Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/hunt-1.5/addpolicy.c Examining data/hunt-1.5/arphijack.c Examining data/hunt-1.5/arpspoof.c Examining data/hunt-1.5/hijack.c Examining data/hunt-1.5/macdisc.c Examining data/hunt-1.5/menu.c Examining data/hunt-1.5/options.c Examining data/hunt-1.5/resolv.c Examining data/hunt-1.5/rst.c Examining data/hunt-1.5/rstd.c Examining data/hunt-1.5/sniff.c Examining data/hunt-1.5/synchijack.c Examining data/hunt-1.5/tap.c Examining data/hunt-1.5/tty.c Examining data/hunt-1.5/util.c Examining data/hunt-1.5/c/list.c Examining data/hunt-1.5/c/list.h Examining data/hunt-1.5/c/spinlock.h Examining data/hunt-1.5/c/hash.h Examining data/hunt-1.5/c/hash.c Examining data/hunt-1.5/c/array.h Examining data/hunt-1.5/c/array.c Examining data/hunt-1.5/timer.c Examining data/hunt-1.5/tpserv/tpserv.c Examining data/hunt-1.5/pktrelay.c Examining data/hunt-1.5/hostup.c Examining data/hunt-1.5/hunt.c Examining data/hunt-1.5/hunt.h Examining data/hunt-1.5/main.c Examining data/hunt-1.5/net.c FINAL RESULTS: data/hunt-1.5/addpolicy.c:79:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(host_buf, "%s/%d [%s]", host_lookup(api->src_addr, hl_mode), data/hunt-1.5/c/array.c:268:12: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. retval = vprintf(format, ap); data/hunt-1.5/c/hash.c:439:12: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. retval = vprintf(format, ap); data/hunt-1.5/c/list.c:421:12: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. retval = vprintf(format, ap); data/hunt-1.5/hunt.c:914:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. return sprintf(b, "%*s", where - pos, ""); data/hunt-1.5/hunt.c:953:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. b += sprintf(b, "%d) %s [%s]", i, data/hunt-1.5/hunt.c:958:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. b += sprintf(b, "%s [%s]\n", data/hunt-1.5/menu.c:37:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, dfl); data/hunt-1.5/menu.c:344:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. buf_p += sprintf(buf_p, "%s/%d", host_lookup(dfl_ip, hl_mode), count_mask(dfl_mask)); data/hunt-1.5/menu.c:491:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, dfl); data/hunt-1.5/menu.c:565:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(__label, "%s %s", label, str); data/hunt-1.5/options.c:224:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf_menu, data/hunt-1.5/pktrelay.c:225:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%d [%s]", host_lookup(ri->src_addr, hl_mode), data/hunt-1.5/pktrelay.c:232:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(flags, "ETH RELAY to %s", ri->ethtap_name); data/hunt-1.5/pktrelay.c:282:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name_buf2, name_buf); data/hunt-1.5/pktrelay.c:359:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name_buf2, name_buf); data/hunt-1.5/resolv.c:223:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(res->name, name); data/hunt-1.5/resolv.c:455:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((retval = hostname_buf + hostname_idx), name); data/hunt-1.5/resolv.c:527:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((retval = servname_buf + servname_idx), name); data/hunt-1.5/rstd.c:228:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%d [%s]", host_lookup(dbi->src_addr, hl_mode), data/hunt-1.5/sniff.c:132:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. b += sprintf(b, "%s for X ", str_srch_mode); data/hunt-1.5/sniff.c:133:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. b += sprintf(b, "log %s %dB", str_log_mode, si->log_bytes); data/hunt-1.5/sniff.c:135:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(host_buf, "%s/%d [%s]", host_lookup(si->src_addr, hl_mode), data/hunt-1.5/sniff.c:226:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name_buf, "%s/%s:%d_%s:%d", data/hunt-1.5/sniff.c:234:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file_name, file_name_buf); data/hunt-1.5/sniff.c:236:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s_%d", file_name_buf, ++i); data/hunt-1.5/sniff.c:508:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SNIFF_FILE_DIR " isn't directory\n"); data/hunt-1.5/sniff.c:514:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SNIFF_FILE_DIR " can't be created\n"); data/hunt-1.5/sniff.c:519:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SNIFF_FILE_DIR " error\n"); data/hunt-1.5/sniff.c:616:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(host_buf, "%s [%s]", data/hunt-1.5/sniff.c:690:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name, "%s/%s", SNIFF_FILE_DIR, file_name_buf); data/hunt-1.5/synchijack.c:145:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. msg_len = sprintf(buf, suggest_sync_msg(1), need_read); data/hunt-1.5/synchijack.c:245:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fin_msg, suggest_sync_msg(0)); data/hunt-1.5/tpserv/tpserv.c:71:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, va); data/hunt-1.5/tpserv/tpserv.c:74:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), format, va); data/hunt-1.5/tpserv/tpserv.c:86:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "from %s:%d", inet_ntoa(from_addr->sin_addr), ntohs(from_addr->sin_port)); data/hunt-1.5/tpserv/tpserv.c:87:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, " to %s:%d", inet_ntoa(to_addr->sin_addr), ntohs(to_addr->sin_port)); data/hunt-1.5/util.c:294:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. buf += sprintf(buf, "%s:%s ", data/hunt-1.5/util.c:300:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. buf += sprintf(buf, "%s ", port_lookup(ports[i], hl_mode)); data/hunt-1.5/c/array.c:282:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "vi:")) != -1) { data/hunt-1.5/c/hash.c:454:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "vi:")) != -1) { data/hunt-1.5/c/list.c:458:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "vi:")) != -1) { data/hunt-1.5/main.c:475:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "vVi:")) != EOF) { data/hunt-1.5/tpserv/tpserv.c:259:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "p:h?vVDc")) != EOF) { data/hunt-1.5/addpolicy.c:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_src_ports[BUFSIZE], buf_dst_ports[BUFSIZE]; data/hunt-1.5/addpolicy.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_buf[BUFSIZE]; data/hunt-1.5/addpolicy.c:126:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(api->src_ports, src_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/addpolicy.c:130:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(api->dst_ports, dst_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/addpolicy.c:162:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(api->src_ports, src_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/addpolicy.c:165:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(api->dst_ports, dst_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/arphijack.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/hunt-1.5/arpspoof.c:25:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_fake_mac[ETH_ALEN]; data/hunt-1.5/arpspoof.c:47:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac_broadcast[ETH_ALEN] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; data/hunt-1.5/arpspoof.c:48:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac_zero[ETH_ALEN] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; data/hunt-1.5/arpspoof.c:136:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->dst_mac, mi_dst->mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:146:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->src_mac, mi_src->mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:220:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->dst_mac, arpethh->ar_tha, ETH_ALEN); data/hunt-1.5/arpspoof.c:225:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->src_mac, arpethh->ar_sha, ETH_ALEN); data/hunt-1.5/arpspoof.c:251:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->dst_mac, arpethh->ar_sha, ETH_ALEN); data/hunt-1.5/arpspoof.c:409:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->dst_mac, dst_mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:413:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->src_mac, src_mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:442:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->src_fake_mac, src_fake_mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:444:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->dst_mac, dst_mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:449:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->src_mac, src_mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:743:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->src_mac, mi_src->mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:757:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->dst_mac, p->p_ethh->h_source, ETH_ALEN); data/hunt-1.5/arpspoof.c:779:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->p_ethh->h_dest, asi->src_mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:787:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->p_ethh->h_source, asi_dst->src_fake_mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:796:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->p_ethh->h_source, my_eth_mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:923:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/arpspoof.c:946:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/arpspoof.c:967:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src_fake_mac[ETH_ALEN]; data/hunt-1.5/arpspoof.c:970:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/arpspoof.c:1022:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src_fake_mac[ETH_ALEN]; data/hunt-1.5/arpspoof.c:1024:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/arpspoof.c:1051:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asr->src_fake_mac, src_fake_mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:1114:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src_fake_mac[ETH_ALEN] = {0xEA, 0x1A, 0xDE, 0xAD, 0xBE, 0xEF}; data/hunt-1.5/arpspoof.c:1115:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dst_fake_mac[ETH_ALEN] = {0xEA, 0x1A, 0xDE, 0xAD, 0xBE, 0xEE}; data/hunt-1.5/arpspoof.c:1117:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src_fake_mac[ETH_ALEN] = {0x00, 0x60, 0x08, 0xBE, 0x91, 0xEF}; data/hunt-1.5/arpspoof.c:1118:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dst_fake_mac[ETH_ALEN] = {0x00, 0x60, 0x08, 0xBE, 0x91, 0xEE}; data/hunt-1.5/arpspoof.c:1119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/arpspoof.c:1365:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(asi->dst_mac, mi_dst->mac, ETH_ALEN); data/hunt-1.5/arpspoof.c:1416:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac_buf[64]; data/hunt-1.5/c/array.c:288:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MAX_ITEMS = atoi(optarg); data/hunt-1.5/c/hash.c:460:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MAX_ITEMS = atoi(optarg); data/hunt-1.5/c/list.c:464:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MAX_ITEMS = atoi(optarg); data/hunt-1.5/hostup.c:235:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf_mac[BUFSIZE], fake_mac[ETH_ALEN]; data/hunt-1.5/hunt.c:91:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->p_raw, src->p_raw, src->p_raw_len); data/hunt-1.5/hunt.c:104:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->p_arg, src->p_arg, sizeof(src->p_arg)); data/hunt-1.5/hunt.c:339:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h_src->dst_mac, p->p_ethh->h_dest, ETH_ALEN); data/hunt-1.5/hunt.c:340:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h_src->src_mac, p->p_ethh->h_source, ETH_ALEN); data/hunt-1.5/hunt.c:347:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h_dst->dst_mac, h_src->src_mac, ETH_ALEN); data/hunt-1.5/hunt.c:348:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h_dst->src_mac, h_src->dst_mac, ETH_ALEN); data/hunt-1.5/hunt.c:416:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h_src->dst_mac, p->p_ethh->h_dest, ETH_ALEN); data/hunt-1.5/hunt.c:417:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h_src->src_mac, p->p_ethh->h_source, ETH_ALEN); data/hunt-1.5/hunt.c:731:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1024]; data/hunt-1.5/hunt.c:957:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. b += sprintf(b, " --> "); data/hunt-1.5/hunt.c:963:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. b += sprintf(b, " seq=(%u) ack=(%u)", data/hunt-1.5/hunt.c:966:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. b += sprintf(b, " seq=(%u) ack=(%u)\n", data/hunt-1.5/hunt.c:971:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. b += sprintf(b, " src mac="); data/hunt-1.5/hunt.c:974:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. b += sprintf(b, " src mac="); data/hunt-1.5/hunt.c:979:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. b += sprintf(b, " dst mac="); data/hunt-1.5/hunt.c:982:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. b += sprintf(b, " dst mac="); data/hunt-1.5/hunt.c:1008:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/hunt.h:61:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char my_eth_mac[ETH_ALEN]; data/hunt-1.5/hunt.h:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[4]; data/hunt-1.5/hunt.h:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_raw[ETH_FRAME_LEN]; /* 1514 */ data/hunt-1.5/hunt.h:154:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src_mac[ETH_ALEN]; data/hunt-1.5/hunt.h:155:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dst_mac[ETH_ALEN]; data/hunt-1.5/hunt.h:212:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src_fake_mac[ETH_ALEN]; data/hunt-1.5/hunt.h:213:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src_mac[ETH_ALEN]; data/hunt-1.5/hunt.h:214:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dst_mac[ETH_ALEN]; data/hunt-1.5/hunt.h:237:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */ data/hunt-1.5/hunt.h:238:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ar_sip[4]; /* sender IP address */ data/hunt-1.5/hunt.h:239:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ar_tha[ETH_ALEN]; /* target hardware address */ data/hunt-1.5/hunt.h:240:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ar_tip[4]; /* target IP address */ data/hunt-1.5/hunt.h:244:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[ETH_ALEN]; data/hunt-1.5/hunt.h:430:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char __suggest_mac[ETH_ALEN]; data/hunt-1.5/hunt.h:518:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char mac_broadcast[ETH_ALEN]; data/hunt-1.5/hunt.h:519:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char mac_zero[ETH_ALEN]; data/hunt-1.5/main.c:66:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uci, &arr_uci[i], sizeof(struct user_conn_info)); data/hunt-1.5/main.c:117:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[256]; data/hunt-1.5/main.c:154:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbuf, p->p_data, pbuf_len); data/hunt-1.5/main.c:233:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[256]; data/hunt-1.5/main.c:280:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char __src_fake_mac[ETH_ALEN] = {0xEA, 0x1A, 0xDE, 0xAD, 0xBE, 0xEF}; data/hunt-1.5/main.c:281:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char __dst_fake_mac[ETH_ALEN] = {0xEA, 0x1A, 0xDE, 0xAD, 0xBE, 