Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nield-0.6.1/src/tcmsg_qdisc_tbf.c
Examining data/nield-0.6.1/src/ndmsg.c
Examining data/nield-0.6.1/src/tcamsg.c
Examining data/nield-0.6.1/src/rtnetlink.h
Examining data/nield-0.6.1/src/tcmsg_qdisc_choke.c
Examining data/nield-0.6.1/src/nlmsg.c
Examining data/nield-0.6.1/src/ifamsg.c
Examining data/nield-0.6.1/src/rta.c
Examining data/nield-0.6.1/src/nield.h
Examining data/nield-0.6.1/src/tcamsg_nat.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_drr.c
Examining data/nield-0.6.1/src/ifimsg_brport.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_fq_codel.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_plug.c
Examining data/nield-0.6.1/src/tcamsg_pedit.c
Examining data/nield-0.6.1/src/tcamsg_csum.c
Examining data/nield-0.6.1/src/debug.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_fifo.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_hfsc.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_htb.c
Examining data/nield-0.6.1/src/tcmsg_filter_route.c
Examining data/nield-0.6.1/src/ifimsg.c
Examining data/nield-0.6.1/src/tcamsg_gact.c
Examining data/nield-0.6.1/src/log.c
Examining data/nield-0.6.1/src/tcmsg_filter_rsvp.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_sfq.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_red.c
Examining data/nield-0.6.1/src/tcmsg_filter_cgroup.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_prio.c
Examining data/nield-0.6.1/src/ifimsg_gre.c
Examining data/nield-0.6.1/src/ifimsg_vxlan.c
Examining data/nield-0.6.1/src/frhdr.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_dsmark.c
Examining data/nield-0.6.1/src/ifimsg_vlan.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_qfq.c
Examining data/nield-0.6.1/src/tcmsg_qdisc.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_multiq.c
Examining data/nield-0.6.1/src/tcmsg_filter.c
Examining data/nield-0.6.1/src/rtmsg.c
Examining data/nield-0.6.1/src/tcamsg_skbedit.c
Examining data/nield-0.6.1/src/tcamsg_police.c
Examining data/nield-0.6.1/src/tcmsg_filter_fw.c
Examining data/nield-0.6.1/src/tcmsg_filter_flow.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_cbq.c
Examining data/nield-0.6.1/src/list.h
Examining data/nield-0.6.1/src/ifimsg_macvlan.c
Examining data/nield-0.6.1/src/tcmsg_filter_u32.c
Examining data/nield-0.6.1/src/tcmsg_filter_tcindex.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_codel.c
Examining data/nield-0.6.1/src/nield.c
Examining data/nield-0.6.1/src/ifimsg_bond.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_netem.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_gred.c
Examining data/nield-0.6.1/src/tcamsg_mirred.c
Examining data/nield-0.6.1/src/tcmsg_qdisc_sfb.c
Examining data/nield-0.6.1/src/tcmsg_filter_basic.c
FINAL RESULTS:
data/nield-0.6.1/src/debug.c:51:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(indent, " ", sizeof(indent));
data/nield-0.6.1/src/ifimsg_bond.c:210:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(target, addr, sizeof(addr));
data/nield-0.6.1/src/debug.c:55:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/nield-0.6.1/src/log.c:57:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
mp += vsnprintf(mp, MAX_MSG_SIZE - (mp - msg), format, ap_msg);
data/nield-0.6.1/src/log.c:78:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap_msg);
data/nield-0.6.1/src/nield.c:167:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(log_file, LOG_FILE_DEFAULT);
data/nield-0.6.1/src/nield.c:168:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbg_file, DEBUG_FILE_DEFAULT);
data/nield-0.6.1/src/nield.c:184:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(log_file, optarg);
data/nield-0.6.1/src/nield.c:209:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbg_file, optarg);
data/nield-0.6.1/src/nield.c:171:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "vhp:l:s:L:d:46inarft")) != EOF) {
data/nield-0.6.1/src/tcmsg_filter.c:1064:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_TCF_META_ID(RANDOM, random)
data/nield-0.6.1/src/debug.c:28:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbg_fd = fopen(filename, "a");
data/nield-0.6.1/src/debug.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_MSG_SIZE] = "";
data/nield-0.6.1/src/debug.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/frhdr.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[148] = "", action[16] = "";
data/nield-0.6.1/src/frhdr.c:87:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[INET6_ADDRSTRLEN] = "";
data/nield-0.6.1/src/frhdr.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/nield-0.6.1/src/frhdr.c:125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[INET6_ADDRSTRLEN] = "";
data/nield-0.6.1/src/frhdr.c:139:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oifname[IFNAMSIZ];
data/nield-0.6.1/src/frhdr.c:217:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table[16] = "";
data/nield-0.6.1/src/frhdr.c:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/ifamsg.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paddr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/ifamsg.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char laddr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/ifamsg.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/ifamsg.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iflabel[IFNAMSIZ] = "";
data/nield-0.6.1/src/ifamsg.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_MSG_SIZE] = "";
data/nield-0.6.1/src/ifamsg.c:131:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iflabel, RTA_DATA(ifa[IFA_LABEL]), IFNAMSIZ);
