Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/fprobe-1.1/src/fprobe.c Examining data/fprobe-1.1/src/fprobe.h Examining data/fprobe-1.1/src/netflow.c Examining data/fprobe-1.1/src/netflow.h Examining data/fprobe-1.1/src/hash.c Examining data/fprobe-1.1/src/hash.h Examining data/fprobe-1.1/src/mem.c Examining data/fprobe-1.1/src/mem.h Examining data/fprobe-1.1/src/my_getopt.c Examining data/fprobe-1.1/src/my_getopt.h Examining data/fprobe-1.1/src/my_log.c Examining data/fprobe-1.1/src/my_log.h Examining data/fprobe-1.1/src/common.h Examining data/fprobe-1.1/src/my_inttypes.h FINAL RESULTS: data/fprobe-1.1/src/fprobe.c:483:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logbuf, buf); data/fprobe-1.1/src/fprobe.c:510:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logbuf, buf); data/fprobe-1.1/src/fprobe.c:517:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logbuf, buf); data/fprobe-1.1/src/fprobe.c:1079:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, " %s>", inet_ntoa(flow->sip)); data/fprobe-1.1/src/fprobe.c:1080:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logbuf, buf); data/fprobe-1.1/src/fprobe.c:1081:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s P:%x", inet_ntoa(flow->dip), flow->proto); data/fprobe-1.1/src/fprobe.c:1082:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logbuf, buf); data/fprobe-1.1/src/fprobe.c:1124:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logbuf, buf); data/fprobe-1.1/src/fprobe.c:1137:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logbuf, buf); data/fprobe-1.1/src/fprobe.c:1143:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logbuf, buf); data/fprobe-1.1/src/fprobe.c:1251:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errbuf, "[%s]", log_suffix); data/fprobe-1.1/src/fprobe.c:1252:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ident, errbuf); data/fprobe-1.1/src/fprobe.c:1263:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pidfilepath, "%s/%s.pid", PID_DIR, ident); data/fprobe-1.1/src/fprobe.c:1404:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ident, errbuf); data/fprobe-1.1/src/my_log.c:48:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msg, sizeof(msg), format, args); data/fprobe-1.1/src/fprobe.c:1508:34: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chdir(parms[cflag].arg) || chroot(".")) { data/fprobe-1.1/src/hash.c:79:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL) ^ getpid() ^ rnd); data/fprobe-1.1/src/my_getopt.c:41:6: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt(argc, argv, optstring); data/fprobe-1.1/src/fprobe.c:312:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ident[256] = "fprobe"; data/fprobe-1.1/src/fprobe.c:477:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/fprobe-1.1/src/fprobe.c:482:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " %x H:%04x", (unsigned) flow, h); data/fprobe-1.1/src/fprobe.c:509:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " => %x, flags: %x", (unsigned) flown, flown->flags); data/fprobe-1.1/src/fprobe.c:516:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " +> %x", (unsigned) flown); data/fprobe-1.1/src/fprobe.c:557:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(logbuf," R"); data/fprobe-1.1/src/fprobe.c:829:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logbuf[256]; data/fprobe-1.1/src/fprobe.c:874:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logbuf[256]; data/fprobe-1.1/src/fprobe.c:974:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/fprobe-1.1/src/fprobe.c:975:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logbuf[256]; data/fprobe-1.1/src/fprobe.c:981:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logbuf, "C: %d/%d", pkthdr->caplen, pkthdr->len); data/fprobe-1.1/src/fprobe.c:991:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(logbuf, " U"); data/fprobe-1.1/src/fprobe.c:1062:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(logbuf, " F"); data/fprobe-1.1/src/fprobe.c:1115:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(logbuf, " U"); data/fprobe-1.1/src/fprobe.c:1123:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " %d>%d", ntohs(flow->sp), ntohs(flow->dp)); data/fprobe-1.1/src/fprobe.c:1136:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " TCP:%x", flow->tcp_flags); data/fprobe-1.1/src/fprobe.c:1142:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " => %x", (unsigned) flow); data/fprobe-1.1/src/fprobe.c:1182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PCAP_ERRBUF_SIZE >= 128 ? PCAP_ERRBUF_SIZE : 128]; data/fprobe-1.1/src/fprobe.c:1222:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (parms[Sflag].count) snaplen = atoi(parms[Sflag].arg); data/fprobe-1.1/src/fprobe.c:1224:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (parms[sflag].count) scan_interval = atoi(parms[sflag].arg); data/fprobe-1.1/src/fprobe.c:1225:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (parms[gflag].count) frag_lifetime = atoi(parms[gflag].arg); data/fprobe-1.1/src/fprobe.c:1226:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (parms[dflag].count) inactive_lifetime = atoi(parms[dflag].arg); data/fprobe-1.1/src/fprobe.c:1227:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (parms[eflag].count) active_lifetime = atoi(parms[eflag].arg); data/fprobe-1.1/src/fprobe.c:1229:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(parms[nflag].arg)) { data/fprobe-1.1/src/fprobe.c:1246:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (parms[vflag].count) verbosity = atoi(parms[vflag].arg); data/fprobe-1.1/src/fprobe.c:1255:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (*parms[lflag].arg) log_dest = atoi(parms[lflag].arg); data/fprobe-1.1/src/fprobe.c:1265:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pending_queue_length = atoi(parms[qflag].arg); data/fprobe-1.1/src/fprobe.c:1272:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). schedp.sched_priority = atoi(parms[rflag].arg); data/fprobe-1.1/src/fprobe.c:1281:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sockbufsize = atoi(parms[Bflag].arg) << 10; data/fprobe-1.1/src/fprobe.c:1283:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bulk_quantity = atoi(parms[bflag].arg); data/fprobe-1.1/src/fprobe.c:1289:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (parms[mflag].count) memory_limit = atoi(parms[mflag].arg) << 10; data/fprobe-1.1/src/fprobe.c:1305:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (parms[Kflag].count) link_layer_size = atoi(parms[Kflag].arg); data/fprobe-1.1/src/fprobe.c:1403:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errbuf, "[%ld]", (long) pid); data/fprobe-1.1/src/fprobe.c:1551:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(pidfile = fopen(pidfilepath, "w"))) data/fprobe-1.1/src/hash.c:73:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((rnddev = fopen(RNDDEV, "r"))) { data/fprobe-1.1/src/my_getopt.c:28:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char optstring[MY_GETOPT_MAX_OPTSTR]; data/fprobe-1.1/src/my_log.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/fprobe-1.1/src/my_log.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_prefix[64]; data/fprobe-1.1/src/fprobe.c:1258:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(pidfilepath = malloc(sizeof(PID_DIR) + 1 + strlen(ident) + 1 + 3 + 1))) { ANALYSIS SUMMARY: Hits = 57 Lines analyzed = 2769 in approximately 0.07 seconds (37494 lines/second) Physical Source Lines of Code (SLOC) = 2177 Hits@level = [0] 25 [1] 1 [2] 38 [3] 3 [4] 15 [5] 0 Hits@level+ = [0+] 82 [1+] 57 [2+] 56 [3+] 18 [4+] 15 [5+] 0 Hits/KSLOC@level+ = [0+] 37.6665 [1+] 26.1828 [2+] 25.7235 [3+] 8.26826 [4+] 6.89022 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.