0xEE}; data/hunt-1.5/main.c:284:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/menu.c:103:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret_ports, ports, sizeof(int) * count); data/hunt-1.5/menu.c:175:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[ETH_ALEN]; data/hunt-1.5/menu.c:194:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mac_ret, mac, ETH_ALEN); data/hunt-1.5/menu.c:218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], __dfl_buf[64], *dfl_buf; data/hunt-1.5/menu.c:228:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(__dfl_buf, "%d", dfl); data/hunt-1.5/menu.c:242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/menu.c:251:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mac_ret, my_eth_mac, ETH_ALEN); data/hunt-1.5/menu.c:261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/hunt-1.5/menu.c:276:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/menu.c:289:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/hunt-1.5/menu.c:332:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret_ports, ports, sizeof(ports)); data/hunt-1.5/menu.c:341:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dfl[256], *buf_p; data/hunt-1.5/menu.c:408:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/hunt-1.5/menu.c:474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/menu.c:499:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret_buf, buf, min_len); data/hunt-1.5/menu.c:554:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __label[128], *lbl; data/hunt-1.5/menu.c:555:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/hunt-1.5/menu.c:556:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __buf_dfl[2], *buf_dfl; data/hunt-1.5/net.c:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048], *data; data/hunt-1.5/net.c:49:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->h_dest, ts->dst_mac, ETH_ALEN); data/hunt-1.5/net.c:50:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->h_source, ts->src_mac, ETH_ALEN); data/hunt-1.5/net.c:58:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, ts->data, ts->data_len); data/hunt-1.5/net.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048], *data; data/hunt-1.5/net.c:112:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->h_dest, is->dst_mac, ETH_ALEN); data/hunt-1.5/net.c:113:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->h_source, is->src_mac, ETH_ALEN); data/hunt-1.5/net.c:125:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, is->data, is->data_len); data/hunt-1.5/net.c:213:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/hunt-1.5/net.c:224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->h_dest, as->dst_mac, ETH_ALEN); data/hunt-1.5/net.c:225:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->h_source, as->src_mac, ETH_ALEN); data/hunt-1.5/net.c:236:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arpeth->ar_sha, as->sender_mac, ETH_ALEN); data/hunt-1.5/net.c:240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arpeth->ar_tha, as->target_mac, ETH_ALEN); data/hunt-1.5/net.c:294:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_mac[6] = {0x00, 0x60, 0x97, 0x75, 0xA4, 0xA4}; data/hunt-1.5/net.c:295:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_mac[6] = {0x00, 0x60, 0x97, 0x72, 0x4E, 0xB5}; data/hunt-1.5/net.c:296:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sender[6] = {0xEA, 0x1A, 0xDE, 0xAD, 0xBE, 0xEF}; data/hunt-1.5/options.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/hunt-1.5/options.c:51:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf_mac[ETH_ALEN]; data/hunt-1.5/options.c:56:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__suggest_mac, buf_mac, sizeof(buf_mac)); data/hunt-1.5/options.c:216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_menu[2048]; data/hunt-1.5/options.c:217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_mac[128]; data/hunt-1.5/pktrelay.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ethtap_mac[ETH_ALEN]; data/hunt-1.5/pktrelay.c:145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/hunt-1.5/pktrelay.c:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p_new->p_ethh->h_dest, ri->ethtap_mac, ETH_ALEN); data/hunt-1.5/pktrelay.c:179:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + len, &hdr, sizeof(struct ethhdr)); data/hunt-1.5/pktrelay.c:182:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + len, p->p_raw + sizeof(struct ethhdr), p->p_raw_len - sizeof(struct ethhdr)); data/hunt-1.5/pktrelay.c:219:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_src_ports[BUFSIZE], buf_dst_ports[BUFSIZE]; data/hunt-1.5/pktrelay.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/pktrelay.c:221:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[BUFSIZE]; data/hunt-1.5/pktrelay.c:229:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(flags, "DROP"); data/hunt-1.5/pktrelay.c:263:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_buf[128], name_buf2[256]; data/hunt-1.5/pktrelay.c:264:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ethtap_mac[ETH_ALEN]; data/hunt-1.5/pktrelay.c:281:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name_buf2, "/dev/"); data/hunt-1.5/pktrelay.c:283:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ethtap_fd = open(name_buf2, O_RDWR)) < 0) { data/hunt-1.5/pktrelay.c:295:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ri->src_ports, src_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/pktrelay.c:299:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ri->dst_ports, dst_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/pktrelay.c:308:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ri->ethtap_mac, ethtap_mac, ETH_ALEN); data/hunt-1.5/pktrelay.c:322:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_buf[128], name_buf2[256]; data/hunt-1.5/pktrelay.c:358:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name_buf2, "/dev/"); data/hunt-1.5/pktrelay.c:360:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ethtap_fd = open(name_buf2, O_RDWR)) < 0) { data/hunt-1.5/pktrelay.c:372:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ri->src_ports, src_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/pktrelay.c:375:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ri->dst_ports, dst_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/resolv.