data/nield-0.6.1/src/ifamsg.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/ifamsg.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/ifimsg.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/ifimsg.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/ifimsg.c:239:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iflist = fopen(fname, "w");
data/nield-0.6.1/src/ifimsg.c:417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_MSG_SIZE] = "";
data/nield-0.6.1/src/ifimsg.c:671:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/ifimsg.c:675:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(state, "enabled,") : strcpy(state, "disabled,");
data/nield-0.6.1/src/ifimsg.c:675:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(state, "enabled,") : strcpy(state, "disabled,");
data/nield-0.6.1/src/ifimsg.c:679:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(state, "linkup") : strcat(state, "linkdown");
data/nield-0.6.1/src/ifimsg.c:679:39: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(state, "linkup") : strcat(state, "linkdown");
data/nield-0.6.1/src/ifimsg.c:697:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/ifimsg.c:701:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(state, "enabled,") : strcpy(state, "disabled,");
data/nield-0.6.1/src/ifimsg.c:701:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(state, "enabled,") : strcpy(state, "disabled,");
data/nield-0.6.1/src/ifimsg.c:705:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(state, "linkup") : strcat(state, "linkdown");
data/nield-0.6.1/src/ifimsg.c:705:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(state, "linkup") : strcat(state, "linkdown");
data/nield-0.6.1/src/ifimsg.c:741:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ] = "";
data/nield-0.6.1/src/ifimsg.c:763:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/ifimsg.c:773:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifle->addr, addr, sizeof(addr));
data/nield-0.6.1/src/ifimsg.c:798:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char brd[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/ifimsg.c:808:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifle->brd, brd, sizeof(brd));
data/nield-0.6.1/src/ifimsg.c:960:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/ifimsg.c:1265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind[MODULE_NAME_LEN] = "";
data/nield-0.6.1/src/ifimsg.c:1604:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char list[MAX_STR_SIZE];
data/nield-0.6.1/src/ifimsg_bond.c:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET_ADDRSTRLEN] = "";
data/nield-0.6.1/src/ifimsg_bond.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[INET_ADDRSTRLEN * BOND_MAX_ARP_TARGETS] = "";
data/nield-0.6.1/src/ifimsg_gre.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/ifimsg_gre.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/ifimsg_gre.c:168:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char list[MAX_STR_SIZE];
data/nield-0.6.1/src/ifimsg_vlan.c:236:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char list[MAX_STR_SIZE];
data/nield-0.6.1/src/ifimsg_vxlan.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ];
data/nield-0.6.1/src/ifimsg_vxlan.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/ifimsg_vxlan.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/log.c:31:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_fd = fopen(filename, "a");
data/nield-0.6.1/src/log.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_MSG_SIZE] = "";
data/nield-0.6.1/src/ndmsg.c:136:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ndlist = fopen(NDLIST_FILE, "w");
data/nield-0.6.1/src/ndmsg.c:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ndm_type[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/ndmsg.c:241:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ndm_type, "arp cache");
data/nield-0.6.1/src/ndmsg.c:246:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ndm_type, "ndp cache");
data/nield-0.6.1/src/ndmsg.c:403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/ndmsg.c:495:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char list[MAX_STR_SIZE];
data/nield-0.6.1/src/nield.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lock_file[MAX_STR_SIZE] = LOCK_FILE;
data/nield-0.6.1/src/nield.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char log_file[MAX_STR_SIZE];
data/nield-0.6.1/src/nield.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dbg_file[MAX_STR_SIZE];
data/nield-0.6.1/src/nield.c:219:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rcv_buflen = atoi(optarg);
data/nield-0.6.1/src/nield.c:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_str[16];
data/nield-0.6.1/src/nield.c:310:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((lock_fd = open(lock_file, O_RDONLY, 0)) > 0) {
data/nield-0.6.1/src/nield.c:321:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(kill((pid_t)atol(pid_str), 0) == 0) {
data/nield-0.6.1/src/nield.c:322:86: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fprintf(stderr, "error %s: nield already running(PID: %ld)\n", __func__, atol(pid_str));
data/nield-0.6.1/src/nield.c:329:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lock_fd = open(lock_file, O_CREAT|O_TRUNC|O_WRONLY, 0644);
data/nield-0.6.1/src/nield.c:331:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lock_fd = open(lock_file, O_CREAT|O_EXCL|O_WRONLY, 0644);
data/nield-0.6.1/src/nield.c:348:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_str[16];
data/nield-0.6.1/src/nield.c:648:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16384];
