Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/minissdpd-1.5.20190824/daemonize.c
Examining data/minissdpd-1.5.20190824/listifaces.c
Examining data/minissdpd-1.5.20190824/openssdpsocket.c
Examining data/minissdpd-1.5.20190824/testminissdpd.c
Examining data/minissdpd-1.5.20190824/daemonize.h
Examining data/minissdpd-1.5.20190824/openssdpsocket.h
Examining data/minissdpd-1.5.20190824/config.h
Examining data/minissdpd-1.5.20190824/testcodelength.c
Examining data/minissdpd-1.5.20190824/codelength.h
Examining data/minissdpd-1.5.20190824/upnputils.c
Examining data/minissdpd-1.5.20190824/upnputils.h
Examining data/minissdpd-1.5.20190824/ifacewatch.h
Examining data/minissdpd-1.5.20190824/ifacewatch.c
Examining data/minissdpd-1.5.20190824/getifaddr.c
Examining data/minissdpd-1.5.20190824/getifaddr.h
Examining data/minissdpd-1.5.20190824/getroute.c
Examining data/minissdpd-1.5.20190824/getroute.h
Examining data/minissdpd-1.5.20190824/minissdpdtypes.h
Examining data/minissdpd-1.5.20190824/asyncsendto.c
Examining data/minissdpd-1.5.20190824/asyncsendto.h
Examining data/minissdpd-1.5.20190824/printresponse.c
Examining data/minissdpd-1.5.20190824/printresponse.h
Examining data/minissdpd-1.5.20190824/showminissdpdnotif.c
Examining data/minissdpd-1.5.20190824/minissdpd.c
FINAL RESULTS:
data/minissdpd-1.5.20190824/minissdpd.c:837:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if(chmod(path, 0666) < 0)
data/minissdpd-1.5.20190824/minissdpd.c:1189:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf(bufr, sizeof(bufr),
data/minissdpd-1.5.20190824/asyncsendto.c:79:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmsg), &ipi6, sizeof(ipi6));
data/minissdpd-1.5.20190824/asyncsendto.c:146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(elt->data, dest_addr, addrlen);
data/minissdpd-1.5.20190824/asyncsendto.c:151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)elt->src_addr, src_addr, sizeof(struct sockaddr_in6));
data/minissdpd-1.5.20190824/asyncsendto.c:158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)elt->buf, buf, len);
data/minissdpd-1.5.20190824/asyncsendto.c:250:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[64];
data/minissdpd-1.5.20190824/daemonize.c:47:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open("/dev/null", O_RDWR); /* open stdin */
data/minissdpd-1.5.20190824/daemonize.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidstring[16];
data/minissdpd-1.5.20190824/daemonize.c:73:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (pidfile = open(fname, O_WRONLY|O_CREAT, 0644)) < 0)
data/minissdpd-1.5.20190824/daemonize.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/minissdpd-1.5.20190824/daemonize.c:108:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (pidfile = open(fname, O_RDONLY)) < 0)
data/minissdpd-1.5.20190824/daemonize.c:115:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( (pid = atol(buffer)) > 0)
data/minissdpd-1.5.20190824/getifaddr.c:179:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr->s6_addr + 12,
data/minissdpd-1.5.20190824/getifaddr.c:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr->s6_addr,
data/minissdpd-1.5.20190824/getifaddr.c:213:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr->s6_addr + 12, &addr4.s_addr, 4);
data/minissdpd-1.5.20190824/getifaddr.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/minissdpd-1.5.20190824/getroute.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/minissdpd-1.5.20190824/getroute.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_str[128];
data/minissdpd-1.5.20190824/getroute.c:167:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src, data, RTA_PAYLOAD(rta));
data/minissdpd-1.5.20190824/getroute.c:171:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(index, data, sizeof(int));
data/minissdpd-1.5.20190824/getroute.c:194:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_space[512];
data/minissdpd-1.5.20190824/getroute.c:217:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_rtmsg.m_space, dst, sizeof(struct sockaddr));
data/minissdpd-1.5.20190824/getroute.c:240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256] = { 0 };
data/minissdpd-1.5.20190824/getroute.c:262:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src, paddr, len);
data/minissdpd-1.5.20190824/ifacewatch.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/minissdpd-1.5.20190824/ifacewatch.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[48];
data/minissdpd-1.5.20190824/ifacewatch.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/minissdpd-1.5.20190824/ifacewatch.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/minissdpd-1.5.20190824/ifacewatch.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/minissdpd-1.5.20190824/ifacewatch.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[48];
data/minissdpd-1.5.20190824/ifacewatch.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/minissdpd-1.5.20190824/ifacewatch.c:284:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifname, sdl->sdl_data, sdl->sdl_nlen);
data/minissdpd-1.5.20190824/listifaces.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[256/*INET_ADDRSTRLEN*/];
