Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nss-mdns-0.14.1/tests/check_util.c
Examining data/nss-mdns-0.14.1/src/nss.c
Examining data/nss-mdns-0.14.1/src/nss-test.c
Examining data/nss-mdns-0.14.1/src/avahi.h
Examining data/nss-mdns-0.14.1/src/avahi-test.c
Examining data/nss-mdns-0.14.1/src/avahi.c
Examining data/nss-mdns-0.14.1/src/util.c
Examining data/nss-mdns-0.14.1/src/util.h
FINAL RESULTS:
data/nss-mdns-0.14.1/src/util.c:310:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, str);
data/nss-mdns-0.14.1/src/avahi-test.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[256];
data/nss-mdns-0.14.1/src/avahi.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ln[256];
data/nss-mdns-0.14.1/src/avahi.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[256], ln[256];
data/nss-mdns-0.14.1/src/nss-test.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[INET_ADDRSTRLEN];
data/nss-mdns-0.14.1/src/nss-test.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str6[INET6_ADDRSTRLEN];
data/nss-mdns-0.14.1/src/nss-test.c:123:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[256];
data/nss-mdns-0.14.1/src/nss.c:164:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mdns_allow_file = fopen(MDNS_ALLOW_FILE, "r");
data/nss-mdns-0.14.1/src/nss.c:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[256];
data/nss-mdns-0.14.1/src/util.c:79:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ln[128], ln2[129], *t;
data/nss-mdns-0.14.1/src/util.c:120:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char answer[NS_MAXMSG];
data/nss-mdns-0.14.1/src/util.c:171:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->h_addr_list[0], addr, len);
data/nss-mdns-0.14.1/src/util.c:204:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &u->result[i].address, address_length);
data/nss-mdns-0.14.1/src/util.c:250:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(tuple->addr), &(result->address), address_length);
data/nss-mdns-0.14.1/src/util.c:321:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(u->result[u->count]), result, sizeof(*result));
data/nss-mdns-0.14.1/tests/check_util.c:524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zero[100];
data/nss-mdns-0.14.1/tests/check_util.c:553:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result.address.ipv6.address, ipv6_doc_prefix,
data/nss-mdns-0.14.1/tests/check_util.c:572:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expected_ipv6, ipv6_doc_prefix, sizeof ipv6_doc_prefix);
data/nss-mdns-0.14.1/tests/check_util.c:606:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char poison[excess];
data/nss-mdns-0.14.1/tests/check_util.c:627:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expected_ipv6, ipv6_doc_prefix, sizeof ipv6_doc_prefix);
data/nss-mdns-0.14.1/tests/check_util.c:648:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:664:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10];
data/nss-mdns-0.14.1/tests/check_util.c:681:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:712:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:731:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:763:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10];
data/nss-mdns-0.14.1/tests/check_util.c:781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:812:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:842:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:859:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:875:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10];
data/nss-mdns-0.14.1/tests/check_util.c:893:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/tests/check_util.c:922:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/nss-mdns-0.14.1/src/avahi.c:50:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sa.sun_path, AVAHI_SOCKET, sizeof(sa.sun_path) - 1);
data/nss-mdns-0.14.1/src/avahi.c:161:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, p, name_len - 1);
data/nss-mdns-0.14.1/src/util.c:52:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ls = strlen(suffix)) > (ln = strlen(name)))
data/nss-mdns-0.14.1/src/util.c:52:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ls = strlen(suffix)) > (ln = strlen(name)))
data/nss-mdns-0.14.1/src/util.c:137:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/nss-mdns-0.14.1/src/util.c:306:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* result = buffer_alloc(buf, strlen(str) + 1);
data/nss-mdns-0.14.1/tests/check_util.c:72:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FILE* f = fmemopen((void*)file_contents, strlen(file_contents), "r");
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 2249 in approximately 0.08 seconds (28931 lines/second)
Physical Source Lines of Code (SLOC) = 1692
Hits@level = [0] 32 [1] 7 [2] 33 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 73 [1+] 41 [2+] 34 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 43.1442 [1+] 24.2317 [2+] 20.0946 [3+] 0.591017 [4+] 0.591017 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.