data/nield-0.6.1/src/nield.c:715:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/nield-0.6.1/src/nield.h:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ];
data/nield-0.6.1/src/nield.h:129:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char addr[INET6_ADDRSTRLEN+1];
data/nield-0.6.1/src/nield.h:130:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char brd[INET6_ADDRSTRLEN+1];
data/nield-0.6.1/src/nield.h:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind[MODULE_NAME_LEN];
data/nield-0.6.1/src/nield.h:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_master[IFNAMSIZ];
data/nield-0.6.1/src/nield.h:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/nield-0.6.1/src/nield.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[INET6_ADDRSTRLEN+1];
data/nield-0.6.1/src/nield.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lladdr[INET6_ADDRSTRLEN+1];
data/nield-0.6.1/src/rta.c:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/rta.c:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/rta.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/rta.c:409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/rta.c:457:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_classid[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/rtmsg.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/rtmsg.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_MSG_SIZE] = "";
data/nield-0.6.1/src/rtmsg.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[INET6_ADDRSTRLEN] = "";
data/nield-0.6.1/src/rtmsg.c:58:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ipv, "ipv4");
data/nield-0.6.1/src/rtmsg.c:59:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst, "0.0.0.0");
data/nield-0.6.1/src/rtmsg.c:61:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ipv, "ipv6");
data/nield-0.6.1/src/rtmsg.c:62:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst, "::");
data/nield-0.6.1/src/rtmsg.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/rtmsg.c:101:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[INET6_ADDRSTRLEN] = "";
data/nield-0.6.1/src/rtmsg.c:114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefsrc[INET6_ADDRSTRLEN] = "";
data/nield-0.6.1/src/rtmsg.c:132:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/rtmsg.c:146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nexthop[INET6_ADDRSTRLEN] = "";
data/nield-0.6.1/src/rtmsg.c:160:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/rtmsg.c:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char metric[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/rtmsg.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/rtmsg.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proto[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/rtmsg.c:208:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rtnh_ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/rtmsg.c:209:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rtnh_nexthop[INET6_ADDRSTRLEN] = "";
data/nield-0.6.1/src/rtmsg.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/rtmsg.c:399:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/rtmsg.c:400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcamsg.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_MSG_SIZE] = "";
data/nield-0.6.1/src/tcamsg.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind[IFNAMSIZ] = "";
data/nield-0.6.1/src/tcamsg.c:104:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncpy(kind, (char *)RTA_DATA(act[TCA_ACT_KIND]), sizeof(kind));
data/nield-0.6.1/src/tcamsg.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind[IFNAMSIZ];
data/nield-0.6.1/src/tcamsg_csum.c:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcamsg_csum.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcamsg_mirred.c:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/tcamsg_mirred.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/tcamsg_nat.c:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old[INET_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/tcamsg_nat.c:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new[INET_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/tcamsg_nat.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old[INET_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/tcamsg_nat.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new[INET_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/tcamsg_nat.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[INET_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/tcamsg_police.c:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rate[MAX_STR_SIZE];
data/nield-0.6.1/src/tcamsg_police.c:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char burst[MAX_STR_SIZE];
data/nield-0.6.1/src/tcamsg_police.c:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peakrate[MAX_STR_SIZE];
data/nield-0.6.1/src/tcamsg_police.c:36:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtu[MAX_STR_SIZE];
data/nield-0.6.1/src/tcamsg_police.c:39:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char latency[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_filter.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_MSG_SIZE] = "";
data/nield-0.6.1/src/tcmsg_filter.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/nield-0.6.1/src/tcmsg_filter.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_filter.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind[IFNAMSIZ] = "(unknown)";
