Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pcaputils-0.8/src/pcapdump.c
Examining data/pcaputils-0.8/src/pcapip.c
Examining data/pcaputils-0.8/src/pcappick.c
Examining data/pcaputils-0.8/src/pcapuc.c
Examining data/pcaputils-0.8/util/byte.c
Examining data/pcaputils-0.8/util/byte.h
Examining data/pcaputils-0.8/util/cfgopt.c
Examining data/pcaputils-0.8/util/cfgopt.h
Examining data/pcaputils-0.8/util/checksum.c
Examining data/pcaputils-0.8/util/checksum.h
Examining data/pcaputils-0.8/util/daemon.c
Examining data/pcaputils-0.8/util/daemon.h
Examining data/pcaputils-0.8/util/file.c
Examining data/pcaputils-0.8/util/file.h
Examining data/pcaputils-0.8/util/net.c
Examining data/pcaputils-0.8/util/net.h
Examining data/pcaputils-0.8/util/pcapnet.c
Examining data/pcaputils-0.8/util/pcapnet.h
Examining data/pcaputils-0.8/util/rate.c
Examining data/pcaputils-0.8/util/rate.h
Examining data/pcaputils-0.8/util/ring.c
Examining data/pcaputils-0.8/util/ring.h
Examining data/pcaputils-0.8/util/rng.c
Examining data/pcaputils-0.8/util/rng.h
Examining data/pcaputils-0.8/util/scanfmt.c
Examining data/pcaputils-0.8/util/scanfmt.h
Examining data/pcaputils-0.8/util/server.c
Examining data/pcaputils-0.8/util/server.h
Examining data/pcaputils-0.8/util/socket.c
Examining data/pcaputils-0.8/util/socket.h
Examining data/pcaputils-0.8/util/uint.c
Examining data/pcaputils-0.8/util/uint.h
Examining data/pcaputils-0.8/util/util.c
Examining data/pcaputils-0.8/util/util.h
FINAL RESULTS:
data/pcaputils-0.8/util/cfgopt.c:133:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cfg->val.nonopt, value);
data/pcaputils-0.8/util/cfgopt.c:345:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(options, &cur->cmd);
data/pcaputils-0.8/util/cfgopt.c:349:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(options, &cur->cmd);
data/pcaputils-0.8/util/util.h:17:27: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
if(util_flag_daemonized) syslog(LOG_DAEMON | LOG_DEBUG, "%s] " format, __func__, ## __VA_ARGS__); \
data/pcaputils-0.8/util/cfgopt.c:360:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, options)) != EOF){
data/pcaputils-0.8/util/daemon.c:64:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((envgid = getenv("GID"))){
data/pcaputils-0.8/util/daemon.c:69:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((envuid = getenv("UID"))){
data/pcaputils-0.8/util/net.c:98:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long r = random();
data/pcaputils-0.8/util/rng.c:51:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/pcaputils-0.8/util/util.h:82:5: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if(chroot(dir) != 0) ERROR("unable to chroot(%s): %s", dir, strerror(errno)); \
data/pcaputils-0.8/src/pcapip.c:106:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fname, "r");
data/pcaputils-0.8/src/pcapuc.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sip[INET_ADDRSTRLEN];
data/pcaputils-0.8/src/pcapuc.c:162:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sip0[INET_ADDRSTRLEN];
data/pcaputils-0.8/src/pcapuc.c:163:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sip1[INET_ADDRSTRLEN];
data/pcaputils-0.8/util/cfgopt.c:51:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(fp = fopen(fname, "r")))
data/pcaputils-0.8/util/cfgopt.c:273:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sip[FMT_IP4];
data/pcaputils-0.8/util/cfgopt.c:279:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sip[FMT_IP6];
data/pcaputils-0.8/util/cfgopt.c:285:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smac[FMT_MAC];
data/pcaputils-0.8/util/daemon.c:44:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(fp = fopen(pidfile, "w")))
data/pcaputils-0.8/util/file.c:65:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(pathname, flags);
data/pcaputils-0.8/util/net.c:104:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool gai4(const char *hostname, char ip[4]){
data/pcaputils-0.8/util/net.c:104:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool gai4(const char *hostname, char ip[4]){
data/pcaputils-0.8/util/net.c:122:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool gai6(const char *hostname, char ip[16]){
data/pcaputils-0.8/util/net.c:122:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool gai6(const char *hostname, char ip[16]){
data/pcaputils-0.8/util/net.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[ETH_ALEN];
data/pcaputils-0.8/util/net.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[ETH_ALEN];
