Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/alloc.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/alloc.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/alloc_re.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_0.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_1.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_2.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_get.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_put.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_read.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_write.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/byte.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/byte_chr.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/byte_copy.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/byte_cr.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/byte_diff.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/byte_rchr.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/byte_zero.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/case.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/case_diffb.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb_hash.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb_make.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb_make.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/check-ipsvd-cdb.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/check-tcpsvd.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/check-udpsvd.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/chkshsgr.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/coe.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/coe.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_dfd.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_domain.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_dtda.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_ip.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_ipq.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_mx.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_name.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_nd.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_packet.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_random.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_rcip.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_rcrw.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_resolve.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_sortip.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_txt.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/env.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/env.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/error.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/error.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/error_str.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/fd.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/fd_copy.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/fd_move.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/fifo.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/fifo.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/fmt.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/fmt_uint.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/fmt_uint0.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/fmt_ulong.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/gen_alloc.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/gen_allocdefs.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/iopause.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ip4.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ip4_scan.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd-cdb.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_check.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_check.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_hostname.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_hostname.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_log.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_log.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_phcc.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_phcc.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_scan.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_scan.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/lock.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/lock_ex.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/lock_exnb.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ndelay.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ndelay_off.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ndelay_on.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/open.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/open_append.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/open_read.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/open_trunc.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/open_write.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/openreadclose.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/openreadclose.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/pathexec.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/pathexec_env.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/pathexec_run.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/prot.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/prot.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/readclose.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/readclose.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/readwrite.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/scan.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/scan_ulong.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/seek.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/seek_set.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sgetopt.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sgetopt.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sig.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sig.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sig_block.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sig_catch.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sig_pause.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/socket.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/socket_bind.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/socket_conn.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/socket_tcp.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/socket_udp.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ssl_io.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/ssl_io.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sslerror_str.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sslerror_str.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sslio.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/sslsvd.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/str.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/str_chr.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/str_diff.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/str_len.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/str_start.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/stralloc.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/stralloc_cat.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/stralloc_catb.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/stralloc_cats.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/stralloc_copy.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/stralloc_eady.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/stralloc_opyb.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/stralloc_opys.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/stralloc_pend.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/strerr.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/strerr_die.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/strerr_sys.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/subgetopt.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/subgetopt.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tai.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tai_now.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tai_pack.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tai_sub.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tai_unpack.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/taia.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/taia_add.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/taia_approx.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/taia_frac.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/taia_less.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/taia_now.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/taia_pack.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/taia_sub.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/taia_uint.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tcpsvd.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/test.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/trycpp.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/trydrent.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tryflock.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/trymkffo.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/trypoll.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/trysgact.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/trysgprm.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tryshsgr.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/trysocketlib.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/trysysel.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tryulong32.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/tryulong64.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/trywaitp.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/udpsvd.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/uidgid.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/uidgid.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint16.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint16_pack.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint16_unpack.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint32_pack.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint32_unpack.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/wait.h
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/wait_nohang.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/wait_pid.c
Examining data/ipsvd-1.0.0/ipsvd-1.0.0/src/x86cpuid.c
FINAL RESULTS:
data/ipsvd-1.0.0/ipsvd-1.0.0/src/sgetopt.c:21:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt sgetoptmine
data/ipsvd-1.0.0/ipsvd-1.0.0/src/sgetopt.c:30:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc,const char *const *argv,const char *opts)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/sgetopt.h:7:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt sgetoptmine
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ssl_io.c:356:11: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(".") == -1) fatalm("unable to chroot");
data/ipsvd-1.0.0/ipsvd-1.0.0/src/sslio.c:42:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, argv, "u:U:/:C:K:A:cvV")) != opteof) {
data/ipsvd-1.0.0/ipsvd-1.0.0/src/tcpsvd.c:273:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, (const char **)argv,
data/ipsvd-1.0.0/ipsvd-1.0.0/src/tcpsvd.c:276:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, (const char **)argv,
data/ipsvd-1.0.0/ipsvd-1.0.0/src/udpsvd.c:173:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt =getopt(argc, argv, "vu:l:hpi:x:t:V")) != opteof) {
data/ipsvd-1.0.0/ipsvd-1.0.0/src/alloc.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { char irrelevant[ALIGNMENT]; double d; } aligned;