data/nield-0.6.1/src/tcmsg_filter.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proto[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_filter.c:77:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncpy(kind, (char *)RTA_DATA(tca[TCA_KIND]), sizeof(kind));
data/nield-0.6.1/src/tcmsg_filter.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char classid[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_filter.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ];
data/nield-0.6.1/src/tcmsg_filter_flow.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char classid[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_filter_flow.c:271:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char list[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_filter_route.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/nield-0.6.1/src/tcmsg_filter_rsvp.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/tcmsg_filter_rsvp.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN+1] = "";
data/nield-0.6.1/src/tcmsg_filter_u32.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_filter_u32.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_filter_u32.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_handle[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_filter_u32.c:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_filter_u32.c:362:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_MSG_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/nield-0.6.1/src/tcmsg_qdisc.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parent[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind[IFNAMSIZ] = "(unknown)";
data/nield-0.6.1/src/tcmsg_qdisc.c:96:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncpy(kind, (char *)RTA_DATA(tca[TCA_KIND]), sizeof(kind));
data/nield-0.6.1/src/tcmsg_qdisc.c:248:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/proc/net/psched", "r");
data/nield-0.6.1/src/tcmsg_qdisc.c:292:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ] = "";
data/nield-0.6.1/src/tcmsg_qdisc.c:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc.c:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parent[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc.c:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind[IFNAMSIZ] = "";
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:79:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rate[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:86:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxidle[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:87:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minidle[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char split[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strategy_list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_choke.c:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_choke.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_codel.c:42:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_codel.c:54:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interval[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_drr.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quantum[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_dsmark.c:58:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*(unsigned char *)RTA_DATA(dsmark[TCA_DSMARK_VALUE]));
data/nield-0.6.1/src/tcmsg_qdisc_dsmark.c:67:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*(unsigned char *)RTA_DATA(dsmark[TCA_DSMARK_MASK]));
data/nield-0.6.1/src/tcmsg_qdisc_fifo.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limit[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_fq_codel.c:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_fq_codel.c:72:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interval[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_gred.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limit[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_gred.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_gred.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_hfsc.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m1[MAX_STR_SIZE], m2[MAX_STR_SIZE], d[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_htb.c:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rate[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_htb.c:47:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ceil[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_htb.c:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char burst[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_htb.c:49:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cburst[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_netem.c:115:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char latency[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_netem.c:126:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jitter[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_netem.c:186:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netem_rate[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_plug.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char action[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_prio.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prio[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_red.c:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limit[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_red.c:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_red.c:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_red.c:36:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_red.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_sfb.c:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rehash[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_sfb.c:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warmup[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_sfq.c:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_sfq.c:47:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_sfq.c:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_sfq.c:91:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[MAX_STR_SIZE] = "";
