stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libnet-rawip-perl-0.25/eth.c
Examining data/libnet-rawip-perl-0.25/ifaddrlist.c
Examining data/libnet-rawip-perl-0.25/ifaddrlist.h
Examining data/libnet-rawip-perl-0.25/ip.h
Examining data/libnet-rawip-perl-0.25/rdev.c
Examining data/libnet-rawip-perl-0.25/solaris.h
Examining data/libnet-rawip-perl-0.25/util.c

FINAL RESULTS:

data/libnet-rawip-perl-0.25/eth.c:134:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy((char *)spkt.spkt_device, eth_device);
data/libnet-rawip-perl-0.25/eth.c:240:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    (void)strcpy(ifr.ifr_name, dev);
data/libnet-rawip-perl-0.25/ifaddrlist.c:56:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        (void)sprintf(errbuf, "socket: %s", strerror(errno));
data/libnet-rawip-perl-0.25/ifaddrlist.c:66:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        (void)sprintf(errbuf, "SIOCGIFCONF: %s", strerror(errno));
data/libnet-rawip-perl-0.25/ifaddrlist.c:96:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            (void)sprintf(errbuf,
data/libnet-rawip-perl-0.25/ifaddrlist.c:111:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(errbuf, "SIOCGIFADDR: %s: %s", device, strerror(errno));
data/libnet-rawip-perl-0.25/eth.c:113:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(hwaddr,LLADDR(dla),dla->sdl_alen);
data/libnet-rawip-perl-0.25/eth.c:177:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char arp_dev[16];
data/libnet-rawip-perl-0.25/eth.c:188:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(eth_mac, req.arp_ha.sa_data, ETH_ALEN);
data/libnet-rawip-perl-0.25/eth.c:227:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(eth_mac,LLADDR(sdl),sdl->sdl_alen);
data/libnet-rawip-perl-0.25/eth.c:277:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(my_eth_mac, ifr.ifr_hwaddr.sa_data,ETH_ALEN);
data/libnet-rawip-perl-0.25/ifaddrlist.c:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char device[sizeof(ifr.ifr_name) + 1];
data/libnet-rawip-perl-0.25/rdev.c:100:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(name,ifr->ifr_name,len);
data/libnet-rawip-perl-0.25/util.c:129:7:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      bcopy (target->h_addr, resolved_ip, sizeof (struct in_addr));
data/libnet-rawip-perl-0.25/util.c:183:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char device[sizeof "/dev/bpf000"];
data/libnet-rawip-perl-0.25/util.c:185:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		(void)sprintf(device, "/dev/bpf%d", n++);
data/libnet-rawip-perl-0.25/util.c:186:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(device, O_WRONLY);
data/libnet-rawip-perl-0.25/eth.c:82:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(ifreq.ifr_name, ifr->ifr_name, 
data/libnet-rawip-perl-0.25/ifaddrlist.c:92:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(ifr.ifr_name, ifrp->ifr_name, sizeof(ifr.ifr_name));
data/libnet-rawip-perl-0.25/ifaddrlist.c:107:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        (void)strncpy(device, ifr.ifr_name, sizeof(ifr.ifr_name));
data/libnet-rawip-perl-0.25/ifaddrlist.c:119:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        al->len = strlen(device);
data/libnet-rawip-perl-0.25/rdev.c:53:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(ifreq.ifr_name, ifr->ifr_name, 
data/libnet-rawip-perl-0.25/rdev.c:99:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(ifr->ifr_name);

ANALYSIS SUMMARY:

Hits = 23
Lines analyzed = 854 in approximately 0.05 seconds (17763 lines/second)
Physical Source Lines of Code (SLOC) = 740
Hits@level = [0]   1 [1]   6 [2]  11 [3]   0 [4]   6 [5]   0
Hits@level+ = [0+]  24 [1+]  23 [2+]  17 [3+]   6 [4+]   6 [5+]   0
Hits/KSLOC@level+ = [0+] 32.4324 [1+] 31.0811 [2+] 22.973 [3+] 8.10811 [4+] 8.10811 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.