Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nttcp-1.47/support.c
Examining data/nttcp-1.47/support.h
Examining data/nttcp-1.47/nttcp.c
FINAL RESULTS:
data/nttcp-1.47/nttcp.c:129:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog(int priority, const char *message, ...);
data/nttcp-1.47/nttcp.c:802:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf, "missing argument value for %s\n", what);
data/nttcp-1.47/nttcp.c:807:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf, "invalid value for %s (%.30s)\n", what, arg);
data/nttcp-1.47/nttcp.c:834:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf, "%-9s%-10s%-10s\n", "byte#", "expected", "received");
data/nttcp-1.47/nttcp.c:840:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf,
data/nttcp-1.47/nttcp.c:1182:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf, "%s, version %s\n", myname, version);
data/nttcp-1.47/nttcp.c:1284:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf, "%s: fgets: cannot read stdin\n", myname);
data/nttcp-1.47/nttcp.c:1288:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf, "%s: optionline longer than %d\n",
data/nttcp-1.47/nttcp.c:1431:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(OptBuf, "-m%s:%d",
data/nttcp-1.47/nttcp.c:1527:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf,
data/nttcp-1.47/nttcp.c:1532:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(LineBuf, DataPortFormat, &DataPort);
data/nttcp-1.47/nttcp.c:1601:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf, "connect-dta: fd=%d, sin_port=%d, s_addr=%s",
data/nttcp-1.47/nttcp.c:1626:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(Peer[0].fout, DataPortFormat, -1);
data/nttcp-1.47/nttcp.c:1638:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, DataPortFormat, -1);
data/nttcp-1.47/nttcp.c:1640:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, DataPortFormat, DEFAULT_PORT);
data/nttcp-1.47/nttcp.c:1667:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(Peer[0].fout, DataPortFormat, 0);
data/nttcp-1.47/nttcp.c:1677:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(Peer[0].fout, DataPortFormat, DataPort);
data/nttcp-1.47/nttcp.c:1700:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf,
data/nttcp-1.47/nttcp.c:1753:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf, "buflen=%d, bufcnt=%d, dataport=%d/%s%s\n",
data/nttcp-1.47/nttcp.c:1971:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, fFormat, fw, fp,
data/nttcp-1.47/nttcp.c:1977:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, fFormat, fw, fp,
data/nttcp-1.47/nttcp.c:1983:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, fFormat, fw, fp, cput);
data/nttcp-1.47/nttcp.c:1988:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, fFormat, fw, fp,
data/nttcp-1.47/nttcp.c:1994:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, fFormat, fw, fp,
data/nttcp-1.47/nttcp.c:2000:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, fFormat, fw, fp, realt);
data/nttcp-1.47/nttcp.c:2005:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, iFormat, fw, fp, opt.BufLen);
data/nttcp-1.47/nttcp.c:2010:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, iFormat, fw, fp, nBuffer);
data/nttcp-1.47/nttcp.c:2015:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, iFormat, fw, fp, nBytes);
data/nttcp-1.47/nttcp.c:2020:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(MsgBuf, iFormat, fw, fp, SysCalls);
data/nttcp-1.47/nttcp.c:2028:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MsgBuf, "%*s", fw, TitleStr);
data/nttcp-1.47/support.c:80:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dvs->s, s);
data/nttcp-1.47/support.c:104:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vs->s, s);
data/nttcp-1.47/support.c:113:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dls->s+dls->Leng, s);
data/nttcp-1.47/support.h:32:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ERROR_LOG2(s, a, b) fprintf(stderr, s, a, b)
data/nttcp-1.47/support.h:118:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strdup(x) strcpy((char *)malloc(strlen(x)+1), x)
data/nttcp-1.47/nttcp.c:1037:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env= getenv(EnvName);
data/nttcp-1.47/nttcp.c:112:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define FD_COPY(src,dst) memcpy(dst, src, sizeof(*(dst)))
data/nttcp-1.47/nttcp.c:161:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char WrongNumber[32];
data/nttcp-1.47/nttcp.c:165:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(WrongNumber, "unknown errno: %d\n", n);
data/nttcp-1.47/nttcp.c:293:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MsgBuf[1024]; /* to generate formated messages there
data/nttcp-1.47/nttcp.c:418:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MsgBuf[64];
data/nttcp-1.47/nttcp.c:419:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "try to get outstanding messages from %d remote clients\n", pcnt);
data/nttcp-1.47/nttcp.c:554:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char rb[250];
data/nttcp-1.47/nttcp.c:806:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((*val=atoi(arg)) <= 0 || *val >= Limit) {
data/nttcp-1.47/nttcp.c:832:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "Here the list of at most %d failed comparisions:\n", ReportLimit);
data/nttcp-1.47/nttcp.c:838:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rBits[9], eBits[9];
data/nttcp-1.47/nttcp.c:1005:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt->MulticastPort= atoi(p+1);
data/nttcp-1.47/nttcp.c:1010:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MsgBuf, "need -DMULTICAST when compile, to use MULTICAST");
data/nttcp-1.47/nttcp.c:1017:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MsgBuf, "unknown option: ");
data/nttcp-1.47/nttcp.c:1090:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(RemHost) > 0) {
data/nttcp-1.47/nttcp.c:1099:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MsgBuf, "bad hostname: ");
data/nttcp-1.47/nttcp.c:1105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sinrh.sin_addr.s_addr, addr->h_addr, addr->h_length);
data/nttcp-1.47/nttcp.c:1172:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "cannot setuid(%d)\n", NOBODY);