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[0]; /* little trick, see later */ data/hunt-1.5/resolv.c:133:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/hunt-1.5/resolv.c:184:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/hunt-1.5/resolv.c:331:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/hunt-1.5/resolv.c:413:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hostname_buf[BUFSIZE] = {0}; data/hunt-1.5/resolv.c:497:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char servname_buf[BUFSIZE] = {0}; data/hunt-1.5/resolv.c:499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_buf[64]; data/hunt-1.5/resolv.c:520:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%d", ntohs(serv)); data/hunt-1.5/rstd.c:119:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__ci.src.src_mac, p->p_ethh->h_source, ETH_ALEN); data/hunt-1.5/rstd.c:120:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__ci.src.dst_mac, p->p_ethh->h_dest, ETH_ALEN); data/hunt-1.5/rstd.c:127:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__ci.dst.src_mac, right_arp_addr(p->p_ethh->h_dest), ETH_ALEN); data/hunt-1.5/rstd.c:128:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__ci.dst.dst_mac, spoofed_arp_addr(p->p_ethh->h_source), ETH_ALEN); data/hunt-1.5/rstd.c:130:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__ci.dst.src_mac, p->p_ethh->h_dest, ETH_ALEN); data/hunt-1.5/rstd.c:131:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__ci.dst.dst_mac, p->p_ethh->h_source, ETH_ALEN); data/hunt-1.5/rstd.c:222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_src_ports[BUFSIZE], buf_dst_ports[BUFSIZE]; data/hunt-1.5/rstd.c:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/rstd.c:282:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dbi->src_ports, src_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/rstd.c:286:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dbi->dst_ports, dst_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/rstd.c:331:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dbi->src_ports, src_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/rstd.c:334:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dbi->dst_ports, dst_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/sniff.c:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_src_ports[BUFSIZE], buf_dst_ports[BUFSIZE]; data/hunt-1.5/sniff.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE], *b; data/hunt-1.5/sniff.c:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_buf[BUFSIZE]; data/hunt-1.5/sniff.c:217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[BUFSIZE], file_name_buf[BUFSIZE]; data/hunt-1.5/sniff.c:237:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(file_name, "w"))) { data/hunt-1.5/sniff.c:463:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&slog->buf[slog->loged_bytes], data, i); data/hunt-1.5/sniff.c:601:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_buf[BUFSIZE]; data/hunt-1.5/sniff.c:652:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE], *buf_p; data/hunt-1.5/sniff.c:653:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[BUFSIZE], file_name_buf[BUFSIZE]; data/hunt-1.5/sniff.c:691:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(file_name, "a+"))) { data/hunt-1.5/sniff.c:706:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(si->src_ports, src_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/sniff.c:710:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(si->dst_ports, dst_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/sniff.c:717:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(si->search, buf_p, len); data/hunt-1.5/sniff.c:731:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE], *buf_p; data/hunt-1.5/sniff.c:781:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(si->src_ports, src_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/sniff.c:784:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(si->dst_ports, dst_ports, sizeof(int) * (MAX_PORTS + 1)); data/hunt-1.5/sniff.c:791:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(si->search, buf_p, len); data/hunt-1.5/synchijack.c:126:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/hunt-1.5/synchijack.c:199:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1400]; data/hunt-1.5/synchijack.c:240:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/synchijack.c:241:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fin_msg[BUFSIZE]; data/hunt-1.5/synchijack.c:255:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, fin_msg, len); data/hunt-1.5/synchijack.c:266:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + len - fin_msg_len, fin_msg, fin_msg_len); data/hunt-1.5/synchijack.c:268:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, fin_msg + (fin_msg_len - len), len); data/hunt-1.5/synchijack.c:338:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512], *w_data; data/hunt-1.5/synchijack.c:382:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, p->p_data, len); data/hunt-1.5/tap.c:36:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char my_eth_mac[ETH_ALEN]; data/hunt-1.5/tap.c:99:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(my_eth_mac, ifr.ifr_hwaddr.sa_data, ETH_ALEN); data/hunt-1.5/tap.c:133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mac, ifr.ifr_hwaddr.sa_data, ETH_ALEN); data/hunt-1.5/tpserv/tpserv.