Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dnshistory-1.3/src/db_dnshistory.c
Examining data/dnshistory-1.3/src/db_dnshistory.h
Examining data/dnshistory-1.3/src/messages.c
Examining data/dnshistory-1.3/src/messages.h
Examining data/dnshistory-1.3/src/xmalloc.c
Examining data/dnshistory-1.3/src/xmalloc.h
Examining data/dnshistory-1.3/src/error.h
Examining data/dnshistory-1.3/src/common.h
Examining data/dnshistory-1.3/src/config.h
Examining data/dnshistory-1.3/src/options.c
Examining data/dnshistory-1.3/src/dnshistory.c
Examining data/dnshistory-1.3/src/dnshistory.h
Examining data/dnshistory-1.3/src/regexp.c
Examining data/dnshistory-1.3/src/regexp.h
FINAL RESULTS:
data/dnshistory-1.3/src/dnshistory.c:515:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) + 1)]);
data/dnshistory-1.3/src/dnshistory.c:525:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[(LF_IPTABLES_ADDRESS_DST * 2)]);
data/dnshistory-1.3/src/dnshistory.c:528:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) + 1)]);
data/dnshistory-1.3/src/dnshistory.c:547:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer_tmp_output, buffer_primary + main_pcre.ovector[((position_address * 2) + 1)]);
data/dnshistory-1.3/src/messages.h:47:67: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define VPRINT(level, message, ...) if (g_verbosity >= (level)) { printf((message), __VA_ARGS__); }
data/dnshistory-1.3/src/messages.h:48:87: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ERRVPRINT(level, message, ...) fflush (stdout); if (g_verbosity >= (level)) { fprintf(stderr, (message), __VA_ARGS__); }
data/dnshistory-1.3/src/options.c:204:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(optarg, "%s", log_type);
data/dnshistory-1.3/src/options.c:194:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, short_options, long_options, &option_index);
data/dnshistory-1.3/src/common.h:57:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy ((s), (d), (n))
data/dnshistory-1.3/src/common.h:57:27: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy ((s), (d), (n))
data/dnshistory-1.3/src/common.h:58:28: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memmove(d, s, n) bcopy ((s), (d), (n))
data/dnshistory-1.3/src/db_dnshistory.c:90:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rtn_db = (*db_ptr)->open(*db_ptr, NULL, db_dirfilename, NULL, DB_BTREE, flags, DB_PERMISSIONS);
data/dnshistory-1.3/src/dnshistory.c:165:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_db_dirfilename[MAX_FILENAME_LENGTH] = DATABASE; /* File name for the Database */
data/dnshistory-1.3/src/dnshistory.c:250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_primary[BUFSIZE]; /* Primary log buffer */
data/dnshistory-1.3/src/dnshistory.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_recombine[BUFSIZE]; /* Recombine log buffer */
data/dnshistory-1.3/src/dnshistory.c:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_tmp_output[BUFSIZE]; /* Temporary buffer for output displaying */
data/dnshistory-1.3/src/dnshistory.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_address[NI_MAXHOST]; /* IP Addresses */
data/dnshistory-1.3/src/dnshistory.c:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_address2[NI_MAXHOST]; /* IP Addresses for iptables lookups */
data/dnshistory-1.3/src/dnshistory.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_previous_address[NI_MAXHOST]; /* Previous IP Addresses */
data/dnshistory-1.3/src/dnshistory.c:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_fqdn[NI_MAXHOST] = ""; /* Retrieved FQDN Address */
data/dnshistory-1.3/src/dnshistory.c:267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_fqdn2[NI_MAXHOST] = ""; /* Retrieved FQDN Address for iptables lookups */
data/dnshistory-1.3/src/dnshistory.c:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_time[SIZE_DATE_TIME]; /* String to hold the current time out of the current log line */
data/dnshistory-1.3/src/dnshistory.c:271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_time_raw[SIZE_DATE_TIME];
data/dnshistory-1.3/src/dnshistory.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char access_size_raw[25];
data/dnshistory-1.3/src/dnshistory.c:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char access_size_recombine[25];
data/dnshistory-1.3/src/dnshistory.c:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_address_recombine[NI_MAXHOST]; /* Recombined Addresses - should be FQDN or raw IP Address */
