Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c
Examining data/odhcp6c-1.1+git20190906.e199804/src/md5.c
Examining data/odhcp6c-1.1+git20190906.e199804/src/md5.h
Examining data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c
Examining data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.h
Examining data/odhcp6c-1.1+git20190906.e199804/src/ra.c
Examining data/odhcp6c-1.1+git20190906.e199804/src/ra.h
Examining data/odhcp6c-1.1+git20190906.e199804/src/script.c
FINAL RESULTS:
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:907:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "%s %x %x %x %x %s",
data/odhcp6c-1.1+git20190906.e199804/src/script.c:186:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&buf[buf_len], 6, "/%"PRIu16, e[i].length);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:491:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:547:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random;
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:548:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
odhcp6c_random(&random, sizeof(random));
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:548:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
odhcp6c_random(&random, sizeof(random));
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:550:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (time * ((int64_t)random % 1000LL)) / 10000LL;
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:189:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "S::N:V:P:FB:c:i:r:Ru:Ux:s:kt:m:Lhedp:fav")) != -1) {
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:151:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&duid[8], ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN);
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:170:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&duid[8], ifr.ifr_hwaddr.sa_data,
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqdn_buf[256];
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:313:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ia_pd + ia_pd_len, &hdr_ia_pd, sizeof(hdr_ia_pd));
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ia_pd + ia_pd_len, &pref, sizeof(pref));
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:351:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ia_pd + ia_pd_len, &hdr_ia_pd, sizeof(hdr_ia_pd));
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:375:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ia_pd + ia_pd_len, &p, sizeof(p));
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:537:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in6_str[INET6_ADDRSTRLEN];
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:757:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(secretbytes, reconf_key, sizeof(reconf_key));
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:871:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cand.duid, odata, olen);
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:1116:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reconf_key, r->key, sizeof(r->key));
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:1374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len + 3];
data/odhcp6c-1.1+git20190906.e199804/src/md5.c:241:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/odhcp6c-1.1+git20190906.e199804/src/md5.c:245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, available);
data/odhcp6c-1.1+git20190906.e199804/src/md5.c:256:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/odhcp6c-1.1+git20190906.e199804/src/md5.h:50:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:192:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
allow_slaac_only = (optarg) ? atoi(optarg) : -1;
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:250:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prefix.iaid, iaid_begin + 1, iaid_len > 4 ? 4 : iaid_len);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:344:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sol_timeout = atoi(optarg);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:348:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ra_holdoff_interval = atoi(optarg);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:414:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((urandom_fd = open("/dev/urandom", O_CLOEXEC | O_RDONLY)) < 0 ||
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:435:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pidfile, "w");
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:700:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, data, len);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:717:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sdata + offset, data, len);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:886:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen("/proc/net/if_inet6", "r");
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:898:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IF_NAMESIZE], addr_buf[33];
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1046:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((*dst)[o_len]), src, len);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1082:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((*dst)[o_len]), tmp, len);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->data, src, str_len);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.h:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/odhcp6c-1.1+git20190906.e199804/src/ra.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char if_name[IF_NAMESIZE] = {0};
data/odhcp6c-1.1+git20190906.e199804/src/ra.c:454:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&entry->target, ri->prefix, (ri->len - 1) * 8);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char action[16] = "";
data/odhcp6c-1.1+git20190906.e199804/src/script.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argv[4] = {NULL, NULL, action, NULL};
data/odhcp6c-1.1+git20190906.e199804/src/script.c:103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, name, buf_len);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:126:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, name, buf_len);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, name, buf_len);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:303:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf4[INET_ADDRSTRLEN];
data/odhcp6c-1.1+git20190906.e199804/src/script.c:304:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf6[INET6_ADDRSTRLEN];
data/odhcp6c-1.1+git20190906.e199804/src/script.c:314:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in6, rule->ipv6_prefix, prefix6len);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:344:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in6, dmr->dmr_ipv6_prefix, prefix6len);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:353:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf4[INET_ADDRSTRLEN];
data/odhcp6c-1.1+git20190906.e199804/src/script.c:354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf6[INET6_ADDRSTRLEN];
data/odhcp6c-1.1+git20190906.e199804/src/script.c:364:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in6, bind->bind_ipv6_prefix, prefix6len);
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:137:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1);
data/odhcp6c-1.1+git20190906.e199804/src/dhcpv6.c:217:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)) < 0)
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:249:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*iaid_begin == ',' && (iaid_len = strlen(iaid_begin)) > 1)
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:876:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(urandom_fd, buf, len);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:900:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:915:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(addr_buf); i++) {
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:921:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (strlen(addr_buf) / 2); i++) {
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:989:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!name || !strlen(name))
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1006:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(needles); i++) {
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1017:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(src);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1040:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(src);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1140:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint16_t str_len = strlen(src);
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1216:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(opt) == 0 || strlen(data) == 0)
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1216:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(opt) == 0 || strlen(data) == 0)
data/odhcp6c-1.1+git20190906.e199804/src/odhcp6c.c:1241:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (end && (end == (data + strlen(data) - 1))) {
data/odhcp6c-1.1+git20190906.e199804/src/ra.c:91:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(if_name, ifname, sizeof(if_name) - 1);
data/odhcp6c-1.1+git20190906.e199804/src/ra.c:152:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)) < 0)
data/odhcp6c-1.1+git20190906.e199804/src/ra.c:217:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/odhcp6c-1.1+git20190906.e199804/src/ra.c:222:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < 0 || !NLMSG_OK(&resp.hdr, (size_t)read) ||
data/odhcp6c-1.1+git20190906.e199804/src/ra.c:222:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < 0 || !NLMSG_OK(&resp.hdr, (size_t)read) ||
data/odhcp6c-1.1+git20190906.e199804/src/ra.c:241:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while (read > 0);
data/odhcp6c-1.1+git20190906.e199804/src/ra.c:520:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry->auxlen = strlen((char*)entry->auxtarget);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:100:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buf_len = strlen(name);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:108:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:121:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buf_len = strlen(name);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:134:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:155:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(buf);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:171:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buf_len = strlen(name);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:183:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:187:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:194:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:198:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:201:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:206:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:212:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:214:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:216:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(&buf[buf_len]);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:232:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buf_len = strlen(name);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:254:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = 13 + strlen(name);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:409:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(action, status, sizeof(action) - 1);
data/odhcp6c-1.1+git20190906.e199804/src/script.c:487:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "PASSTHRU=", 10);
ANALYSIS SUMMARY:
Hits = 94
Lines analyzed = 4710 in approximately 0.12 seconds (38241 lines/second)
Physical Source Lines of Code (SLOC) = 3603
Hits@level = [0] 38 [1] 41 [2] 45 [3] 5 [4] 3 [5] 0
Hits@level+ = [0+] 132 [1+] 94 [2+] 53 [3+] 8 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 36.6361 [1+] 26.0894 [2+] 14.71 [3+] 2.22037 [4+] 0.832639 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.