Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libcidr-1.2.3/include/libcidr.h Examining data/libcidr-1.2.3/src/examples/acl/acl.c Examining data/libcidr-1.2.3/src/examples/cidrcalc/cidrcalc.c Examining data/libcidr-1.2.3/src/include/libcidr_pow2_p.h Examining data/libcidr-1.2.3/src/test/compare/compare.c Examining data/libcidr-1.2.3/src/test/inaddr/inaddr.c Examining data/libcidr-1.2.3/src/test/kids/kids.c Examining data/libcidr-1.2.3/src/test/mkstr/mkstr.c Examining data/libcidr-1.2.3/src/test/netbc/netbc.c Examining data/libcidr-1.2.3/src/test/nums/nums.c Examining data/libcidr-1.2.3/src/test/parent/parent.c Examining data/libcidr-1.2.3/src/cidr_addr.c Examining data/libcidr-1.2.3/src/cidr_compare.c Examining data/libcidr-1.2.3/src/cidr_from_str.c Examining data/libcidr-1.2.3/src/cidr_get.c Examining data/libcidr-1.2.3/src/cidr_inaddr.c Examining data/libcidr-1.2.3/src/cidr_mem.c Examining data/libcidr-1.2.3/src/cidr_misc.c Examining data/libcidr-1.2.3/src/cidr_net.c Examining data/libcidr-1.2.3/src/cidr_num.c Examining data/libcidr-1.2.3/src/cidr_to_str.c FINAL RESULTS: data/libcidr-1.2.3/src/cidr_to_str.c:126:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(toret, tmpbuf); data/libcidr-1.2.3/src/cidr_to_str.c:155:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(toret, tmpbuf); data/libcidr-1.2.3/src/cidr_to_str.c:179:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(toret, tmpbuf); data/libcidr-1.2.3/src/cidr_to_str.c:323:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(toret, tmpbuf); data/libcidr-1.2.3/src/cidr_to_str.c:377:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(toret, nmstr); data/libcidr-1.2.3/src/cidr_to_str.c:394:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(toret, tmpbuf); data/libcidr-1.2.3/src/examples/acl/acl.c:291:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(toclnt, "Hi there, %s!\n", clstr); data/libcidr-1.2.3/src/examples/acl/acl.c:336:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(toclnt, "Hi there, %s!\n", clstr); data/libcidr-1.2.3/src/examples/acl/acl.c:414:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmpbuf, "\tChecking '%s'... ", buf); data/libcidr-1.2.3/src/examples/acl/acl.c:74:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((goch=getopt(argc, argv, "f:p:v"))!=-1) data/libcidr-1.2.3/src/examples/cidrcalc/cidrcalc.c:94:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((goch=getopt(argc, argv, "bs"))!=-1) data/libcidr-1.2.3/src/test/mkstr/mkstr.c:29:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((goch=getopt(argc, argv, "ev6cmapwrf:_"))!=-1) data/libcidr-1.2.3/src/cidr_addr.c:31:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(toret->mask, addr->mask, (16 * sizeof(toret->mask[0])) ); data/libcidr-1.2.3/src/cidr_addr.c:76:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(toret->mask, addr->mask, (16 * sizeof(toret->mask[0])) ); data/libcidr-1.2.3/src/cidr_get.c:91:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(toret, addr->addr, sizeof(addr->addr)); data/libcidr-1.2.3/src/cidr_get.c:117:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(toret, addr->mask, sizeof(addr->mask)); data/libcidr-1.2.3/src/cidr_mem.c:39:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(toret, src, sizeof(CIDR)); data/libcidr-1.2.3/src/cidr_to_str.c:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[128]; /* We shouldn't need more than ~5 anywhere */ data/libcidr-1.2.3/src/cidr_to_str.c:86:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(toret, "%d.%d.%d.%d.in-addr.arpa", data/libcidr-1.2.3/src/cidr_to_str.c:101:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(toret, "0000:0000:0000:0000:0000:"); data/libcidr-1.2.3/src/cidr_to_str.c:103:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(toret, "0:0:0:0:0:"); data/libcidr-1.2.3/src/cidr_to_str.c:106:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(toret, "::"); data/libcidr-1.2.3/src/cidr_to_str.c:113:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(toret, "0000:"); data/libcidr-1.2.3/src/cidr_to_str.c:115:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(toret, "0:"); data/libcidr-1.2.3/src/cidr_to_str.c:119:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(toret, "ffff:"); data/libcidr-1.2.3/src/cidr_to_str.c:125:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "%u", (block->addr)[i]); data/libcidr-1.2.3/src/cidr_to_str.c:154:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "%u", moct); data/libcidr-1.2.3/src/cidr_to_str.c:176:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "%u", data/libcidr-1.2.3/src/cidr_to_str.c:195:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(toret, "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x." data/libcidr-1.2.3/src/cidr_to_str.c:289:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(toret, "::"); data/libcidr-1.2.3/src/cidr_to_str.c:320:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "%.4x", v6sect); data/libcidr-1.2.3/src/cidr_to_str.c:322:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "%x", v6sect); data/libcidr-1.2.3/src/cidr_to_str.c:393:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "%u", pflen); data/libcidr-1.2.3/src/examples/acl/acl.