data/dnshistory-1.3/src/dnshistory.c:1474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_address[INET_ADDRSTRLEN]; /* Temp holder for displaying IP Address to lookup */
data/dnshistory-1.3/src/dnshistory.c:1493:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dns_rec_ptr->date_last, idx_ptr, size);
data/dnshistory-1.3/src/dnshistory.c:1497:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nbr_items, idx_ptr, size);
data/dnshistory-1.3/src/dnshistory.c:1521:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_dns_rec->date_set, idx_ptr, size);
data/dnshistory-1.3/src/dnshistory.c:1526:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_dns_rec->fqdn, idx_ptr, size);
data/dnshistory-1.3/src/dnshistory.c:1566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_address[INET_ADDRSTRLEN]; /* VPRINT buffer only! */
data/dnshistory-1.3/src/dnshistory.c:1591:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idx_ptr, &dns_rec_ptr->date_last, size);
data/dnshistory-1.3/src/dnshistory.c:1595:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idx_ptr, &nbr_items, size);
data/dnshistory-1.3/src/dnshistory.c:1602:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idx_ptr, &list_ptr->date_set, size);
data/dnshistory-1.3/src/dnshistory.c:1608:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idx_ptr, &list_ptr->fqdn, size);
data/dnshistory-1.3/src/dnshistory.c:1634:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_address[INET_ADDRSTRLEN]; /* Print buffer for converting stored IPAddresses to Normal w.x.y.z */
data/dnshistory-1.3/src/dnshistory.c:1643:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dnsrec.date_last, idx_ptr, size);
data/dnshistory-1.3/src/dnshistory.c:1647:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nbr_items, idx_ptr, size);
data/dnshistory-1.3/src/dnshistory.c:1660:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dnslist_rec.date_set, idx_ptr, size);
data/dnshistory-1.3/src/dnshistory.c:1665:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dnslist_rec.fqdn, idx_ptr, size);
data/dnshistory-1.3/src/dnshistory.c:1740:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/dnshistory-1.3/src/dnshistory.c:1742:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_address[INET_ADDRSTRLEN]; /* Print buffer for converting stored IPAddresses to Normal w.x.y.z */
data/dnshistory-1.3/src/dnshistory.c:1756:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
import_file = fopen(g_import_filename, "r");
data/dnshistory-1.3/src/dnshistory.c:2024:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_regexp_clf[MAX_RE_LENGTH] = PATTERN_CLF;
data/dnshistory-1.3/src/dnshistory.c:2025:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_regexp_xferlog[MAX_RE_LENGTH] = PATTERN_XFERLOG;
data/dnshistory-1.3/src/dnshistory.c:2026:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_regexp_squid[MAX_RE_LENGTH] = PATTERN_SQUID;
data/dnshistory-1.3/src/dnshistory.c:2027:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_regexp_combined_enhanced[MAX_RE_LENGTH] = PATTERN_COMBINED_ENHANCED;
data/dnshistory-1.3/src/dnshistory.c:2028:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_regexp_iptables[MAX_RE_LENGTH] = PATTERN_IPTABLES;
data/dnshistory-1.3/src/dnshistory.c:2029:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_regexp_syslog[MAX_RE_LENGTH] = PATTERN_SYSLOG;
data/dnshistory-1.3/src/dnshistory.h:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqdn[NI_MAXHOST]; /* the complete name */
data/dnshistory-1.3/src/dnshistory.h:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decomp_buf[DECOMP_BUFSIZE];
data/dnshistory-1.3/src/dnshistory.h:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regular_expression[MAX_RE_LENGTH]; /* Original Regular Expression */
data/dnshistory-1.3/src/dnshistory.h:171:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char g_db_dirfilename[MAX_FILENAME_LENGTH]; /* The name of the Database Directory Path/File to use for storage */
data/dnshistory-1.3/src/options.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_type[20];
data/dnshistory-1.3/src/db_dnshistory.c:184:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
del_key.size = (strlen(key_val) + 1) * sizeof(char);
data/dnshistory-1.3/src/dnshistory.c:340:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(recombine_pcre.regular_expression, PATTERN_COMBINED_ENHANCED, MAX_RE_LENGTH);
data/dnshistory-1.3/src/dnshistory.c:379:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_length = (int) strlen(buffer_primary);
data/dnshistory-1.3/src/dnshistory.c:408:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(main_pcre.regular_expression, PATTERN_XFERLOG, MAX_RE_LENGTH);
