Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fprobe-1.1/src/fprobe.c
Examining data/fprobe-1.1/src/fprobe.h
Examining data/fprobe-1.1/src/netflow.c
Examining data/fprobe-1.1/src/netflow.h
Examining data/fprobe-1.1/src/hash.c
Examining data/fprobe-1.1/src/hash.h
Examining data/fprobe-1.1/src/mem.c
Examining data/fprobe-1.1/src/mem.h
Examining data/fprobe-1.1/src/my_getopt.c
Examining data/fprobe-1.1/src/my_getopt.h
Examining data/fprobe-1.1/src/my_log.c
Examining data/fprobe-1.1/src/my_log.h
Examining data/fprobe-1.1/src/common.h
Examining data/fprobe-1.1/src/my_inttypes.h
FINAL RESULTS:
data/fprobe-1.1/src/fprobe.c:483:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logbuf, buf);
data/fprobe-1.1/src/fprobe.c:510:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logbuf, buf);
data/fprobe-1.1/src/fprobe.c:517:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logbuf, buf);
data/fprobe-1.1/src/fprobe.c:1079:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " %s>", inet_ntoa(flow->sip));
data/fprobe-1.1/src/fprobe.c:1080:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logbuf, buf);
data/fprobe-1.1/src/fprobe.c:1081:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s P:%x", inet_ntoa(flow->dip), flow->proto);
data/fprobe-1.1/src/fprobe.c:1082:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logbuf, buf);
data/fprobe-1.1/src/fprobe.c:1124:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logbuf, buf);
data/fprobe-1.1/src/fprobe.c:1137:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logbuf, buf);
data/fprobe-1.1/src/fprobe.c:1143:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logbuf, buf);
data/fprobe-1.1/src/fprobe.c:1251:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errbuf, "[%s]", log_suffix);
data/fprobe-1.1/src/fprobe.c:1252:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ident, errbuf);
data/fprobe-1.1/src/fprobe.c:1263:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pidfilepath, "%s/%s.pid", PID_DIR, ident);
data/fprobe-1.1/src/fprobe.c:1404:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ident, errbuf);
data/fprobe-1.1/src/my_log.c:48:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, args);
data/fprobe-1.1/src/fprobe.c:1508:34: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chdir(parms[cflag].arg) || chroot(".")) {
data/fprobe-1.1/src/hash.c:79:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL) ^ getpid() ^ rnd);
data/fprobe-1.1/src/my_getopt.c:41:6: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt(argc, argv, optstring);
data/fprobe-1.1/src/fprobe.c:312:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ident[256] = "fprobe";
data/fprobe-1.1/src/fprobe.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/fprobe-1.1/src/fprobe.c:482:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %x H:%04x", (unsigned) flow, h);
data/fprobe-1.1/src/fprobe.c:509:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " => %x, flags: %x", (unsigned) flown, flown->flags);
data/fprobe-1.1/src/fprobe.c:516:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " +> %x", (unsigned) flown);
data/fprobe-1.1/src/fprobe.c:557:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logbuf," R");
data/fprobe-1.1/src/fprobe.c:829:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbuf[256];
data/fprobe-1.1/src/fprobe.c:874:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbuf[256];
data/fprobe-1.1/src/fprobe.c:974:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/fprobe-1.1/src/fprobe.c:975:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbuf[256];
data/fprobe-1.1/src/fprobe.c:981:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logbuf, "C: %d/%d", pkthdr->caplen, pkthdr->len);
data/fprobe-1.1/src/fprobe.c:991:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logbuf, " U");
data/fprobe-1.1/src/fprobe.c:1062:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logbuf, " F");
data/fprobe-1.1/src/fprobe.c:1115:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logbuf, " U");
data/fprobe-1.1/src/fprobe.c:1123:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %d>%d", ntohs(flow->sp), ntohs(flow->dp));
data/fprobe-1.1/src/fprobe.c:1136:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " TCP:%x", flow->tcp_flags);
data/fprobe-1.1/src/fprobe.c:1142:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " => %x", (unsigned) flow);
data/fprobe-1.1/src/fprobe.c:1182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE >= 128 ? PCAP_ERRBUF_SIZE : 128];
data/fprobe-1.1/src/fprobe.c:1222:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (parms[Sflag].count) snaplen = atoi(parms[Sflag].arg);
data/fprobe-1.1/src/fprobe.c:1224:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (parms[sflag].count) scan_interval = atoi(parms[sflag].arg);
data/fprobe-1.1/src/fprobe.c:1225:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (parms[gflag].count) frag_lifetime = atoi(parms[gflag].arg);
data/fprobe-1.1/src/fprobe.c:1226:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (parms[dflag].count) inactive_lifetime = atoi(parms[dflag].arg);
data/fprobe-1.1/src/fprobe.c:1227:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (parms[eflag].count) active_lifetime = atoi(parms[eflag].arg);
data/fprobe-1.1/src/fprobe.c:1229:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(parms[nflag].arg)) {
data/fprobe-1.1/src/fprobe.c:1246:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (parms[vflag].count) verbosity = atoi(parms[vflag].arg);
data/fprobe-1.1/src/fprobe.c:1255:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (*parms[lflag].arg) log_dest = atoi(parms[lflag].arg);
data/fprobe-1.1/src/fprobe.c:1265:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pending_queue_length = atoi(parms[qflag].arg);
data/fprobe-1.1/src/fprobe.c:1272:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
schedp.sched_priority = atoi(parms[rflag].arg);
data/fprobe-1.1/src/fprobe.c:1281:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sockbufsize = atoi(parms[Bflag].arg) << 10;
data/fprobe-1.1/src/fprobe.c:1283:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bulk_quantity = atoi(parms[bflag].arg);
data/fprobe-1.1/src/fprobe.c:1289:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (parms[mflag].count) memory_limit = atoi(parms[mflag].arg) << 10;
data/fprobe-1.1/src/fprobe.c:1305:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (parms[Kflag].count) link_layer_size = atoi(parms[Kflag].arg);
data/fprobe-1.1/src/fprobe.c:1403:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errbuf, "[%ld]", (long) pid);
data/fprobe-1.1/src/fprobe.c:1551:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(pidfile = fopen(pidfilepath, "w")))
data/fprobe-1.1/src/hash.c:73:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rnddev = fopen(RNDDEV, "r"))) {
data/fprobe-1.1/src/my_getopt.c:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char optstring[MY_GETOPT_MAX_OPTSTR];
data/fprobe-1.1/src/my_log.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/fprobe-1.1/src/my_log.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_prefix[64];
data/fprobe-1.1/src/fprobe.c:1258:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(pidfilepath = malloc(sizeof(PID_DIR) + 1 + strlen(ident) + 1 + 3 + 1))) {
ANALYSIS SUMMARY:
Hits = 57
Lines analyzed = 2769 in approximately 0.07 seconds (37494 lines/second)
Physical Source Lines of Code (SLOC) = 2177
Hits@level = [0] 25 [1] 1 [2] 38 [3] 3 [4] 15 [5] 0
Hits@level+ = [0+] 82 [1+] 57 [2+] 56 [3+] 18 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 37.6665 [1+] 26.1828 [2+] 25.7235 [3+] 8.26826 [4+] 6.89022 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.