data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_0.c:11:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_0_space[BUFFER_INSIZE];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_1.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_1_space[BUFFER_OUTSIZE];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_2.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_2_space[256];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb_make.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb_make.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb_make.h:20:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bspace[8192];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb_make.h:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final[2048];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/check-ipsvd-cdb.c:10:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/check-ipsvd-cdb.c:11:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char e[256];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/check-tcpsvd.c:7:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/check-udpsvd.c:12:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns.h:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localip[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns.h:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtype[2];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_dfd.c:8:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[63];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_dfd.c:10:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_dtda.c:9:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_ip.c:9:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[12];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_mx.c:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[12];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_mx.c:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[2];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_name.c:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[12];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_name.c:38:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_name4(stralloc *out,const char ip[4])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_name.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DNS_NAME4_DOMAIN];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_nd.c:5:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dns_name4_domain(char name[DNS_NAME4_DOMAIN],const char ip[4])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_nd.c:5:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dns_name4_domain(char name[DNS_NAME4_DOMAIN],const char ip[4])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_packet.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_random.c:33:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dns_random_init(const char data[128])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_random.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpack[16];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_rcip.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int init(char ip[64])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_rcip.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ip[64]; /* defined if ok */
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_rcip.c:67:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_resolvconfip(char s[64])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_rcrw.c:13:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[256];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_resolve.c:8:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_resolve(const char *q,const char qtype[2])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_resolve.c:8:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_resolve(const char *q,const char qtype[2])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_resolve.c:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servers[64];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_sortip.c:10:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:13:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[12];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[12];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[12];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:196:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_start(struct dns_transmit *d,const char servers[64],int flagrecursive,const char *q,const char qtype[2],const char localip[4])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:196:94: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_start(struct dns_transmit *d,const char servers[64],int flagrecursive,const char *q,const char qtype[2],const char localip[4])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:196:108: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_start(struct dns_transmit *d,const char servers[64],int flagrecursive,const char *q,const char qtype[2],const char localip[4])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:196:128: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int dns_transmit_start(struct dns_transmit *d,const char servers[64],int flagrecursive,const char *q,const char qtype[2],const char localip[4])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char udpbuf[513];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_txt.c:9:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[12];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ip4_scan.c:4:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int ip4_scan(const char *s,char ip[4])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ip4_scan.c:4:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int ip4_scan(const char *s,char ip[4])
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_check.c:93:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[IP4_FMT];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.c:5:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int ipsvd_fmt_ip(char *s, char ip[4]) {
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.c:5:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int ipsvd_fmt_ip(char *s, char ip[4]) {
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.c:19:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int ipsvd_fmt_port(char *s, char port[2]) {
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.c:19:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int ipsvd_fmt_port(char *s, char port[2]) {
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.h:4:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned int ipsvd_fmt_ip(char *s, char ip[4]);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.h:4:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned int ipsvd_fmt_ip(char *s, char ip[4]);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.h:5:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned int ipsvd_fmt_port(char *s, char port[2]);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_fmt.h:5:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned int ipsvd_fmt_port(char *s, char port[2]);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ipsvd_phcc.c:5:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/open_append.c:8:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY | O_APPEND | O_CREAT,0600); }
data/ipsvd-1.0.0/ipsvd-1.0.0/src/open_read.c:8:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_RDONLY | O_NDELAY); }
data/ipsvd-1.0.0/ipsvd-1.0.0/src/open_trunc.c:8:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY | O_TRUNC | O_CREAT,0644); }
data/ipsvd-1.0.0/ipsvd-1.0.0/src/open_write.c:8:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return open(fn,O_WRONLY | O_NDELAY); }
data/ipsvd-1.0.0/ipsvd-1.0.0/src/sgetopt.c:43:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chp[2]; chp[0] = optproblem; chp[1] = '\n';
data/ipsvd-1.0.0/ipsvd-1.0.0/src/socket_bind.c:8:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_bind4(int s,char ip[4],uint16 port)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/socket_bind.c:20:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_bind4_reuse(int s,char ip[4],uint16 port)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/socket_conn.c:9:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_connect4(int s,const char ip[4],uint16 port)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ssl_io.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char id[FMT_ULONG];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ssl_io.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ul[FMT_ULONG];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ssl_io.h:6:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[FMT_ULONG];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ssl_io.h:7:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ul[FMT_ULONG];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/tcpsvd.c:62:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_ip[IP4_FMT];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/tcpsvd.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_ip[IP4_FMT];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/tcpsvd.c:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_port[FMT_ULONG];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/tcpsvd.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char seed[128];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/tcpsvd.c:73:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufnum[FMT_ULONG];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/tcpsvd.c:155:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *args[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/test.c:6:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/trypoll.c:11:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
x.fd = open("trypoll.c",O_RDONLY);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/udpsvd.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_ip[IP4_FMT];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/udpsvd.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_ip[IP4_FMT];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/udpsvd.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_port[FMT_ULONG];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/udpsvd.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char seed[128];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/udpsvd.c:56:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufnum[FMT_ULONG];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/udpsvd.c:92:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *args[4];
data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint16_pack.c:3:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint16_pack(char s[2],uint16 u)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint16_pack.c:9:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint16_pack_big(char s[2],uint16 u)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint16_unpack.c:3:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint16_unpack(const char s[2],uint16 *u)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint16_unpack.c:14:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint16_unpack_big(const char s[2],uint16 *u)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint32_pack.c:3:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint32_pack(char s[4],uint32 u)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint32_pack.c:13:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint32_pack_big(char s[4],uint32 u)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint32_unpack.c:3:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint32_unpack(const char s[4],uint32 *u)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/uint32_unpack.c:18:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void uint32_unpack_big(const char s[4],uint32 *u)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/buffer_read.c:8:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd,buf,len);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/cdb.c:55:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(c->fd,buf,len);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:320:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd,&ch,1);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:333:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd,&ch,1);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/dns_transmit.c:351:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd,d->packet + d->pos,d->packetlen - d->pos);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/readclose.c:12:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd,sa->s + sa->len,bufsize);
data/ipsvd-1.0.0/ipsvd-1.0.0/src/socket_conn.c:29:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(s,&ch,1); /* sets errno */
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ssl_io.c:159:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len =read(encpipe[0], encinbuf.s, encin.size)) < 0)
data/ipsvd-1.0.0/ipsvd-1.0.0/src/ssl_io.c:189:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len =read(fdstdin, decin.end, len)) < 0)
ANALYSIS SUMMARY:
Hits = 110
Lines analyzed = 6944 in approximately 0.37 seconds (18713 lines/second)
Physical Source Lines of Code (SLOC) = 5776
Hits@level = [0] 7 [1] 9 [2] 93 [3] 8 [4] 0 [5] 0
Hits@level+ = [0+] 117 [1+] 110 [2+] 101 [3+] 8 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 20.2562 [1+] 19.0443 [2+] 17.4861 [3+] 1.38504 [4+] 0 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.