Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dnshistory-1.3/src/db_dnshistory.c Examining data/dnshistory-1.3/src/db_dnshistory.h Examining data/dnshistory-1.3/src/messages.c Examining data/dnshistory-1.3/src/messages.h Examining data/dnshistory-1.3/src/xmalloc.c Examining data/dnshistory-1.3/src/xmalloc.h Examining data/dnshistory-1.3/src/error.h Examining data/dnshistory-1.3/src/common.h Examining data/dnshistory-1.3/src/config.h Examining data/dnshistory-1.3/src/options.c Examining data/dnshistory-1.3/src/dnshistory.c Examining data/dnshistory-1.3/src/dnshistory.h Examining data/dnshistory-1.3/src/regexp.c Examining data/dnshistory-1.3/src/regexp.h FINAL RESULTS: data/dnshistory-1.3/src/dnshistory.c:515:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) + 1)]); data/dnshistory-1.3/src/dnshistory.c:525:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[(LF_IPTABLES_ADDRESS_DST * 2)]); data/dnshistory-1.3/src/dnshistory.c:528:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) + 1)]); data/dnshistory-1.3/src/dnshistory.c:547:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((position_address * 2) + 1)]); data/dnshistory-1.3/src/messages.h:47:67: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define VPRINT(level, message, ...) if (g_verbosity >= (level)) { printf((message), __VA_ARGS__); } data/dnshistory-1.3/src/messages.h:48:87: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ERRVPRINT(level, message, ...) fflush (stdout); if (g_verbosity >= (level)) { fprintf(stderr, (message), __VA_ARGS__); } data/dnshistory-1.3/src/options.c:204:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(optarg, "%s", log_type); data/dnshistory-1.3/src/options.c:194:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt_long(argc, argv, short_options, long_options, &option_index); data/dnshistory-1.3/src/common.h:57:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/dnshistory-1.3/src/common.h:57:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/dnshistory-1.3/src/common.h:58:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/dnshistory-1.3/src/db_dnshistory.c:90:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rtn_db = (*db_ptr)->open(*db_ptr, NULL, db_dirfilename, NULL, DB_BTREE, flags, DB_PERMISSIONS); data/dnshistory-1.3/src/dnshistory.c:165:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char g_db_dirfilename[MAX_FILENAME_LENGTH] = DATABASE; /* File name for the Database */ data/dnshistory-1.3/src/dnshistory.c:250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_primary[BUFSIZE]; /* Primary log buffer */ data/dnshistory-1.3/src/dnshistory.c:252:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_recombine[BUFSIZE]; /* Recombine log buffer */ data/dnshistory-1.3/src/dnshistory.c:254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_tmp_output[BUFSIZE]; /* Temporary buffer for output displaying */ data/dnshistory-1.3/src/dnshistory.c:263:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_address[NI_MAXHOST]; /* IP Addresses */ data/dnshistory-1.3/src/dnshistory.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_address2[NI_MAXHOST]; /* IP Addresses for iptables lookups */ data/dnshistory-1.3/src/dnshistory.c:265:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_previous_address[NI_MAXHOST]; /* Previous IP Addresses */ data/dnshistory-1.3/src/dnshistory.c:266:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_fqdn[NI_MAXHOST] = ""; /* Retrieved FQDN Address */ data/dnshistory-1.3/src/dnshistory.c:267:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_fqdn2[NI_MAXHOST] = ""; /* Retrieved FQDN Address for iptables lookups */ data/dnshistory-1.3/src/dnshistory.c:270:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_time[SIZE_DATE_TIME]; /* String to hold the current time out of the current log line */ data/dnshistory-1.3/src/dnshistory.c:271:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_time_raw[SIZE_DATE_TIME]; data/dnshistory-1.3/src/dnshistory.c:272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char access_size_raw[25]; data/dnshistory-1.3/src/dnshistory.c:273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char access_size_recombine[25]; data/dnshistory-1.3/src/dnshistory.c:278:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_address_recombine[NI_MAXHOST]; /* Recombined Addresses - should be FQDN or raw IP Address */ data/dnshistory-1.3/src/dnshistory.c:1474:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_address[INET_ADDRSTRLEN]; /* Temp