data/nield-0.6.1/src/tcmsg_qdisc_tbf.c:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rate[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_tbf.c:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char burst[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_tbf.c:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peakrate[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_tbf.c:36:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtu[MAX_STR_SIZE];
data/nield-0.6.1/src/tcmsg_qdisc_tbf.c:39:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char latency[MAX_STR_SIZE];
data/nield-0.6.1/src/frhdr.c:374:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "NONE", len);
data/nield-0.6.1/src/frhdr.c:378:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & FIB_RULE_##s) && (len - strlen(flags_list) - 1 > 0)) \
data/nield-0.6.1/src/frhdr.c:380:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s ",", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/frhdr.c:380:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s ",", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/frhdr.c:381:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/frhdr.c:381:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/frhdr.c:396:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(flags_list))
data/nield-0.6.1/src/frhdr.c:397:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "UNKNOWN", len);
data/nield-0.6.1/src/ifamsg.c:254:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "NONE", len);
data/nield-0.6.1/src/ifamsg.c:258:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & IFA_F_##f) && (len - strlen(flags_list) - 1 > 0)) \
data/nield-0.6.1/src/ifamsg.c:260:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #f ",", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/ifamsg.c:260:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #f ",", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/ifamsg.c:261:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #f, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/ifamsg.c:261:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #f, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/ifamsg.c:278:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(flags_list))
data/nield-0.6.1/src/ifamsg.c:279:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "UNKNOWN", len);
data/nield-0.6.1/src/ifimsg.c:168:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, e->name, sizeof(e->name));
data/nield-0.6.1/src/ifimsg.c:183:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, e->name, sizeof(e->name));
data/nield-0.6.1/src/ifimsg.c:228:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname, IFLIST_FILE, sizeof(fname));
data/nield-0.6.1/src/ifimsg.c:229:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(title, "interface list", sizeof(fname));
data/nield-0.6.1/src/ifimsg.c:233:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname, IFHIST_FILE, sizeof(fname));
data/nield-0.6.1/src/ifimsg.c:234:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(title, "interface history", sizeof(fname));
data/nield-0.6.1/src/ifimsg.c:266:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e->name, e->index, strlen(e->kind) ? e->kind : "no");
data/nield-0.6.1/src/ifimsg.c:269:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(e->name_master) ? e->name_master : "none" , e->index_master);
data/nield-0.6.1/src/ifimsg.c:559:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifle->name_master, ifle_tmp->name_master, sizeof(ifle->name_master));
data/nield-0.6.1/src/ifimsg.c:563:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(ifle->name_master, "", sizeof(ifle->name_master));
data/nield-0.6.1/src/ifimsg.c:597:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifle->name, ifle_tmp->name, IFNAMSIZ);
data/nield-0.6.1/src/ifimsg.c:727:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifle->name, RTA_DATA(ifla), sizeof(ifle->name));
data/nield-0.6.1/src/ifimsg.c:879:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifle->kind, (char *)RTA_DATA(info), sizeof(ifle->kind));
data/nield-0.6.1/src/ifimsg.c:1607:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(list, "", sizeof(list));
data/nield-0.6.1/src/ifimsg.c:1609:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(list, "NONE", len);
data/nield-0.6.1/src/ifimsg.c:1613:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & IFF_##s) && (len - strlen(list) -1 > 0)) \
data/nield-0.6.1/src/ifimsg.c:1615:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, #s ",", len - strlen(list) - 1) : \
data/nield-0.6.1/src/ifimsg.c:1615:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(list, #s ",", len - strlen(list) - 1) : \
data/nield-0.6.1/src/ifimsg.c:1616:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, #s, len - strlen(list) - 1);
data/nield-0.6.1/src/ifimsg.c:1616:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(list, #s, len - strlen(list) - 1);
data/nield-0.6.1/src/ifimsg.c:1639:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(list))