data/nttcp-1.47/nttcp.c:1191:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "running in inetd mode on port %d - "
data/nttcp-1.47/nttcp.c:1220:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "fork failed for try #%d\n", FailCnt);
data/nttcp-1.47/nttcp.c:1244:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf,
data/nttcp-1.47/nttcp.c:1259:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OptionLine[1024];
data/nttcp-1.47/nttcp.c:1301:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "Pid=%d, InetPeer= %.30s\n",
data/nttcp-1.47/nttcp.c:1304:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf,"Optionline=\"%.201s\"\n", OptionLine);
data/nttcp-1.47/nttcp.c:1317:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "Pid=%d\n", (int)getpid());
data/nttcp-1.47/nttcp.c:1348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OptBuf[64];
data/nttcp-1.47/nttcp.c:1372:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "cannot send to multiple hosts, "
data/nttcp-1.47/nttcp.c:1402:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(OptBuf, "-l%d", opt.BufLen);
data/nttcp-1.47/nttcp.c:1404:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(OptBuf, "-n%d", opt.BufCnt);
data/nttcp-1.47/nttcp.c:1423:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(OptBuf, "-R%d", opt.PidCalls);
data/nttcp-1.47/nttcp.c:1427:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(OptBuf, "-g%d", opt.GapLength);
data/nttcp-1.47/nttcp.c:1453:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "cannot write options to peer \"%.50s\"=\"%.30s\"\n",
data/nttcp-1.47/nttcp.c:1465:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "malloc failed for %d bytes (snd/rcv buffer)\n", opt.BufLen);
data/nttcp-1.47/nttcp.c:1470:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "malloc failed for %d bytes (ExpectBuf)\n", opt.BufLen);
data/nttcp-1.47/nttcp.c:1520:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LineBuf[256];
data/nttcp-1.47/nttcp.c:1538:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "receiving side %.50s (=%.30s) "
data/nttcp-1.47/nttcp.c:1545:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf,
data/nttcp-1.47/nttcp.c:1597:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "waiting for connect\n");
data/nttcp-1.47/nttcp.c:1606:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "connected !\n");
data/nttcp-1.47/nttcp.c:1624:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Message[256];
data/nttcp-1.47/nttcp.c:1627:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Message,
data/nttcp-1.47/nttcp.c:1649:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf,
data/nttcp-1.47/nttcp.c:1740:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MsgBuf, "get send window size didn't work\n");
data/nttcp-1.47/nttcp.c:1742:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "send window size = %d\n", WinSize);
data/nttcp-1.47/nttcp.c:1746:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MsgBuf, "get recv window size didn't work\n");
data/nttcp-1.47/nttcp.c:1748:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "receive window size = %d\n", WinSize);
data/nttcp-1.47/nttcp.c:1765:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "pid-rate (from %d calls): %.0f/s\n",
data/nttcp-1.47/nttcp.c:1807:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "transmitted %ld bytes\n", nBytes);
data/nttcp-1.47/nttcp.c:1868:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "received %ld bytes\n", nBytes);
data/nttcp-1.47/nttcp.c:1872:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "further %ld differences not reported\n",
data/nttcp-1.47/nttcp.c:1910:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(MsgBuf, "%d", opt.RemoteNumber);
data/nttcp-1.47/nttcp.c:432:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc= read (Peer[p].Socket, MsgBuf, sizeof(MsgBuf)-1);
data/nttcp-1.47/nttcp.c:679:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread= read(fd, bufp, n-count);
data/nttcp-1.47/nttcp.c:707:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt= read(fd, buf, count);
data/nttcp-1.47/nttcp.c:1018:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(MsgBuf, argv[0], sizeof(MsgBuf)-strlen(MsgBuf)-1);
data/nttcp-1.47/nttcp.c:1018:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(MsgBuf, argv[0], sizeof(MsgBuf)-strlen(MsgBuf)-1);
data/nttcp-1.47/nttcp.c:1100:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(MsgBuf, RemHost, sizeof(MsgBuf)-strlen(MsgBuf)-1);
data/nttcp-1.47/nttcp.c:1100:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(MsgBuf, RemHost, sizeof(MsgBuf)-strlen(MsgBuf)-1);
data/nttcp-1.47/nttcp.c:1144:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l= strlen(s)-1;
data/nttcp-1.47/nttcp.c:1292:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OptionLine[strlen(OptionLine)-1]= '\0'; /* remove trainling newline */
data/nttcp-1.47/nttcp.c:1443:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RemOptLeng= strlen(RemOptStr);
data/nttcp-1.47/nttcp.c:1643:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ml= strlen(MsgBuf);
data/nttcp-1.47/nttcp.c:1932:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LenStrPadRight(TitleLine, ' ', strlen(fs));
data/nttcp-1.47/support.c:33:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i= strlen(s);
data/nttcp-1.47/support.c:75:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l= strlen(s);
data/nttcp-1.47/support.c:88:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l= strlen(s);
data/nttcp-1.47/support.c:95:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dls->s+dls->Leng, s, n);
data/nttcp-1.47/support.c:102:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vs->MaxLeng= vs->Leng= strlen(s);
data/nttcp-1.47/support.c:108:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l= strlen(s);
data/nttcp-1.47/support.h:118:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strdup(x) strcpy((char *)malloc(strlen(x)+1), x)
ANALYSIS SUMMARY:
Hits = 105
Lines analyzed = 2470 in approximately 0.09 seconds (27867 lines/second)
Physical Source Lines of Code (SLOC) = 1946
Hits@level = [0] 12 [1] 19 [2] 50 [3] 1 [4] 35 [5] 0
Hits@level+ = [0+] 117 [1+] 105 [2+] 86 [3+] 36 [4+] 35 [5+] 0
Hits/KSLOC@level+ = [0+] 60.1233 [1+] 53.9568 [2+] 44.1932 [3+] 18.4995 [4+] 17.9856 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.