Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ndppd-0.2.5/src/address.cc
Examining data/ndppd-0.2.5/src/address.h
Examining data/ndppd-0.2.5/src/conf.cc
Examining data/ndppd-0.2.5/src/conf.h
Examining data/ndppd-0.2.5/src/iface.cc
Examining data/ndppd-0.2.5/src/iface.h
Examining data/ndppd-0.2.5/src/logger.cc
Examining data/ndppd-0.2.5/src/logger.h
Examining data/ndppd-0.2.5/src/ndppd.h
Examining data/ndppd-0.2.5/src/proxy.cc
Examining data/ndppd-0.2.5/src/proxy.h
Examining data/ndppd-0.2.5/src/ptr.h
Examining data/ndppd-0.2.5/src/route.cc
Examining data/ndppd-0.2.5/src/route.h
Examining data/ndppd-0.2.5/src/rule.cc
Examining data/ndppd-0.2.5/src/rule.h
Examining data/ndppd-0.2.5/src/session.cc
Examining data/ndppd-0.2.5/src/session.h
Examining data/ndppd-0.2.5/src/ndppd.cc
FINAL RESULTS:
data/ndppd-0.2.5/src/logger.cc:78:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt.c_str(), va);
data/ndppd-0.2.5/src/logger.cc:165:14: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void logger::syslog(bool sl)
data/ndppd-0.2.5/src/logger.cc:178:14: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
bool logger::syslog()
data/ndppd-0.2.5/src/logger.h:45:17: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
static void syslog(bool enable);
data/ndppd-0.2.5/src/logger.h:46:17: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
static bool syslog();
data/ndppd-0.2.5/src/ndppd.cc:265:17: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
logger::syslog(true);
data/ndppd-0.2.5/src/ndppd.cc:224:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "c:dp:v", long_options,& opt);
data/ndppd-0.2.5/src/address.cc:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN + 8];
data/ndppd-0.2.5/src/address.cc:188:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + strlen(buf), "/%d", p);
data/ndppd-0.2.5/src/address.cc:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN],* b;
data/ndppd-0.2.5/src/address.cc:270:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prefix(atoi(buf));
data/ndppd-0.2.5/src/conf.cc:67:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(_value.c_str());
data/ndppd-0.2.5/src/conf.cc:80:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(path.c_str(), std::ios::in);
data/ndppd-0.2.5/src/iface.cc:282:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifa->hwaddr, ifr.ifr_hwaddr.sa_data, sizeof(struct ether_addr));
data/ndppd-0.2.5/src/iface.cc:327:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&daddr_tmp.sin6_addr,& daddr.const_addr(), sizeof(struct in6_addr));
data/ndppd-0.2.5/src/iface.cc:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ndppd-0.2.5/src/iface.cc:391:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ns->nd_ns_target,& taddr.const_addr(), sizeof(struct in6_addr));
data/ndppd-0.2.5/src/iface.cc:393:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(struct nd_neighbor_solicit) + sizeof(struct nd_opt_hdr),
data/ndppd-0.2.5/src/iface.cc:416:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ndppd-0.2.5/src/iface.cc:432:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&na->nd_na_target,& taddr.const_addr(), sizeof(struct in6_addr));
data/ndppd-0.2.5/src/iface.cc:434:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(struct nd_neighbor_advert) + sizeof(struct nd_opt_hdr),
data/ndppd-0.2.5/src/logger.cc:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/ndppd-0.2.5/src/logger.cc:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/ndppd-0.2.5/src/logger.cc:210:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_max_pri = atoi(c_name);
data/ndppd-0.2.5/src/ndppd.cc:152:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ptr<proxy> pr = proxy::open(*pr_cf);
data/ndppd-0.2.5/src/ndppd.cc:279:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pf.open(pidfile.c_str(), std::ios::out | std::ios::trunc);
data/ndppd-0.2.5/src/proxy.cc:52:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ptr<proxy> proxy::open(const std::string& ifname)
data/ndppd-0.2.5/src/proxy.h:35:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static ptr<proxy> open(const std::string& ifn);
data/ndppd-0.2.5/src/route.cc:91:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(path.c_str(), std::ios::in);
data/ndppd-0.2.5/src/route.cc:95:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ndppd-0.2.5/src/address.cc:188:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), "/%d", p);
data/ndppd-0.2.5/src/iface.cc:198:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, name.c_str(), IFNAMSIZ - 1);
data/ndppd-0.2.5/src/iface.cc:210:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, name.c_str(), IFNAMSIZ - 1);
data/ndppd-0.2.5/src/iface.cc:289:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t iface::read(int fd, struct sockaddr* saddr, uint8_t* msg, size_t size)
data/ndppd-0.2.5/src/iface.cc:355:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(_pfd, (struct sockaddr*)&t_saddr, msg, sizeof(msg))) < 0)
data/ndppd-0.2.5/src/iface.cc:450:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(_ifd, (struct sockaddr* )&t_saddr, msg, sizeof(msg))) < 0)
data/ndppd-0.2.5/src/iface.cc:609:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, _name.c_str(), IFNAMSIZ);
data/ndppd-0.2.5/src/iface.h:45:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static ssize_t read(int fd, struct sockaddr* saddr, uint8_t* msg, size_t size);
data/ndppd-0.2.5/src/logger.cc:215:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(c_name, _pri_names[i].name, strlen(_pri_names[i].name))) {
data/ndppd-0.2.5/src/ndppd.cc:46:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/ndppd-0.2.5/src/ndppd.cc:277:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t old_umask = umask(022);
data/ndppd-0.2.5/src/ndppd.cc:282:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
ANALYSIS SUMMARY:
Hits = 42
Lines analyzed = 3351 in approximately 0.08 seconds (40972 lines/second)
Physical Source Lines of Code (SLOC) = 2178
Hits@level = [0] 2 [1] 12 [2] 23 [3] 1 [4] 6 [5] 0
Hits@level+ = [0+] 44 [1+] 42 [2+] 30 [3+] 7 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 20.202 [1+] 19.2837 [2+] 13.7741 [3+] 3.21396 [4+] 2.75482 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.