data/nield-0.6.1/src/ifimsg.c:1640:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(list, "UNKNOWN", len);
data/nield-0.6.1/src/ifimsg_bond.c:211:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(target, ",");
data/nield-0.6.1/src/ifimsg_bond.c:213:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(target) > 0)
data/nield-0.6.1/src/ifimsg_bond.c:214:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target[strlen(target) - 1] = '\0';
data/nield-0.6.1/src/ifimsg_brport.c:37:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifle->name_master, ifle_tmp->name_master, IFNAMSIZ);
data/nield-0.6.1/src/ifimsg_brport.c:59:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(ifle->name_master, "", IFNAMSIZ);
data/nield-0.6.1/src/ifimsg_gre.c:171:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(list, "", sizeof(list));
data/nield-0.6.1/src/ifimsg_gre.c:173:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(list, "NONE", sizeof(list));
data/nield-0.6.1/src/ifimsg_gre.c:177:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & GRE_##s) && (len - strlen(list) - 1 > 0)) \
data/nield-0.6.1/src/ifimsg_gre.c:179:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, #s ",", len - strlen(list) - 1) : \
data/nield-0.6.1/src/ifimsg_gre.c:179:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(list, #s ",", len - strlen(list) - 1) : \
data/nield-0.6.1/src/ifimsg_gre.c:180:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, #s, len - strlen(list) - 1);
data/nield-0.6.1/src/ifimsg_gre.c:180:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(list, #s, len - strlen(list) - 1);
data/nield-0.6.1/src/ifimsg_gre.c:187:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(list))
data/nield-0.6.1/src/ifimsg_gre.c:188:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(list, "UNKNOWN", len);
data/nield-0.6.1/src/ifimsg_vlan.c:239:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(list, "", len);
data/nield-0.6.1/src/ifimsg_vlan.c:241:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(list, "NONE", len);
data/nield-0.6.1/src/ifimsg_vlan.c:245:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & VLAN_FLAG_##s) && (len - strlen(list) - 1 > 0)) \
data/nield-0.6.1/src/ifimsg_vlan.c:247:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, #s ",", len - strlen(list) - 1) : \
data/nield-0.6.1/src/ifimsg_vlan.c:247:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(list, #s ",", len - strlen(list) - 1) : \
data/nield-0.6.1/src/ifimsg_vlan.c:248:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, #s, len - strlen(list) - 1);
data/nield-0.6.1/src/ifimsg_vlan.c:248:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(list, #s, len - strlen(list) - 1);
data/nield-0.6.1/src/ifimsg_vlan.c:259:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(list))
data/nield-0.6.1/src/ifimsg_vlan.c:260:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(list, "UNKNOWN", len);
data/nield-0.6.1/src/ndmsg.c:86:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ndle->lladdr, "none", sizeof(ndle->lladdr));
data/nield-0.6.1/src/ndmsg.c:267:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ndle_tmp->lladdr, "none", sizeof(ndle_tmp->lladdr));
data/nield-0.6.1/src/ndmsg.c:499:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(list, "NONE", len);
data/nield-0.6.1/src/ndmsg.c:503:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & NTF_##f) && (len - strlen(list) - 1 > 0)) \
data/nield-0.6.1/src/ndmsg.c:505:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, #f ",", len - strlen(list) - 1) : \
data/nield-0.6.1/src/ndmsg.c:505:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(list, #f ",", len - strlen(list) - 1) : \
data/nield-0.6.1/src/ndmsg.c:506:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, #f, len - strlen(list) - 1);
data/nield-0.6.1/src/ndmsg.c:506:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(list, #f, len - strlen(list) - 1);
data/nield-0.6.1/src/ndmsg.c:513:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(list))
data/nield-0.6.1/src/ndmsg.c:514:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(list, "UNKNOWN", len);
data/nield-0.6.1/src/nield.c:180:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lock_file, optarg, MAX_STR_SIZE);
data/nield-0.6.1/src/nield.c:183:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) < MAX_STR_SIZE) {
data/nield-0.6.1/src/nield.c:193:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) < MAX_STR_SIZE) {
data/nield-0.6.1/src/nield.c:208:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) < MAX_STR_SIZE) {
data/nield-0.6.1/src/nield.c:218:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg) < MAX_STR_SIZE) {
data/nield-0.6.1/src/nield.c:311:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(lock_fd, pid_str, sizeof(pid_str)-1);
data/nield-0.6.1/src/nield.c:352:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(lock_fd, pid_str, strlen(pid_str));
data/nield-0.6.1/src/rta.c:269:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, (char *)RTA_DATA(rta), len - 1);
data/nield-0.6.1/src/rta.c:273:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, p, len);
data/nield-0.6.1/src/rta.c:350:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += snprintf(p, dstlen - strlen(dst), "%02x%s",
data/nield-0.6.1/src/rtmsg.c:555:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "NONE", len);
data/nield-0.6.1/src/rtmsg.c:559:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & RTM_F_##s) && (len - strlen(flags_list) - 1 > 0)) \