data/minissdpd-1.5.20190824/minissdpd.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/minissdpd-1.5.20190824/minissdpd.c:152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lan_addr->ifname, str, n);
data/minissdpd-1.5.20190824/minissdpd.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lan_addr->str, str, n);
data/minissdpd-1.5.20190824/minissdpd.c:177:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, q, n);
data/minissdpd-1.5.20190824/minissdpd.c:183:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nbits = atoi(q);
data/minissdpd-1.5.20190824/minissdpd.c:241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->output_buffer + req->output_buffer_len, data, len);
data/minissdpd-1.5.20190824/minissdpd.c:323:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data + p->headers[0].l + p->headers[1].l,
data/minissdpd-1.5.20190824/minissdpd.c:350:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pc, headers[i].p, headers[i].l);
data/minissdpd-1.5.20190824/minissdpd.c:395:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rbuf[RESPONSE_BUFFER_SIZE];
data/minissdpd-1.5.20190824/minissdpd.c:411:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, dev->headers[HEADER_LOCATION].p, dev->headers[HEADER_LOCATION].l);
data/minissdpd-1.5.20190824/minissdpd.c:415:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, dev->headers[HEADER_NT].p, dev->headers[HEADER_NT].l);
data/minissdpd-1.5.20190824/minissdpd.c:419:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, dev->headers[HEADER_USN].p, dev->headers[HEADER_USN].l);
data/minissdpd-1.5.20190824/minissdpd.c:430:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, serv->location, m);
data/minissdpd-1.5.20190824/minissdpd.c:434:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, serv->st, m);
data/minissdpd-1.5.20190824/minissdpd.c:438:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, serv->usn, m);
data/minissdpd-1.5.20190824/minissdpd.c:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/minissdpd-1.5.20190824/minissdpd.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/minissdpd-1.5.20190824/minissdpd.c:543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atoi_buffer[8];
data/minissdpd-1.5.20190824/minissdpd.c:550:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
st_ver = atoi(atoi_buffer);
data/minissdpd-1.5.20190824/minissdpd.c:626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[64];
data/minissdpd-1.5.20190824/minissdpd.c:789:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[64];
data/minissdpd-1.5.20190824/minissdpd.c:851:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/minissdpd-1.5.20190824/minissdpd.c:887:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rbuf[RESPONSE_BUFFER_SIZE];
data/minissdpd-1.5.20190824/minissdpd.c:914:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, MINISSDPD_VERSION, sizeof(MINISSDPD_VERSION) - 1);
data/minissdpd-1.5.20190824/minissdpd.c:962:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, d->headers[HEADER_LOCATION].p, d->headers[HEADER_LOCATION].l);
data/minissdpd-1.5.20190824/minissdpd.c:966:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, d->headers[HEADER_NT].p, d->headers[HEADER_NT].l);
data/minissdpd-1.5.20190824/minissdpd.c:970:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, d->headers[HEADER_USN].p, d->headers[HEADER_USN].l);
data/minissdpd-1.5.20190824/minissdpd.c:994:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, serv->location, m);
data/minissdpd-1.5.20190824/minissdpd.c:998:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, serv->st, m);
data/minissdpd-1.5.20190824/minissdpd.c:1002:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, serv->usn, m);
data/minissdpd-1.5.20190824/minissdpd.c:1032:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newserv->st, p, l);
data/minissdpd-1.5.20190824/minissdpd.c:1054:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newserv->usn, p, l);
data/minissdpd-1.5.20190824/minissdpd.c:1072:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newserv->server, p, l);
data/minissdpd-1.5.20190824/minissdpd.c:1090:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newserv->location, p, l);
data/minissdpd-1.5.20190824/minissdpd.c:1182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufr[512];
data/minissdpd-1.5.20190824/minissdpd.c:1224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1500];
data/minissdpd-1.5.20190824/minissdpd.c:1292:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ttl = (unsigned char)atoi(argv[++i]);
data/minissdpd-1.5.20190824/minissdpdtypes.h:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ]; /* example: eth0 */
data/minissdpd-1.5.20190824/minissdpdtypes.h:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[16]; /* example: 192.168.0.1 */
data/minissdpd-1.5.20190824/showminissdpdnotif.c:35:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4096];
data/minissdpd-1.5.20190824/testcodelength.c:12:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/minissdpd-1.5.20190824/testminissdpd.c:74:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/minissdpd-1.5.20190824/testminissdpd.c:139:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp + total, buf, n);