data/pcaputils-0.8/util/net.h:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sender_hw[ETH_ALEN];
data/pcaputils-0.8/util/net.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sender_ip[4];
data/pcaputils-0.8/util/net.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_hw[ETH_ALEN];
data/pcaputils-0.8/util/net.h:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_ip[4];
data/pcaputils-0.8/util/net.h:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[16];
data/pcaputils-0.8/util/net.h:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[16];
data/pcaputils-0.8/util/net.h:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip0[4];
data/pcaputils-0.8/util/net.h:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip1[4];
data/pcaputils-0.8/util/net.h:248:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool gai4(const char *hostname, char ip[4]);
data/pcaputils-0.8/util/net.h:248:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool gai4(const char *hostname, char ip[4]);
data/pcaputils-0.8/util/net.h:249:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool gai6(const char *hostname, char ip[16]);
data/pcaputils-0.8/util/net.h:249:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool gai6(const char *hostname, char ip[16]);
data/pcaputils-0.8/util/pcapnet.c:353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcap_errbuf[PCAP_ERRBUF_SIZE];
data/pcaputils-0.8/util/pcapnet.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/pcaputils-0.8/util/pcapnet.c:388:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "r");
data/pcaputils-0.8/util/ring.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data1, data, size1);
data/pcaputils-0.8/util/ring.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data2, data, size2);
data/pcaputils-0.8/util/ring.c:144:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data1, data, size1);
data/pcaputils-0.8/util/ring.c:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, data1, size1);
data/pcaputils-0.8/util/ring.c:158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, data2, size2);
data/pcaputils-0.8/util/ring.c:162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, data1, size1);
data/pcaputils-0.8/util/rng.c:45:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(dev, O_RDONLY)) != -1){
data/pcaputils-0.8/util/scanfmt.c:6:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned fmt_mac(char *s, const char mac[6]){
data/pcaputils-0.8/util/scanfmt.c:6:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned fmt_mac(char *s, const char mac[6]){
data/pcaputils-0.8/util/scanfmt.c:25:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned scan_mac(const char *s, char mac[6]){
data/pcaputils-0.8/util/scanfmt.c:25:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned scan_mac(const char *s, char mac[6]){
data/pcaputils-0.8/util/scanfmt.c:104:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned fmt_ip4(char *s,const char ip[4])
data/pcaputils-0.8/util/scanfmt.c:104:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned fmt_ip4(char *s,const char ip[4])
data/pcaputils-0.8/util/scanfmt.c:120:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned scan_ip4(const char *s, char ip[4])
data/pcaputils-0.8/util/scanfmt.c:120:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned scan_ip4(const char *s, char ip[4])
data/pcaputils-0.8/util/scanfmt.c:148:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned fmt_ip6(char *s, const char ip[16])
data/pcaputils-0.8/util/scanfmt.c:148:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned fmt_ip6(char *s, const char ip[16])
data/pcaputils-0.8/util/scanfmt.c:189:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned scan_ip6(const char *s, char ip[16])
data/pcaputils-0.8/util/scanfmt.c:189:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned scan_ip6(const char *s, char ip[16])
data/pcaputils-0.8/util/scanfmt.c:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[16];
data/pcaputils-0.8/util/scanfmt.h:11:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned fmt_ip4(char *s, const char ip[4]);
data/pcaputils-0.8/util/scanfmt.h:11:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned fmt_ip4(char *s, const char ip[4]);
data/pcaputils-0.8/util/scanfmt.h:12:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned scan_ip4(const char *s, char ip[4]);
data/pcaputils-0.8/util/scanfmt.h:12:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned scan_ip4(const char *s, char ip[4]);