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char toclnt[2048]; /* Hardcoded, but who cares */ data/libcidr-1.2.3/src/examples/acl/acl.c:82:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/libcidr-1.2.3/src/examples/acl/acl.c:114:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). afd = open(fname, O_RDONLY); data/libcidr-1.2.3/src/examples/acl/acl.c:235:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(srv6.sin6_addr.s6_addr), &in6addr_any, sizeof(in6addr_any)); data/libcidr-1.2.3/src/examples/acl/acl.c:299:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(toclnt, "Your access is ACCEPTED!\nYou rock!\n\n"); data/libcidr-1.2.3/src/examples/acl/acl.c:305:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(toclnt, "Your access is DENIED!\nYou suck!\n\n"); data/libcidr-1.2.3/src/examples/acl/acl.c:344:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(toclnt, "Your access is ACCEPTED!\nYou rock!\n\n"); data/libcidr-1.2.3/src/examples/acl/acl.c:350:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(toclnt, "Your access is DENIED!\nYou suck!\n\n"); data/libcidr-1.2.3/src/examples/acl/acl.c:388:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[1024]; /* Hardcoded */ data/libcidr-1.2.3/src/examples/acl/acl.c:402:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "\tDefault deny.\n"); data/libcidr-1.2.3/src/examples/acl/acl.c:422:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, "matched!\n"); data/libcidr-1.2.3/src/examples/acl/acl.c:438:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, "not matched!\n"); data/libcidr-1.2.3/src/examples/cidrcalc/cidrcalc.c:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char boct[9]; data/libcidr-1.2.3/src/test/inaddr/inaddr.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pstr[PSLEN]; data/libcidr-1.2.3/src/cidr_from_str.c:30:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(addr==NULL || (_alen=strlen(addr))<1) data/libcidr-1.2.3/src/cidr_to_str.c:128:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(toret, "."); data/libcidr-1.2.3/src/cidr_to_str.c:140:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(toret, "/"); data/libcidr-1.2.3/src/cidr_to_str.c:157:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(toret, "."); data/libcidr-1.2.3/src/cidr_to_str.c:302:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(toret, ":"); data/libcidr-1.2.3/src/cidr_to_str.c:334:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(toret, "/"); data/libcidr-1.2.3/src/examples/acl/acl.c:139:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read(afd, aclfile, ast.st_size)!=ast.st_size) data/libcidr-1.2.3/src/examples/acl/acl.c:292:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(clsock, toclnt, strlen(toclnt)); data/libcidr-1.2.3/src/examples/acl/acl.c:300:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(clsock, toclnt, strlen(toclnt)); data/libcidr-1.2.3/src/examples/acl/acl.c:306:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(clsock, toclnt, strlen(toclnt)); data/libcidr-1.2.3/src/examples/acl/acl.c:337:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(clsock, toclnt, strlen(toclnt)); data/libcidr-1.2.3/src/examples/acl/acl.c:345:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(clsock, toclnt, strlen(toclnt)); data/libcidr-1.2.3/src/examples/acl/acl.c:351:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(clsock, toclnt, strlen(toclnt)); data/libcidr-1.2.3/src/examples/acl/acl.c:405:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(clsock, tmpbuf, strlen(tmpbuf)); data/libcidr-1.2.3/src/examples/acl/acl.c:425:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(clsock, tmpbuf, strlen(tmpbuf)); data/libcidr-1.2.3/src/examples/acl/acl.c:441:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(clsock, tmpbuf, strlen(tmpbuf)); data/libcidr-1.2.3/src/test/compare/compare.c:32:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(ifirst==NULL || strlen(ifirst)==0 data/libcidr-1.2.3/src/test/compare/compare.c:33:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || isecond==NULL || strlen(isecond)==0) ANALYSIS SUMMARY: Hits = 65 Lines analyzed = 4226 in approximately 0.35 seconds (11958 lines/second) Physical Source Lines of Code (SLOC) = 2800 Hits@level = [0] 107 [1] 18 [2] 35 [3] 3 [4] 9 [5] 0 Hits@level+ = [0+] 172 [1+] 65 [2+] 47 [3+] 12 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 61.4286 [1+] 23.2143 [2+] 16.7857 [3+] 4.28571 [4+] 3.21429 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.