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/tpserv/tpserv.c:82:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUFSIZE]; data/hunt-1.5/tpserv/tpserv.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/tpserv/tpserv.c:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/hunt-1.5/util.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/hunt-1.5/util.c:61:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "\033[%d;4%d;3%dm", fg / 8, bg % 8, fg % 8); data/hunt-1.5/util.c:160:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. printf("%X ", ((unsigned char *)data)[i]); data/hunt-1.5/util.c:225:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(b, "%02X:%02X:%02X:%02X:%02X:%02X", data/hunt-1.5/util.c:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/hunt-1.5/util.c:288:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. buf += sprintf(buf, "all"); data/hunt-1.5/util.c:345:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char __suggest_mac[ETH_ALEN] = {0xEA, 0x1A, 0xDE, 0xAD, 0xBE, 0x00}; data/hunt-1.5/arphijack.c:60:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((nr = read(0, buf, sizeof(buf)))) { data/hunt-1.5/hijack.c:217:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmdbuf_len = strlen(cmdbuf); data/hunt-1.5/hunt.c:976:10: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. b += sprintf(b, "\n"); data/hunt-1.5/hunt.c:984:10: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. b += sprintf(b, "\n"); data/hunt-1.5/main.c:499:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(my_ifreq.ifr_name, eth_device, IFNAMSIZ); data/hunt-1.5/menu.c:27:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(label)) data/hunt-1.5/menu.c:346:12: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. buf_p += sprintf(buf_p, " "); data/hunt-1.5/menu.c:395:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(menucc_label)) data/hunt-1.5/menu.c:481:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(label)) data/hunt-1.5/menu.c:495:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/hunt-1.5/menu.c:522:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("%*s", strlen(head) + 9, " "); data/hunt-1.5/menu.c:547:2: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/hunt-1.5/net.c:85:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(spkt.sa_data, eth_device, sizeof(spkt.sa_data)); data/hunt-1.5/net.c:151:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(spkt.sa_data, eth_device, sizeof(spkt.sa_data)); data/hunt-1.5/net.c:246:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(spkt.sa_data, eth_device, sizeof(spkt.sa_data)); data/hunt-1.5/net.c:274:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(spkt.sa_data, eth_device, sizeof(spkt.sa_data)); data/hunt-1.5/resolv.c:152:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, &r, sizeof(struct res)) == sizeof(struct res)) { data/hunt-1.5/resolv.c:154:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, buf, r.name_len) != r.name_len) data/hunt-1.5/resolv.c:205:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, &req, sizeof(struct req)) == sizeof(struct req)) { data/hunt-1.5/resolv.c:222:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res->name_len = strlen(name) + 1; data/hunt-1.5/resolv.c:335:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(sl->s_fd, buf, sizeof(struct res)) == sizeof(struct res)) { data/hunt-1.5/resolv.c:337:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(sl->s_fd, res + 1, res->name_len); data/hunt-1.5/resolv.c:395:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &req, sizeof(struct req)) == sizeof(struct req)) { data/hunt-1.5/resolv.c:452:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/hunt-1.5/resolv.c:524:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/hunt-1.5/sniff.c:326:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_data = memfind(p->p_data, p->p_data_len, si->search, strlen(si->search)); data/hunt-1.5/sniff.c:714:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf_p) + 1; data/hunt-1.5/sniff.c:788:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf_p) + 1; data/hunt-1.5/synchijack.c:246:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fin_msg_len = strlen(fin_msg); data/hunt-1.5/tap.c:58:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, device, IFNAMSIZ); data/hunt-1.5/tap.c:118:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, ifc_name, IFNAMSIZ); data/hunt-1.5/tpserv/tpserv.c:139:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((len = read(fd, buf, sizeof(buf))) > 0) { data/hunt-1.5/tpserv/tpserv.c:181:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((len = read(fd, buf, sizeof(buf))) > 0) { data/hunt-1.5/tpserv/tpserv.c:193:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((len = read(fd_remote, buf, sizeof(buf))) > 0) { data/hunt-1.5/util.c:252:4: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); ANALYSIS SUMMARY: Hits = 282 Lines analyzed = 12306 in approximately 0.34 seconds (35946 lines/second) Physical Source Lines of Code (SLOC) = 10275 Hits@level = [0] 227 [1] 35 [2] 203 [3] 5 [4] 39 [5] 0 Hits@level+ = [0+] 509 [1+] 282 [2+] 247 [3+] 44 [4+] 39 [5+] 0 Hits/KSLOC@level+ = [0+] 49.5377 [1+] 27.4453 [2+] 24.0389 [3+] 4.28224 [4+] 3.79562 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.