strlen((char *)inet_ntoa(addr))+1) ) == NULL ) malloc_fail("dest_mask", strlen((char *)inet_ntoa(addr))+1 ); data/dns-flood-detector-1.20/dns_flood_detector.c:918:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst_mask,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); data/dns-flood-detector-1.20/dns_flood_detector.c:918:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(dst_mask,(char*)inet_ntoa(addr),strlen((char *)inet_ntoa(addr))); data/dns-flood-detector-1.20/dns_flood_detector.c:919:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst_mask[strlen((char *)inet_ntoa(addr))]='\0'; data/dns-flood-detector-1.20/dns_flood_detector.c:926:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(dst_mask,"255.255.255.255",15); data/dns-flood-detector-1.20/dns_flood_detector.c:930:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr); data/dns-flood-detector-1.20/dns_flood_detector.c:930:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr); data/dns-flood-detector-1.20/dns_flood_detector.c:930:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f_size = strlen("port 53 and dst net mask ")+ strlen(dst_mask)+ strlen(dst_addr); data/dns-flood-detector-1.20/dns_flood_detector.c:1009:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0); ANALYSIS SUMMARY: Hits = 60 Lines analyzed = 1111 in approximately 0.05 seconds (23580 lines/second) Physical Source Lines of Code (SLOC) = 737 Hits@level = [0] 59 [1] 34 [2] 25 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 119 [1+] 60 [2+] 26 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 161.465 [1+] 81.4111 [2+] 35.2782 [3+] 1.35685 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.