data/nield-0.6.1/src/rtmsg.c:561:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s ", ", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/rtmsg.c:561:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s ", ", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/rtmsg.c:562:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/rtmsg.c:562:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/rtmsg.c:568:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(flags_list))
data/nield-0.6.1/src/rtmsg.c:569:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "UNKNOWN", len);
data/nield-0.6.1/src/rtmsg.c:578:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "NONE", len);
data/nield-0.6.1/src/rtmsg.c:582:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & RTNH_F_##s) && (len - strlen(flags_list) - 1 > 0)) \
data/nield-0.6.1/src/rtmsg.c:584:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s ", ", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/rtmsg.c:584:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s ", ", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/rtmsg.c:585:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/rtmsg.c:585:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/rtmsg.c:590:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(flags_list))
data/nield-0.6.1/src/rtmsg.c:591:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "UNKNOWN", len);
data/nield-0.6.1/src/tcamsg.c:104:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(kind, (char *)RTA_DATA(act[TCA_ACT_KIND]), sizeof(kind));
data/nield-0.6.1/src/tcamsg_csum.c:121:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flags_list, debug ? "NONE" : "none", len);
data/nield-0.6.1/src/tcamsg_csum.c:125:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & TCA_CSUM_UPDATE_FLAG_##s1) && (len - strlen(flags_list) - 1 > 0)) \
data/nield-0.6.1/src/tcamsg_csum.c:127:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s2 ",", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/tcamsg_csum.c:127:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s2 ",", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/tcamsg_csum.c:128:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s2, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/tcamsg_csum.c:128:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s2, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/tcamsg_csum.c:136:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(flags_list))
data/nield-0.6.1/src/tcamsg_csum.c:137:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flags_list, debug ? "UNKNOWN" : "unknown", len);
data/nield-0.6.1/src/tcmsg_filter.c:77:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(kind, (char *)RTA_DATA(tca[TCA_KIND]), sizeof(kind));
data/nield-0.6.1/src/tcmsg_filter.c:91:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proto, conv_eth_p(ntohs(TC_H_MIN(tcm->tcm_info)), 0), sizeof(proto));
data/nield-0.6.1/src/tcmsg_filter.c:92:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(proto))
data/nield-0.6.1/src/tcmsg_filter.c:176:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, (char *)RTA_DATA(tca), sizeof(name));
data/nield-0.6.1/src/tcmsg_filter.c:818:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flags_list, debug ? "NONE" : "none", len);
data/nield-0.6.1/src/tcmsg_filter.c:822:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & TC_U32_##s1) && (len - strlen(flags_list) - 1 > 0)) \
data/nield-0.6.1/src/tcmsg_filter.c:824:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, debug ? #s1 "," : #s2 ",", \
data/nield-0.6.1/src/tcmsg_filter.c:825:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/tcmsg_filter.c:826:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, debug ? #s1 : #s2, \
data/nield-0.6.1/src/tcmsg_filter.c:827:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len - strlen(flags_list) - 1);
data/nield-0.6.1/src/tcmsg_filter.c:833:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(flags_list))
data/nield-0.6.1/src/tcmsg_filter.c:834:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flags_list, debug ? "UNKNOWN" : "unknown", len);
data/nield-0.6.1/src/tcmsg_filter_flow.c:274:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(list, "", sizeof(list));
data/nield-0.6.1/src/tcmsg_filter_flow.c:276:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(list, debug ? "NONE" : "none", len);
data/nield-0.6.1/src/tcmsg_filter_flow.c:280:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & (1 << FLOW_KEY_##s1)) && (len - strlen(list) - 1 > 0)) \
data/nield-0.6.1/src/tcmsg_filter_flow.c:282:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, debug ? #s1 "," : #s2 ",", \
data/nield-0.6.1/src/tcmsg_filter_flow.c:283:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len - strlen(list) - 1) : \
data/nield-0.6.1/src/tcmsg_filter_flow.c:284:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(list, debug ? #s1 : #s2, \
data/nield-0.6.1/src/tcmsg_filter_flow.c:285:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len - strlen(list) - 1);
data/nield-0.6.1/src/tcmsg_filter_flow.c:307:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(list))
data/nield-0.6.1/src/tcmsg_filter_flow.c:308:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(list, debug ? "UNKNOWN" : "unknown", len);
data/nield-0.6.1/src/tcmsg_filter_u32.c:364:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(str, "", sizeof(str));
data/nield-0.6.1/src/tcmsg_qdisc.c:96:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(kind, (char *)RTA_DATA(tca[TCA_KIND]), sizeof(kind));
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:308:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(change_list, "NONE", len);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:312:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((change & TCF_CBQ_LSS_##s) && (len - strlen(change_list) - 1 > 0)) \