holder for displaying IP Address to lookup */ data/dnshistory-1.3/src/dnshistory.c:1493:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dns_rec_ptr->date_last, idx_ptr, size); data/dnshistory-1.3/src/dnshistory.c:1497:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nbr_items, idx_ptr, size); data/dnshistory-1.3/src/dnshistory.c:1521:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new_dns_rec->date_set, idx_ptr, size); data/dnshistory-1.3/src/dnshistory.c:1526:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_dns_rec->fqdn, idx_ptr, size); data/dnshistory-1.3/src/dnshistory.c:1566:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_address[INET_ADDRSTRLEN]; /* VPRINT buffer only! */ data/dnshistory-1.3/src/dnshistory.c:1591:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(idx_ptr, &dns_rec_ptr->date_last, size); data/dnshistory-1.3/src/dnshistory.c:1595:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(idx_ptr, &nbr_items, size); data/dnshistory-1.3/src/dnshistory.c:1602:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(idx_ptr, &list_ptr->date_set, size); data/dnshistory-1.3/src/dnshistory.c:1608:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(idx_ptr, &list_ptr->fqdn, size); data/dnshistory-1.3/src/dnshistory.c:1634:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_address[INET_ADDRSTRLEN]; /* Print buffer for converting stored IPAddresses to Normal w.x.y.z */ data/dnshistory-1.3/src/dnshistory.c:1643:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dnsrec.date_last, idx_ptr, size); data/dnshistory-1.3/src/dnshistory.c:1647:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nbr_items, idx_ptr, size); data/dnshistory-1.3/src/dnshistory.c:1660:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dnslist_rec.date_set, idx_ptr, size); data/dnshistory-1.3/src/dnshistory.c:1665:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dnslist_rec.fqdn, idx_ptr, size); data/dnshistory-1.3/src/dnshistory.c:1740:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZE]; data/dnshistory-1.3/src/dnshistory.c:1742:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_address[INET_ADDRSTRLEN]; /* Print buffer for converting stored IPAddresses to Normal w.x.y.z */ data/dnshistory-1.3/src/dnshistory.c:1756:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). import_file = fopen(g_import_filename, "r"); data/dnshistory-1.3/src/dnshistory.c:2024:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_regexp_clf[MAX_RE_LENGTH] = PATTERN_CLF; data/dnshistory-1.3/src/dnshistory.c:2025:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_regexp_xferlog[MAX_RE_LENGTH] = PATTERN_XFERLOG; data/dnshistory-1.3/src/dnshistory.c:2026:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_regexp_squid[MAX_RE_LENGTH] = PATTERN_SQUID; data/dnshistory-1.3/src/dnshistory.c:2027:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_regexp_combined_enhanced[MAX_RE_LENGTH] = PATTERN_COMBINED_ENHANCED; data/dnshistory-1.3/src/dnshistory.c:2028:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_regexp_iptables[MAX_RE_LENGTH] = PATTERN_IPTABLES; data/dnshistory-1.3/src/dnshistory.c:2029:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_regexp_syslog[MAX_RE_LENGTH] = PATTERN_SYSLOG; data/dnshistory-1.3/src/dnshistory.h:135:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fqdn[NI_MAXHOST]; /* the complete name */ data/dnshistory-1.3/src/dnshistory.h:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char decomp_buf[DECOMP_BUFSIZE]; data/dnshistory-1.3/src/dnshistory.h:153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char regular_expression[MAX_RE_LENGTH]; /* Original Regular Expression */ data/dnshistory-1.3/src/dnshistory.h:171:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char g_db_dirfilename[MAX_FILENAME_LENGTH]; /* The name of the Database Directory Path/File to use for storage */ data/dnshistory-1.3/src/options.c:159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_type[20]; data/dnshistory-1.3/src/db_dnshistory.c:184:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). del_key.size = (strlen(key_val) + 1) * sizeof(char); data/dnshistory-1.3/src/dnshistory.c:340:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(recombine_pcre.regular_expression, PATTERN_COMBINED_ENHANCED, MAX_RE_LENGTH); data/dnshistory-1.3/src/dnshistory.c:379:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_length = (int) strlen(buffer_primary); data/dnshistory-1.3/src/dnshistory.c:408:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(main_pcre.regular_expression, PATTERN_XFERLOG, MAX_RE_LENGTH); data/dnshistory-1.3/src/dnshistory.c:414:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(main_pcre.regular_expression, PATTERN_SQUID, MAX_RE_LENGTH); data/dnshistory-1.3/src/dnshistory.c:420:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(main_pcre.regular_expression, PATTERN_CLF, MAX_RE_LENGTH); data/dnshistory-1.3/src/dnshistory.c:426:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(main_pcre.regular_expression, PATTERN_IPTABLES, MAX_RE_LENGTH); data/dnshistory-1.3/src/dnshistory.c:498:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str_previous_address, str_address, SIZE_ADDRESS); data/dnshistory-1.3/src/dnshistory.c:511:25: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) - 1) + 1]); data/dnshistory-1.3/src/dnshistory.c:519:25: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]); data/dnshistory-1.3/src/dnshistory.c:542:25: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]); data/dnshistory-1.3/src/dnshistory.c:563:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_recombine_length = (int) strlen(buffer_recombine); data/dnshistory-1.3/src/dnshistory.c:579:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str_previous_address, str_address, SIZE_ADDRESS); data/dnshistory-1.3/src/dnshistory.c:627:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). comp_ret = strncmp(str_time_raw, str_time, strlen(str_time)); data/dnshistory-1.3/src/dnshistory.c:653:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). comp_ret = strncmp(access_size_raw, access_size_recombine, strlen(access_size_raw)); data/dnshistory-1.3/src/dnshistory.c:680:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str_previous_address, str_address, SIZE_ADDRESS); data/dnshistory-1.3/src/dnshistory.c:921:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str_fqdn, list->fqdn, NI_MAXHOST); data/dnshistory-1.3/src/dnshistory.c:927:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str_fqdn, list->fqdn, NI_MAXHOST); data/dnshistory-1.3/src/dnshistory.c:997:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dnsrec->list->fqdn, str_fqdn, NI_MAXHOST); data/dnshistory-1.3/src/dnshistory.c:1024:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(list_next->fqdn, str_fqdn, NI_MAXHOST); data/dnshistory-1.3/src/dnshistory.c:1525:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = (strlen((char *) idx_ptr) + 1) * sizeof(char); data/dnshistory-1.3/src/dnshistory.c:1577:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data_size += (strlen(list_ptr->fqdn) + 1) * sizeof(char); data/dnshistory-1.3/src/dnshistory.c:1607:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = (strlen(list_ptr->fqdn) + 1) * sizeof(char); data/dnshistory-1.3/src/dnshistory.c:1664:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = (strlen((char *) idx_ptr) + 1) * sizeof(char); data/dnshistory-1.3/src/dnshistory.c:1679:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dnslist_rec.fqdn) > 0) { data/dnshistory-1.3/src/dnshistory.c:1791:22: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. rtn_sscanf = sscanf(buffer, "%15s ", (char *) &str_address); data/dnshistory-1.3/src/dnshistory.c:1818:26: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. rtn_sscanf = sscanf(buf_ptr2, " %lu,%1024s ", (unsigned long *) &new_dns_rec->date_set, (char *) &new_dns_rec->fqdn); data/dnshistory-1.3/src/dnshistory.c:1838:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(new_dns_rec->fqdn, STR_NONAME, strlen(new_dns_rec->fqdn)) == 0) { data/dnshistory-1.3/src/dnshistory.c:1941:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(fqdn); data/dnshistory-1.3/src/dnshistory.c:1968:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_length = (int) strlen(buffer); data/dnshistory-1.3/src/options.c:320:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(g_db_dirfilename, optarg, strlen(optarg) + 1); data/dnshistory-1.3/src/options.c:320:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(g_db_dirfilename, optarg, strlen(optarg) + 1); ANALYSIS SUMMARY: Hits = 87 Lines analyzed = 3841 in approximately 0.19 seconds (20180 lines/second) Physical Source Lines of Code (SLOC) = 2077 Hits@level = [0] 59 [1] 32 [2] 47 [3] 1 [4] 7 [5] 0 Hits@level+ = [0+] 146 [1+] 87 [2+] 55 [3+] 8 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 70.2937 [1+] 41.8873 [2+] 26.4805 [3+] 3.85171 [4+] 3.37025 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.