Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netrom/netrom.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/nrconfig.c
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/rsconfig.c
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/axutils.c
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/ttyutils.c
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netrose/rose.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/axlib.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/axconfig.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/daemon.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/ax25io.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/rsconfig.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/mheard.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/nrconfig.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/ax25.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/ttyutils.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/pathnames.h
Examining data/libax25-0.0.12-rc5+git20190411+b17ff36/daemon.c
FINAL RESULTS:
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:626:8: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(buf, fmt, args);
data/libax25-0.0.12-rc5+git20190411+b17ff36/ttyutils.c:112:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s/LCK..%s", LOCK_SERIAL_DIR, s);
data/libax25-0.0.12-rc5+git20190411+b17ff36/ttyutils.c:140:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s/LCK..%s", LOCK_SERIAL_DIR, s);
data/libax25-0.0.12-rc5+git20190411+b17ff36/ttyutils.c:161:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s/LCK..%s", LOCK_SERIAL_DIR, s);
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:306:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->obuf + p->optr, c, len);
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:623:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[AXBUFLEN];
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:674:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2] = { IAC, IAC };
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:681:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:692:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[7] = {
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:221:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(baud) < 0) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:226:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(paclen) <= 0) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:231:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(window) <= 0) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:264:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->Baud = atoi(baud);
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:265:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->Window = atoi(window);
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:266:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->Paclen = atoi(paclen);
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], *s;
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:301:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("/proc/net/dev", "r"))) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:360:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(CONF_AXPORTS_FILE, "r")) == NULL) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/axutils.c:192:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[11];
data/libax25-0.0.12-rc5+git20190411+b17ff36/axutils.c:224:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[11];
data/libax25-0.0.12-rc5+git20190411+b17ff36/axutils.c:226:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02X%02X%02X%02X%02X", a->rose_addr[0] & 0xFF,
data/libax25-0.0.12-rc5+git20190411+b17ff36/axutils.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[7];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/ax25.h:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ax25_call[7]; /* 6 call + SSID (shifted ascii) */
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/ax25.h:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[16];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/ax25io.h:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eol[4]; /* end-of-line sequence */
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/ax25io.h:33:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[AXBUFLEN]; /* input buffer */
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/ax25io.h:34:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[AXBUFLEN]; /* output buffer */
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/ax25io.h:35:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gbuf[AXBUFLEN]; /* getline buffer */
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/mheard.h:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portname[20];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/mheard.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spare[128];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[14];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[14];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_addr[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_addr[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digi_addr[8][11];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_addr[10], dest_node[10], src_node[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[14];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_circuit[6], ur_circuit[6];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[14];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[10], alias[7];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_addr[11], dest_call[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_addr[11], src_call[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[14];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address1[11], call1[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address2[11], call2[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[14];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[4];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char restart[4];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netax25/procutils.h:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[11];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netrom/netrom.h:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[16];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netrom/netrom.h:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mnemonic[7];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netrose/rose.h:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rose_addr[5];
data/libax25-0.0.12-rc5+git20190411+b17ff36/netrose/rose.h:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[16];
data/libax25-0.0.12-rc5+git20190411+b17ff36/nrconfig.c:208:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(paclen) <= 0) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/nrconfig.c:245:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->Paclen = atoi(paclen);
data/libax25-0.0.12-rc5+git20190411+b17ff36/nrconfig.c:263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], *s;
data/libax25-0.0.12-rc5+git20190411+b17ff36/nrconfig.c:280:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("/proc/net/dev", "r"))) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/nrconfig.c:341:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(CONF_NRPORTS_FILE, "r")) == NULL) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:22:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return s ? atoi(s) : 0;
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, start, len);
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], *cp;
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:82:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_AX25_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], *cp;
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:164:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_AX25_ROUTE_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], *cp;
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:217:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_NR_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], *cp;
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:281:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_NR_NEIGH_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], *cp;
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:328:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_NR_NODES_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:427:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_RS_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:479:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_RS_NEIGH_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:522:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_RS_NODES_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:562:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_RS_ROUTES_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:599:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char call[10];
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:603:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(PROC_AX25_CALLS_FILE, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/rsconfig.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], *s;
data/libax25-0.0.12-rc5+git20190411+b17ff36/rsconfig.c:226:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("/proc/net/dev", "r"))) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/rsconfig.c:285:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(CONF_RSPORTS_FILE, "r")) == NULL) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/ttyutils.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50], *s;
data/libax25-0.0.12-rc5+git20190411+b17ff36/ttyutils.c:114:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/ttyutils.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50], *s;
data/libax25-0.0.12-rc5+git20190411+b17ff36/ttyutils.c:142:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "w")) == NULL)
data/libax25-0.0.12-rc5+git20190411+b17ff36/ttyutils.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50], *s;
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:49:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->eol, eol, 3);
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:329:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ret = read(p->ifd, p->ibuf, AXBUFLEN)) < 0)
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:442:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return rsend(p->eol, strlen(p->eol), p);
data/libax25-0.0.12-rc5+git20190411+b17ff36/ax25io.c:446:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return rsend(p->eol, strlen(p->eol), p);
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:315:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, s, IFNAMSIZ-1);
data/libax25-0.0.12-rc5+git20190411+b17ff36/axconfig.c:369:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 0 && *buffer != '#')
data/libax25-0.0.12-rc5+git20190411+b17ff36/axutils.c:168:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(addr) != 10) {
data/libax25-0.0.12-rc5+git20190411+b17ff36/axutils.c:170:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr, strlen(addr));
data/libax25-0.0.12-rc5+git20190411+b17ff36/daemon.c:53:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/libax25-0.0.12-rc5+git20190411+b17ff36/nrconfig.c:294:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, s, IFNAMSIZ-1);
data/libax25-0.0.12-rc5+git20190411+b17ff36/nrconfig.c:350:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 0 && *buffer != '#')
data/libax25-0.0.12-rc5+git20190411+b17ff36/procutils.c:42:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
return strncpy(dest, src, n);
data/libax25-0.0.12-rc5+git20190411+b17ff36/rsconfig.c:240:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, s, IFNAMSIZ-1);
data/libax25-0.0.12-rc5+git20190411+b17ff36/rsconfig.c:294:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 0 && *buffer != '#')
ANALYSIS SUMMARY:
Hits = 107
Lines analyzed = 4306 in approximately 0.15 seconds (28835 lines/second)
Physical Source Lines of Code (SLOC) = 2896
Hits@level = [0] 40 [1] 14 [2] 89 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 147 [1+] 107 [2+] 93 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 50.7597 [1+] 36.9475 [2+] 32.1133 [3+] 1.38122 [4+] 1.38122 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.