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:314:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(change_list, #s ",", len - strlen(change_list) -1) : \
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:314:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(change_list, #s ",", len - strlen(change_list) -1) : \
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:315:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(change_list, #s, len - strlen(change_list) - 1);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:315:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(change_list, #s, len - strlen(change_list) - 1);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:323:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(change_list))
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:324:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(change_list, "UNKNOWN", len);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:333:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "NONE", len);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:337:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & TCF_CBQ_LSS_##s) && (len - strlen(flags_list) - 1 > 0)) \
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:339:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s ",", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:339:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s ",", len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:340:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, #s, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:340:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(flags_list, #s, len - strlen(flags_list) - 1);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:344:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(flags_list))
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:345:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(flags_list, "UNKNOWN", len);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:354:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(strategy_list, "NONE", len);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:358:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strategy & TC_CBQ_OVL_##s) && (len - strlen(strategy_list) - 1 > 0)) \
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:360:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(strategy_list, #s ",", len - strlen(strategy_list) - 1) : \
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:360:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(strategy_list, #s ",", len - strlen(strategy_list) - 1) : \
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:361:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(strategy_list, #s, len - strlen(strategy_list) - 1);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:361:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(strategy_list, #s, len - strlen(strategy_list) - 1);
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:368:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(strategy_list))
data/nield-0.6.1/src/tcmsg_qdisc_cbq.c:369:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(strategy_list, "UNKNOWN", len);
data/nield-0.6.1/src/tcmsg_qdisc_plug.c:38:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(action, "buffer", sizeof(action));
data/nield-0.6.1/src/tcmsg_qdisc_plug.c:40:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(action, "release_one", sizeof(action));
data/nield-0.6.1/src/tcmsg_qdisc_plug.c:42:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(action, "release_indefinite", sizeof(action));
data/nield-0.6.1/src/tcmsg_qdisc_prio.c:63:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += snprintf(p, len - strlen(prio), "%d ", qopt->priomap[i]);
data/nield-0.6.1/src/tcmsg_qdisc_prio.c:65:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += snprintf(p, len - strlen(prio), "%d-", qopt->priomap[i]);
data/nield-0.6.1/src/tcmsg_qdisc_red.c:146:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flags_list, debug ? "NONE" : "none", len);
data/nield-0.6.1/src/tcmsg_qdisc_red.c:150:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((flags & TC_RED_##s1) && (len - strlen(flags_list) - 1 > 0)) \
data/nield-0.6.1/src/tcmsg_qdisc_red.c:152:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, debug ? #s1 "," : #s2 ",", \
data/nield-0.6.1/src/tcmsg_qdisc_red.c:153:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len - strlen(flags_list) - 1) : \
data/nield-0.6.1/src/tcmsg_qdisc_red.c:154:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(flags_list, debug ? #s1 : #s2, \
data/nield-0.6.1/src/tcmsg_qdisc_red.c:155:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len - strlen(flags_list) - 1);
data/nield-0.6.1/src/tcmsg_qdisc_red.c:162:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(flags_list))
data/nield-0.6.1/src/tcmsg_qdisc_red.c:163:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flags_list, debug ? "UNKNOWN" : "unknown", len);
ANALYSIS SUMMARY:
Hits = 373
Lines analyzed = 15012 in approximately 0.47 seconds (31728 lines/second)
Physical Source Lines of Code (SLOC) = 10279
Hits@level = [0] 95 [1] 166 [2] 196 [3] 2 [4] 7 [5] 2
Hits@level+ = [0+] 468 [1+] 373 [2+] 207 [3+] 11 [4+] 9 [5+] 2
Hits/KSLOC@level+ = [0+] 45.5297 [1+] 36.2876 [2+] 20.1381 [3+] 1.07014 [4+] 0.875572 [5+] 0.194571
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.