data/pcaputils-0.8/util/scanfmt.h:14:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned fmt_ip6(char *s, const char ip[16]);
data/pcaputils-0.8/util/scanfmt.h:14:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned fmt_ip6(char *s, const char ip[16]);
data/pcaputils-0.8/util/scanfmt.h:15:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned scan_ip6(const char *s, char ip[16]);
data/pcaputils-0.8/util/scanfmt.h:15:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned scan_ip6(const char *s, char ip[16]);
data/pcaputils-0.8/util/scanfmt.h:22:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned fmt_mac(char *s, const char mac[6]);
data/pcaputils-0.8/util/scanfmt.h:22:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned fmt_mac(char *s, const char mac[6]);
data/pcaputils-0.8/util/scanfmt.h:23:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned scan_mac(const char *s, char mac[6]);
data/pcaputils-0.8/util/scanfmt.h:23:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned scan_mac(const char *s, char mac[6]);
data/pcaputils-0.8/util/server.c:33:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int setup_tcp_server_socket(const char ip[4], const char ip6[16], u16 port, int backlog){
data/pcaputils-0.8/util/server.c:33:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int setup_tcp_server_socket(const char ip[4], const char ip6[16], u16 port, int backlog){
data/pcaputils-0.8/util/server.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sip[FMT_IP6];
data/pcaputils-0.8/util/server.c:64:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int setup_udp_server_socket(const char ip[4], const char ip6[16], u16 port){
data/pcaputils-0.8/util/server.c:64:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int setup_udp_server_socket(const char ip[4], const char ip6[16], u16 port){
data/pcaputils-0.8/util/server.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sip[FMT_IP6];
data/pcaputils-0.8/util/server.h:7:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int setup_tcp_server_socket(const char ip[4], const char ip6[16], u16 port, int backlog);
data/pcaputils-0.8/util/server.h:7:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int setup_tcp_server_socket(const char ip[4], const char ip6[16], u16 port, int backlog);
data/pcaputils-0.8/util/server.h:8:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int setup_udp_server_socket(const char ip[4], const char ip6[16], u16 port);
data/pcaputils-0.8/util/server.h:8:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int setup_udp_server_socket(const char ip[4], const char ip6[16], u16 port);
data/pcaputils-0.8/util/socket.c:23:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char V4any[4]={0,0,0,0};
data/pcaputils-0.8/util/socket.c:24:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char V4loopback[4]={127,0,0,1};
data/pcaputils-0.8/util/socket.c:25:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char V4mappedprefix[12]={0,0,0,0,0,0,0,0,0,0,0xff,0xff};
data/pcaputils-0.8/util/socket.c:26:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char V6loopback[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
data/pcaputils-0.8/util/socket.c:27:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char V6any[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
data/pcaputils-0.8/util/socket.c:46:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_bind6(int s, const char ip[16], u16 port, u32 scope_id){
data/pcaputils-0.8/util/socket.c:59:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_bind6_reuse(int s, const char ip[16], u16 port, u32 scope_id){
data/pcaputils-0.8/util/socket.c:69:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_accept6(int s, char ip[16], u16 *port, u32 *scope_id){
data/pcaputils-0.8/util/socket.c:89:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_recv6(int s, char *buf, unsigned len, char ip[16], u16 *port, u32 *scope_id){
data/pcaputils-0.8/util/socket.c:89:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_recv6(int s, char *buf, unsigned len, char ip[16], u16 *port, u32 *scope_id){
data/pcaputils-0.8/util/socket.c:105:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_bind4(int s, const char ip[4], u16 port){
data/pcaputils-0.8/util/socket.c:116:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_bind4_reuse(int s, const char ip[4], u16 port){
data/pcaputils-0.8/util/socket.c:122:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_connect4(int s, const char ip[4], u16 port){
