Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ipwatchd-1.2.1/src/message.c Examining data/ipwatchd-1.2.1/src/devinfo.c Examining data/ipwatchd-1.2.1/src/ipwatchd.c Examining data/ipwatchd-1.2.1/src/analyse.c Examining data/ipwatchd-1.2.1/src/daemonize.c Examining data/ipwatchd-1.2.1/src/config.c Examining data/ipwatchd-1.2.1/src/ipwatchd.h Examining data/ipwatchd-1.2.1/src/signal.c Examining data/ipwatchd-1.2.1/src/genarp.c FINAL RESULTS: data/ipwatchd-1.2.1/src/daemonize.c:171:6: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if (readlink (proc_this, proc_this, PATH_MAX) <= 0) data/ipwatchd-1.2.1/src/daemonize.c:205:6: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if (readlink (proc_pidfile, proc_pidfile, PATH_MAX) <= 0) data/ipwatchd-1.2.1/src/analyse.c:209:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. rv = system (command); data/ipwatchd-1.2.1/src/config.c:232:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (config.script, value); data/ipwatchd-1.2.1/src/devinfo.c:54:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ifr.ifr_name, p_dev); data/ipwatchd-1.2.1/src/ipwatchd.c:96:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (config_file, optarg); data/ipwatchd-1.2.1/src/message.c:50:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msg, IPWD_MSG_BUFSIZ, format, arguments); data/ipwatchd-1.2.1/src/ipwatchd.c:74:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "c:dthv", long_options, &option_index); data/ipwatchd-1.2.1/src/analyse.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcv_sip[IPWD_MAX_DEVICE_ADDRESS_LEN]; data/ipwatchd-1.2.1/src/analyse.c:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcv_smac[IPWD_MAX_DEVICE_ADDRESS_LEN]; data/ipwatchd-1.2.1/src/analyse.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcv_dip[IPWD_MAX_DEVICE_ADDRESS_LEN]; data/ipwatchd-1.2.1/src/analyse.c:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcv_dmac[IPWD_MAX_DEVICE_ADDRESS_LEN]; data/ipwatchd-1.2.1/src/config.c:42:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fr = fopen (filename, "r")) == NULL) data/ipwatchd-1.2.1/src/config.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[500]; data/ipwatchd-1.2.1/src/config.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char variable[100]; data/ipwatchd-1.2.1/src/config.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[400]; data/ipwatchd-1.2.1/src/config.c:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PCAP_ERRBUF_SIZE]; data/ipwatchd-1.2.1/src/config.c:84:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fr = fopen (filename, "r")) == NULL) data/ipwatchd-1.2.1/src/daemonize.c:128:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fw = fopen (IPWD_PIDFILE, "w")) == NULL) data/ipwatchd-1.2.1/src/daemonize.c:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc_this[PATH_MAX]; data/ipwatchd-1.2.1/src/daemonize.c:159:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc_pidfile[PATH_MAX]; data/ipwatchd-1.2.1/src/daemonize.c:178:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fr = fopen (IPWD_PIDFILE, "r")) == NULL) data/ipwatchd-1.2.1/src/devinfo.c:127:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaces_buf[10240]; data/ipwatchd-1.2.1/src/devinfo.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PCAP_ERRBUF_SIZE]; data/ipwatchd-1.2.1/src/genarp.c:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[LIBNET_ERRBUF_SIZE]; data/ipwatchd-1.2.1/src/ipwatchd.c:167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PCAP_ERRBUF_SIZE]; data/ipwatchd-1.2.1/src/ipwatchd.h:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device[IPWD_MAX_DEVICE_NAME_LEN]; /**< Device name */ data/ipwatchd-1.2.1/src/ipwatchd.h:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[IPWD_MAX_DEVICE_ADDRESS_LEN]; /**< IP address of device */ data/ipwatchd-1.2.1/src/ipwatchd.h:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[IPWD_MAX_DEVICE_ADDRESS_LEN]; /**< MAC address of device */ data/ipwatchd-1.2.1/src/message.