Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/netsend-0.0~svnr250/tcp_md5sig.h Examining data/netsend-0.0~svnr250/proto_tipc.c Examining data/netsend-0.0~svnr250/file.c Examining data/netsend-0.0~svnr250/error.c Examining data/netsend-0.0~svnr250/getopt.c Examining data/netsend-0.0~svnr250/main.c Examining data/netsend-0.0~svnr250/error.h Examining data/netsend-0.0~svnr250/proto_dccp_trans.c Examining data/netsend-0.0~svnr250/ns_hdr.c Examining data/netsend-0.0~svnr250/ns_hdr.h Examining data/netsend-0.0~svnr250/proto_sctp_trans.c Examining data/netsend-0.0~svnr250/analyze.c Examining data/netsend-0.0~svnr250/trans_common.c Examining data/netsend-0.0~svnr250/proto_tcp_trans.c Examining data/netsend-0.0~svnr250/analyze.h Examining data/netsend-0.0~svnr250/proto_udp_trans.c Examining data/netsend-0.0~svnr250/xfuncs.h Examining data/netsend-0.0~svnr250/proto_udp_recv.c Examining data/netsend-0.0~svnr250/proto_udp_recv.h Examining data/netsend-0.0~svnr250/net.c Examining data/netsend-0.0~svnr250/xfuncs.c Examining data/netsend-0.0~svnr250/debug.h Examining data/netsend-0.0~svnr250/global.h Examining data/netsend-0.0~svnr250/receive.c Examining data/netsend-0.0~svnr250/proto_tipc_trans.c Examining data/netsend-0.0~svnr250/proto_tipc.h Examining data/netsend-0.0~svnr250/proto_udplite_recv.c Examining data/netsend-0.0~svnr250/proto_udplite_trans.c FINAL RESULTS: data/netsend-0.0~svnr250/debug.h:10:35: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DEBUGPRINTF( fmt, ... ) fprintf(stderr, "DEBUG: %s:%u - " fmt, __FILE__, __LINE__, __VA_ARGS__) data/netsend-0.0~svnr250/error.c:56:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, ap); data/netsend-0.0~svnr250/error.c:72:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof buf -1, fmt, ap); data/netsend-0.0~svnr250/xfuncs.c:112:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(str, size, format, ap); data/netsend-0.0~svnr250/analyze.c:189:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unit_buf[UNIT_MAX]; data/netsend-0.0~svnr250/error.c:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXERRMSG]; data/netsend-0.0~svnr250/file.c:53:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(opts.infile, O_RDONLY|O_NOATIME); data/netsend-0.0~svnr250/file.c:55:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(opts.infile, O_RDONLY); data/netsend-0.0~svnr250/file.c:77:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(opts.outfile, O_WRONLY | O_CREAT | O_EXCL, data/netsend-0.0~svnr250/file.c:84:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(opts.outfile, O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP); data/netsend-0.0~svnr250/main.c:179:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_STATLEN]; data/netsend-0.0~svnr250/ns_hdr.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rtt_buf[backing_data_size + sizeof(struct ns_rtt_probe)]; data/netsend-0.0~svnr250/ns_hdr.c:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply_buf[to_write]; data/netsend-0.0~svnr250/ns_hdr.c:347:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[nse_len * 4 + 4]; data/netsend-0.0~svnr250/ns_hdr.c:377:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[nse_len * 4 + sizeof(uint16_t) * 2]; data/netsend-0.0~svnr250/ns_hdr.c:394:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[nse_len]; data/netsend-0.0~svnr250/proto_tcp_trans.c:55:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sig.tcpm_key, key, sizeof(key)); data/netsend-0.0~svnr250/receive.c:276:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sig.tcpm_key, key, sizeof(key)); data/netsend-0.0~svnr250/receive.c:319:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer[1024]; data/netsend-0.0~svnr250/xfuncs.c:134:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(duplicate, src, len); data/netsend-0.0~svnr250/error.c:74:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(buf); data/netsend-0.0~svnr250/file.c:75:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0); data/netsend-0.0~svnr250/getopt.c:878:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(&av[FIRST_ARG_INDEX][1], "all-options", strlen(&av[FIRST_ARG_INDEX][1])) ) { data/netsend-0.0~svnr250/getopt.c:881:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncmp(&av[FIRST_ARG_INDEX][1], "help", strlen(&av[FIRST_ARG_INDEX][1])) ) { data/netsend-0.0~svnr250/getopt.c:1155:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(av[FIRST_ARG_INDEX + 1], "transmit", strlen(av[2]))) { data/netsend-0.0~svnr250/getopt.c:1163:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(av[FIRST_ARG_INDEX + 1], "receive", strlen(av[FIRST_ARG_INDEX + 1]))) { data/netsend-0.0~svnr250/main.c:80:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). .cb_read = read, data/netsend-0.0~svnr250/net.c:180:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optlen = strlen(socket_options[i].value_ptr) + 1; data/netsend-0.0~svnr250/ns_hdr.c:79:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t ret = read(fd, bufptr, buflen); data/netsend-0.0~svnr250/receive.c:65:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((rc = read(connected_fd, buf, buflen)) > 0) { data/netsend-0.0~svnr250/trans_common.c:140:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((cnt = read(file_fd, buf, buflen)) > 0) { data/netsend-0.0~svnr250/xfuncs.c:129:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(src) + 1; ANALYSIS SUMMARY: Hits = 32 Lines analyzed = 5746 in approximately 0.15 seconds (38135 lines/second) Physical Source Lines of Code (SLOC) = 3618 Hits@level = [0] 25 [1] 12 [2] 16 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 57 [1+] 32 [2+] 20 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 15.7546 [1+] 8.84467 [2+] 5.52792 [3+] 1.10558 [4+] 1.10558 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.