Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/netsend-0.0~svnr250/tcp_md5sig.h
Examining data/netsend-0.0~svnr250/proto_tipc.c
Examining data/netsend-0.0~svnr250/file.c
Examining data/netsend-0.0~svnr250/error.c
Examining data/netsend-0.0~svnr250/getopt.c
Examining data/netsend-0.0~svnr250/main.c
Examining data/netsend-0.0~svnr250/error.h
Examining data/netsend-0.0~svnr250/proto_dccp_trans.c
Examining data/netsend-0.0~svnr250/ns_hdr.c
Examining data/netsend-0.0~svnr250/ns_hdr.h
Examining data/netsend-0.0~svnr250/proto_sctp_trans.c
Examining data/netsend-0.0~svnr250/analyze.c
Examining data/netsend-0.0~svnr250/trans_common.c
Examining data/netsend-0.0~svnr250/proto_tcp_trans.c
Examining data/netsend-0.0~svnr250/analyze.h
Examining data/netsend-0.0~svnr250/proto_udp_trans.c
Examining data/netsend-0.0~svnr250/xfuncs.h
Examining data/netsend-0.0~svnr250/proto_udp_recv.c
Examining data/netsend-0.0~svnr250/proto_udp_recv.h
Examining data/netsend-0.0~svnr250/net.c
Examining data/netsend-0.0~svnr250/xfuncs.c
Examining data/netsend-0.0~svnr250/debug.h
Examining data/netsend-0.0~svnr250/global.h
Examining data/netsend-0.0~svnr250/receive.c
Examining data/netsend-0.0~svnr250/proto_tipc_trans.c
Examining data/netsend-0.0~svnr250/proto_tipc.h
Examining data/netsend-0.0~svnr250/proto_udplite_recv.c
Examining data/netsend-0.0~svnr250/proto_udplite_trans.c
FINAL RESULTS:
data/netsend-0.0~svnr250/debug.h:10:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUGPRINTF( fmt, ... ) fprintf(stderr, "DEBUG: %s:%u - " fmt, __FILE__, __LINE__, __VA_ARGS__)
data/netsend-0.0~svnr250/error.c:56:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/netsend-0.0~svnr250/error.c:72:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof buf -1, fmt, ap);
data/netsend-0.0~svnr250/xfuncs.c:112:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(str, size, format, ap);
data/netsend-0.0~svnr250/analyze.c:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit_buf[UNIT_MAX];
data/netsend-0.0~svnr250/error.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXERRMSG];
data/netsend-0.0~svnr250/file.c:53:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(opts.infile, O_RDONLY|O_NOATIME);
data/netsend-0.0~svnr250/file.c:55:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(opts.infile, O_RDONLY);
data/netsend-0.0~svnr250/file.c:77:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(opts.outfile, O_WRONLY | O_CREAT | O_EXCL,
data/netsend-0.0~svnr250/file.c:84:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(opts.outfile, O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP);
data/netsend-0.0~svnr250/main.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_STATLEN];
data/netsend-0.0~svnr250/ns_hdr.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rtt_buf[backing_data_size + sizeof(struct ns_rtt_probe)];
data/netsend-0.0~svnr250/ns_hdr.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reply_buf[to_write];
data/netsend-0.0~svnr250/ns_hdr.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[nse_len * 4 + 4];
data/netsend-0.0~svnr250/ns_hdr.c:377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[nse_len * 4 + sizeof(uint16_t) * 2];
data/netsend-0.0~svnr250/ns_hdr.c:394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[nse_len];
data/netsend-0.0~svnr250/proto_tcp_trans.c:55:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig.tcpm_key, key, sizeof(key));
data/netsend-0.0~svnr250/receive.c:276:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig.tcpm_key, key, sizeof(key));
data/netsend-0.0~svnr250/receive.c:319:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer[1024];
data/netsend-0.0~svnr250/xfuncs.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(duplicate, src, len);
data/netsend-0.0~svnr250/error.c:74:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/netsend-0.0~svnr250/file.c:75:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/netsend-0.0~svnr250/getopt.c:878:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(&av[FIRST_ARG_INDEX][1], "all-options", strlen(&av[FIRST_ARG_INDEX][1])) ) {
data/netsend-0.0~svnr250/getopt.c:881:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp(&av[FIRST_ARG_INDEX][1], "help", strlen(&av[FIRST_ARG_INDEX][1])) ) {
data/netsend-0.0~svnr250/getopt.c:1155:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(av[FIRST_ARG_INDEX + 1], "transmit", strlen(av[2]))) {
data/netsend-0.0~svnr250/getopt.c:1163:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncasecmp(av[FIRST_ARG_INDEX + 1], "receive", strlen(av[FIRST_ARG_INDEX + 1]))) {
data/netsend-0.0~svnr250/main.c:80:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
.cb_read = read,
data/netsend-0.0~svnr250/net.c:180:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optlen = strlen(socket_options[i].value_ptr) + 1;
data/netsend-0.0~svnr250/ns_hdr.c:79:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(fd, bufptr, buflen);
data/netsend-0.0~svnr250/receive.c:65:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rc = read(connected_fd, buf, buflen)) > 0) {
data/netsend-0.0~svnr250/trans_common.c:140:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cnt = read(file_fd, buf, buflen)) > 0) {
data/netsend-0.0~svnr250/xfuncs.c:129:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src) + 1;
ANALYSIS SUMMARY:
Hits = 32
Lines analyzed = 5746 in approximately 0.15 seconds (38135 lines/second)
Physical Source Lines of Code (SLOC) = 3618
Hits@level = [0] 25 [1] 12 [2] 16 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 57 [1+] 32 [2+] 20 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 15.7546 [1+] 8.84467 [2+] 5.52792 [3+] 1.10558 [4+] 1.10558 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.