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[IPWD_MSG_BUFSIZ]; data/ipwatchd-1.2.1/src/analyse.c:65:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rcv_sip, p_rcv_sip, IPWD_MAX_DEVICE_ADDRESS_LEN - 1); data/ipwatchd-1.2.1/src/analyse.c:78:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rcv_smac, p_rcv_smac, IPWD_MAX_DEVICE_ADDRESS_LEN - 1); data/ipwatchd-1.2.1/src/analyse.c:94:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rcv_dip, p_rcv_dip, IPWD_MAX_DEVICE_ADDRESS_LEN - 1); data/ipwatchd-1.2.1/src/analyse.c:107:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rcv_dmac, p_rcv_dmac, IPWD_MAX_DEVICE_ADDRESS_LEN - 1); data/ipwatchd-1.2.1/src/analyse.c:197:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_len = strlen (config.script) + 2 + strlen (devices.dev[i].device) + 3 + strlen (devices.dev[i].ip) + 3 + strlen (rcv_smac) + 2; data/ipwatchd-1.2.1/src/analyse.c:197:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_len = strlen (config.script) + 2 + strlen (devices.dev[i].device) + 3 + strlen (devices.dev[i].ip) + 3 + strlen (rcv_smac) + 2; data/ipwatchd-1.2.1/src/analyse.c:197:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_len = strlen (config.script) + 2 + strlen (devices.dev[i].device) + 3 + strlen (devices.dev[i].ip) + 3 + strlen (rcv_smac) + 2; data/ipwatchd-1.2.1/src/analyse.c:197:117: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_len = strlen (config.script) + 2 + strlen (devices.dev[i].device) + 3 + strlen (devices.dev[i].ip) + 3 + strlen (rcv_smac) + 2; data/ipwatchd-1.2.1/src/config.c:106:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf (line, "%99s %399s", variable, value) != 2) data/ipwatchd-1.2.1/src/config.c:226:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((config.script = (char *) malloc ((strlen (value) + 1) * sizeof (char))) == NULL) data/ipwatchd-1.2.1/src/config.c:289:8: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf (line, "%*s %93s %399s", variable, value) != 2) data/ipwatchd-1.2.1/src/config.c:326:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (devices.dev[devices.devnum].device, variable, IPWD_MAX_DEVICE_NAME_LEN - 1); data/ipwatchd-1.2.1/src/daemonize.c:70:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (0166); data/ipwatchd-1.2.1/src/devinfo.c:84:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (p_ip, p_dev_ip, IPWD_MAX_DEVICE_ADDRESS_LEN - 1); data/ipwatchd-1.2.1/src/devinfo.c:104:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (p_mac, p_dev_mac, IPWD_MAX_DEVICE_ADDRESS_LEN - 1); data/ipwatchd-1.2.1/src/devinfo.c:219:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (devices.dev[devices.devnum].device, iface->ifr_name, IPWD_MAX_DEVICE_NAME_LEN - 1); data/ipwatchd-1.2.1/src/ipwatchd.c:90:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((config_file = (char *) malloc ((strlen (optarg) + 1) * sizeof (char))) == NULL) ANALYSIS SUMMARY: Hits = 47 Lines analyzed = 1916 in approximately 0.08 seconds (25516 lines/second) Physical Source Lines of Code (SLOC) = 1141 Hits@level = [0] 32 [1] 17 [2] 22 [3] 1 [4] 5 [5] 2 Hits@level+ = [0+] 79 [1+] 47 [2+] 30 [3+] 8 [4+] 7 [5+] 2 Hits/KSLOC@level+ = [0+] 69.2375 [1+] 41.1919 [2+] 26.2927 [3+] 7.01139 [4+] 6.13497 [5+] 1.75285 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.