data/minissdpd-1.5.20190824/upnputils.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/minissdpd-1.5.20190824/upnputils.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbg_str[64];
data/minissdpd-1.5.20190824/upnputils.c:109:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&peer_addr, &peer6->sin6_addr.s6_addr[12], 4);
data/minissdpd-1.5.20190824/daemonize.c:51:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(027);
data/minissdpd-1.5.20190824/daemonize.c:113:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(pidfile, buffer, 63))
data/minissdpd-1.5.20190824/getifaddr.c:50:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, IFNAMSIZ-1);
data/minissdpd-1.5.20190824/getifaddr.c:64:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, IFNAMSIZ-1);
data/minissdpd-1.5.20190824/getifaddr.c:85:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, IFNAMSIZ-1);
data/minissdpd-1.5.20190824/getroute.c:226:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
l = read(s, &m_rtmsg, sizeof(m_rtmsg));
data/minissdpd-1.5.20190824/ifacewatch.c:154:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(address, tmp, sizeof(address));
data/minissdpd-1.5.20190824/ifacewatch.c:157:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, RTA_DATA(rta), sizeof(tmp));
data/minissdpd-1.5.20190824/ifacewatch.c:158:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifname, tmp, sizeof(ifname));
data/minissdpd-1.5.20190824/ifacewatch.c:169:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(tmp, "*unknown*", sizeof(tmp));
data/minissdpd-1.5.20190824/minissdpd.c:428:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen(serv->location);
data/minissdpd-1.5.20190824/minissdpd.c:432:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen(serv->st);
data/minissdpd-1.5.20190824/minissdpd.c:436:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen(serv->usn);
data/minissdpd-1.5.20190824/minissdpd.c:526:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
serv->st, strlen(serv->st), serv->usn,
data/minissdpd-1.5.20190824/minissdpd.c:536:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
serv->st, strlen(serv->st), serv->usn,
data/minissdpd-1.5.20190824/minissdpd.c:822:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, sizeof(addr.sun_path));
data/minissdpd-1.5.20190824/minissdpd.c:854:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(req->socket, buf, sizeof(buf));
data/minissdpd-1.5.20190824/minissdpd.c:982:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(serv->location) + strlen(serv->st)
data/minissdpd-1.5.20190824/minissdpd.c:982:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(serv->location) + strlen(serv->st)
data/minissdpd-1.5.20190824/minissdpd.c:983:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(serv->usn) + 6 + (rp - rbuf) >= sizeof(rbuf))
data/minissdpd-1.5.20190824/minissdpd.c:992:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen(serv->location);
data/minissdpd-1.5.20190824/minissdpd.c:996:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen(serv->st);
data/minissdpd-1.5.20190824/minissdpd.c:1000:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen(serv->usn);
data/minissdpd-1.5.20190824/showminissdpdnotif.c:58:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, sockpath, sizeof(addr.sun_path));
data/minissdpd-1.5.20190824/showminissdpdnotif.c:69:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buffer, sizeof(buffer));
data/minissdpd-1.5.20190824/testminissdpd.c:43:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, sockpath, sizeof(addr.sun_path));
data/minissdpd-1.5.20190824/testminissdpd.c:90:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
data/minissdpd-1.5.20190824/testminissdpd.c:101:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
data/minissdpd-1.5.20190824/testminissdpd.c:110:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
data/minissdpd-1.5.20190824/testminissdpd.c:120:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
data/minissdpd-1.5.20190824/testminissdpd.c:126:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
data/minissdpd-1.5.20190824/testminissdpd.c:146:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
data/minissdpd-1.5.20190824/testminissdpd.c:163:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
data/minissdpd-1.5.20190824/testminissdpd.c:172:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
data/minissdpd-1.5.20190824/testminissdpd.c:181:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
data/minissdpd-1.5.20190824/testminissdpd.c:190:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(s, buf, sizeof(buf));
ANALYSIS SUMMARY:
Hits = 116
Lines analyzed = 4374 in approximately 0.16 seconds (27612 lines/second)
Physical Source Lines of Code (SLOC) = 3548
Hits@level = [0] 229 [1] 36 [2] 78 [3] 0 [4] 1 [5] 1
Hits@level+ = [0+] 345 [1+] 116 [2+] 80 [3+] 2 [4+] 2 [5+] 1
Hits/KSLOC@level+ = [0+] 97.2379 [1+] 32.6945 [2+] 22.5479 [3+] 0.563698 [4+] 0.563698 [5+] 0.281849
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.