Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/macchanger-1.7.0/src/mac.h
Examining data/macchanger-1.7.0/src/maclist.c
Examining data/macchanger-1.7.0/src/maclist.h
Examining data/macchanger-1.7.0/src/netinfo.c
Examining data/macchanger-1.7.0/src/netinfo.h
Examining data/macchanger-1.7.0/src/mac.c
Examining data/macchanger-1.7.0/src/main.c
FINAL RESULTS:
data/macchanger-1.7.0/src/mac.c:65:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&s[i*3], "%02x%s", mac->byte[i], i<5?":":"");
data/macchanger-1.7.0/src/mac.c:87:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mac->byte[0] = (random()%255) & 0xFC;
data/macchanger-1.7.0/src/mac.c:88:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mac->byte[1] = random()%255;
data/macchanger-1.7.0/src/mac.c:89:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mac->byte[2] = random()%255;
data/macchanger-1.7.0/src/mac.c:91:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mac->byte[3] = random()%255;
data/macchanger-1.7.0/src/mac.c:92:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mac->byte[4] = random()%255;
data/macchanger-1.7.0/src/mac.c:93:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mac->byte[5] = random()%255;
data/macchanger-1.7.0/src/maclist.c:87:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
num = random()%num;
data/macchanger-1.7.0/src/maclist.c:101:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
num = random() % ( list_others_len + list_wireless_len );
data/macchanger-1.7.0/src/main.c:121:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/macchanger-1.7.0/src/main.c:165:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((val = getopt_long (argc, argv, "VasAbrephlm:", long_options, NULL)) != -1) {
data/macchanger-1.7.0/src/main.c:242:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (set_bia && !random) {
data/macchanger-1.7.0/src/main.c:259:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} else if (random) {
data/macchanger-1.7.0/src/mac.c:40:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new, mac, sizeof(mac_t));
data/macchanger-1.7.0/src/mac.h:31:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte[6];
data/macchanger-1.7.0/src/maclist.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[512];
data/macchanger-1.7.0/src/maclist.c:169:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(fullpath, "r")) == NULL) {
data/macchanger-1.7.0/src/maclist.h:33:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte[3];
data/macchanger-1.7.0/src/main.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[18];
data/macchanger-1.7.0/src/main.c:107:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(*name, O_RDONLY);
data/macchanger-1.7.0/src/netinfo.c:115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req, &(net->dev), sizeof(struct ifreq));
data/macchanger-1.7.0/src/mac.c:127:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(string) != 17) {
data/macchanger-1.7.0/src/mac.c:128:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (stderr, "[ERROR] Incorrect format: MAC length should be 17. %s(%lu)\n", string, strlen(string));
data/macchanger-1.7.0/src/maclist.c:188:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = '\0';
data/macchanger-1.7.0/src/main.c:109:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_len = read (fd, &seed, sizeof(seed));
data/macchanger-1.7.0/src/netinfo.c:50:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new->dev.ifr_name, device, sizeof(new->dev.ifr_name));
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 956 in approximately 0.07 seconds (13217 lines/second)
Physical Source Lines of Code (SLOC) = 601
Hits@level = [0] 13 [1] 5 [2] 8 [3] 12 [4] 1 [5] 0
Hits@level+ = [0+] 39 [1+] 26 [2+] 21 [3+] 13 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 64.8918 [1+] 43.2612 [2+] 34.9418 [3+] 21.6306 [4+] 1.66389 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.