data/dnshistory-1.3/src/dnshistory.c:414:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(main_pcre.regular_expression, PATTERN_SQUID, MAX_RE_LENGTH);
data/dnshistory-1.3/src/dnshistory.c:420:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(main_pcre.regular_expression, PATTERN_CLF, MAX_RE_LENGTH);
data/dnshistory-1.3/src/dnshistory.c:426:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(main_pcre.regular_expression, PATTERN_IPTABLES, MAX_RE_LENGTH);
data/dnshistory-1.3/src/dnshistory.c:498:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str_previous_address, str_address, SIZE_ADDRESS);
data/dnshistory-1.3/src/dnshistory.c:511:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((LF_IPTABLES_ADDRESS_DST * 2) - 1) + 1]);
data/dnshistory-1.3/src/dnshistory.c:519:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]);
data/dnshistory-1.3/src/dnshistory.c:542:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer_tmp_output, buffer_primary, main_pcre.ovector[((position_address * 2) - 1) + 1]);
data/dnshistory-1.3/src/dnshistory.c:563:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_recombine_length = (int) strlen(buffer_recombine);
data/dnshistory-1.3/src/dnshistory.c:579:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str_previous_address, str_address, SIZE_ADDRESS);
data/dnshistory-1.3/src/dnshistory.c:627:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comp_ret = strncmp(str_time_raw, str_time, strlen(str_time));
data/dnshistory-1.3/src/dnshistory.c:653:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comp_ret = strncmp(access_size_raw, access_size_recombine, strlen(access_size_raw));
data/dnshistory-1.3/src/dnshistory.c:680:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str_previous_address, str_address, SIZE_ADDRESS);
data/dnshistory-1.3/src/dnshistory.c:921:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str_fqdn, list->fqdn, NI_MAXHOST);
data/dnshistory-1.3/src/dnshistory.c:927:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str_fqdn, list->fqdn, NI_MAXHOST);
data/dnshistory-1.3/src/dnshistory.c:997:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dnsrec->list->fqdn, str_fqdn, NI_MAXHOST);
data/dnshistory-1.3/src/dnshistory.c:1024:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(list_next->fqdn, str_fqdn, NI_MAXHOST);
data/dnshistory-1.3/src/dnshistory.c:1525:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (strlen((char *) idx_ptr) + 1) * sizeof(char);
data/dnshistory-1.3/src/dnshistory.c:1577:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_size += (strlen(list_ptr->fqdn) + 1) * sizeof(char);
data/dnshistory-1.3/src/dnshistory.c:1607:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (strlen(list_ptr->fqdn) + 1) * sizeof(char);
data/dnshistory-1.3/src/dnshistory.c:1664:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (strlen((char *) idx_ptr) + 1) * sizeof(char);
data/dnshistory-1.3/src/dnshistory.c:1679:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dnslist_rec.fqdn) > 0) {
data/dnshistory-1.3/src/dnshistory.c:1791:22: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
rtn_sscanf = sscanf(buffer, "%15s ", (char *) &str_address);
data/dnshistory-1.3/src/dnshistory.c:1818:26: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
rtn_sscanf = sscanf(buf_ptr2, " %lu,%1024s ", (unsigned long *) &new_dns_rec->date_set, (char *) &new_dns_rec->fqdn);
data/dnshistory-1.3/src/dnshistory.c:1838:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(new_dns_rec->fqdn, STR_NONAME, strlen(new_dns_rec->fqdn)) == 0) {
data/dnshistory-1.3/src/dnshistory.c:1941:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(fqdn);
data/dnshistory-1.3/src/dnshistory.c:1968:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_length = (int) strlen(buffer);
data/dnshistory-1.3/src/options.c:320:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(g_db_dirfilename, optarg, strlen(optarg) + 1);
data/dnshistory-1.3/src/options.c:320:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(g_db_dirfilename, optarg, strlen(optarg) + 1);
ANALYSIS SUMMARY:
Hits = 87
Lines analyzed = 3841 in approximately 0.19 seconds (20180 lines/second)
Physical Source Lines of Code (SLOC) = 2077
Hits@level = [0] 59 [1] 32 [2] 47 [3] 1 [4] 7 [5] 0
Hits@level+ = [0+] 146 [1+] 87 [2+] 55 [3+] 8 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 70.2937 [1+] 41.8873 [2+] 26.4805 [3+] 3.85171 [4+] 3.37025 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.