stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/etherwake-1.09/ether-wake.c

FINAL RESULTS:

data/etherwake-1.09/ether-wake.c:186:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(if_hwaddr.ifr_name, ifname);
data/etherwake-1.09/ether-wake.c:240:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(whereto.sa_data, ifname);
data/etherwake-1.09/ether-wake.c:128:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "bDi:p:uvV")) != -1)
data/etherwake-1.09/ether-wake.c:194:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(outpack+6, if_hwaddr.ifr_hwaddr.sa_data, 6);
data/etherwake-1.09/ether-wake.c:205:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(outpack+pktsize, wol_passwd, wol_passwd_sz);
data/etherwake-1.09/ether-wake.c:235:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(whereto.sll_addr, outpack, ETH_ALEN);
data/etherwake-1.09/ether-wake.c:316:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pkt, station_addr, 6);
data/etherwake-1.09/ether-wake.c:317:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pkt+6, station_addr, 6);
data/etherwake-1.09/ether-wake.c:326:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pkt+offset, station_addr, 6);
data/etherwake-1.09/ether-wake.c:223:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
data/etherwake-1.09/ether-wake.c:370:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy (sa.sa_data, interface, sizeof sa.sa_data);
data/etherwake-1.09/ether-wake.c:372:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy (sa.sa_data, interface, sizeof sa.sa_data);

ANALYSIS SUMMARY:

Hits = 12
Lines analyzed = 392 in approximately 0.03 seconds (13008 lines/second)
Physical Source Lines of Code (SLOC) = 290
Hits@level = [0]  23 [1]   3 [2]   6 [3]   1 [4]   2 [5]   0
Hits@level+ = [0+]  35 [1+]  12 [2+]   9 [3+]   3 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 120.69 [1+] 41.3793 [2+] 31.0345 [3+] 10.3448 [4+] 6.89655 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.