data/pcaputils-0.8/util/socket.c:133:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_connect6(int s, const char ip[16], u16 port, u32 scope_id){
data/pcaputils-0.8/util/socket.c:161:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_send4(int s, const char *buf, int len, const char ip[4], u16 port){
data/pcaputils-0.8/util/socket.c:161:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_send4(int s, const char *buf, int len, const char ip[4], u16 port){
data/pcaputils-0.8/util/socket.c:172:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_recv4(int s, char *buf, int len, char ip[4], u16 *port){
data/pcaputils-0.8/util/socket.c:172:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int socket_recv4(int s, char *buf, int len, char ip[4], u16 *port){
data/pcaputils-0.8/util/socket.h:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char V4any[4];
data/pcaputils-0.8/util/socket.h:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char V4loopback[4];
data/pcaputils-0.8/util/socket.h:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char V4mappedprefix[12];
data/pcaputils-0.8/util/socket.h:13:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char V6loopback[16];
data/pcaputils-0.8/util/socket.h:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char V6any[16];
data/pcaputils-0.8/util/socket.h:26:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int socket_recv4(int s, char *buf, int len, char ip[4], u16 *port);
data/pcaputils-0.8/util/socket.h:26:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int socket_recv4(int s, char *buf, int len, char ip[4], u16 *port);
data/pcaputils-0.8/util/socket.h:28:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int socket_send4(int s, const char *buf, int len, const char ip[4], u16 port);
data/pcaputils-0.8/util/socket.h:28:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int socket_send4(int s, const char *buf, int len, const char ip[4], u16 port);
data/pcaputils-0.8/util/uint.c:5:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void u16_pack(char s[2], u16 u)
data/pcaputils-0.8/util/uint.c:11:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void u16_pack_big(char s[2], u16 u)
data/pcaputils-0.8/util/uint.c:17:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void u16_unpack(const char s[2], u16 *u)
data/pcaputils-0.8/util/uint.c:28:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void u16_unpack_big(const char s[2], u16 *u)
data/pcaputils-0.8/util/uint.c:39:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void u32_pack(char s[4], u32 u)
data/pcaputils-0.8/util/uint.c:49:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void u32_pack_big(char s[4], u32 u)
data/pcaputils-0.8/util/uint.c:59:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void u32_unpack(const char s[4], u32 *u)
data/pcaputils-0.8/util/uint.c:74:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void u32_unpack_big(const char s[4], u32 *u)
data/pcaputils-0.8/util/util.h:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[sizeof(a)]; \
data/pcaputils-0.8/util/util.h:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&c, (void *)&a, sizeof(c)); \
data/pcaputils-0.8/util/util.h:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&a, (void *)&b, sizeof(a)); \
data/pcaputils-0.8/util/util.h:92:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&b, (void *)&c, sizeof(b)); \
data/pcaputils-0.8/util/cfgopt.c:130:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t new_size = 2 + strlen(cfg->val.nonopt) + strlen(value);
data/pcaputils-0.8/util/cfgopt.c:130:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t new_size = 2 + strlen(cfg->val.nonopt) + strlen(value);
data/pcaputils-0.8/util/cfgopt.c:132:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cfg->val.nonopt, " ");
data/pcaputils-0.8/util/cfgopt.c:346:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(options, ":");
data/pcaputils-0.8/util/rng.c:46:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, &seed, sizeof(seed)) != sizeof(seed))
ANALYSIS SUMMARY:
Hits = 127
Lines analyzed = 3831 in approximately 0.13 seconds (28690 lines/second)
Physical Source Lines of Code (SLOC) = 2945
Hits@level = [0] 22 [1] 5 [2] 112 [3] 6 [4] 4 [5] 0
Hits@level+ = [0+] 149 [1+] 127 [2+] 122 [3+] 10 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 50.5942 [1+] 43.1239 [2+] 41.4261 [3+] 3.39559 [4+] 1.35823 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.