Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-openssl-1.4.3+dfsg/tools/version.c Examining data/r-cran-openssl-1.4.3+dfsg/src/compatibility.c Examining data/r-cran-openssl-1.4.3+dfsg/src/error.c Examining data/r-cran-openssl-1.4.3+dfsg/src/keygen.c Examining data/r-cran-openssl-1.4.3+dfsg/src/password.c Examining data/r-cran-openssl-1.4.3+dfsg/src/pkcs12.c Examining data/r-cran-openssl-1.4.3+dfsg/src/base64.c Examining data/r-cran-openssl-1.4.3+dfsg/src/write.c Examining data/r-cran-openssl-1.4.3+dfsg/src/signing.c Examining data/r-cran-openssl-1.4.3+dfsg/src/aes.c Examining data/r-cran-openssl-1.4.3+dfsg/src/pbkdf.c Examining data/r-cran-openssl-1.4.3+dfsg/src/hash.c Examining data/r-cran-openssl-1.4.3+dfsg/src/info.c Examining data/r-cran-openssl-1.4.3+dfsg/src/cert.c Examining data/r-cran-openssl-1.4.3+dfsg/src/diffie.c Examining data/r-cran-openssl-1.4.3+dfsg/src/pkcs7.c Examining data/r-cran-openssl-1.4.3+dfsg/src/bcrypt/blf.h Examining data/r-cran-openssl-1.4.3+dfsg/src/bcrypt/blowfish.c Examining data/r-cran-openssl-1.4.3+dfsg/src/bcrypt/bcrypt_pbkdf.c Examining data/r-cran-openssl-1.4.3+dfsg/src/onload.c Examining data/r-cran-openssl-1.4.3+dfsg/src/win32/ipv6.c Examining data/r-cran-openssl-1.4.3+dfsg/src/utils.h Examining data/r-cran-openssl-1.4.3+dfsg/src/tests/main.c Examining data/r-cran-openssl-1.4.3+dfsg/src/tests/soname.h Examining data/r-cran-openssl-1.4.3+dfsg/src/openssh.c Examining data/r-cran-openssl-1.4.3+dfsg/src/stream.c Examining data/r-cran-openssl-1.4.3+dfsg/src/envelope.c Examining data/r-cran-openssl-1.4.3+dfsg/src/rand.c Examining data/r-cran-openssl-1.4.3+dfsg/src/keys.c Examining data/r-cran-openssl-1.4.3+dfsg/src/bignum.c Examining data/r-cran-openssl-1.4.3+dfsg/src/x25519.c Examining data/r-cran-openssl-1.4.3+dfsg/src/ssl.c Examining data/r-cran-openssl-1.4.3+dfsg/src/compatibility.h Examining data/r-cran-openssl-1.4.3+dfsg/src/rsa.c Examining data/r-cran-openssl-1.4.3+dfsg/src/pem.c FINAL RESULTS: data/r-cran-openssl-1.4.3+dfsg/src/aes.c:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(out), buf, total); data/r-cran-openssl-1.4.3+dfsg/src/base64.c:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(out), bin, bin_len); data/r-cran-openssl-1.4.3+dfsg/src/bcrypt/bcrypt_pbkdf.c:113:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(countsalt, salt, saltlen); data/r-cran-openssl-1.4.3+dfsg/src/cert.c:18:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufsize]; data/r-cran-openssl-1.4.3+dfsg/src/cert.c:56:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(out, 3)), signature->data, signature->length); data/r-cran-openssl-1.4.3+dfsg/src/envelope.c:20:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[keysize]; data/r-cran-openssl-1.4.3+dfsg/src/envelope.c:21:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *ek[1]; data/r-cran-openssl-1.4.3+dfsg/src/envelope.c:28:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char iv[ivlen]; data/r-cran-openssl-1.4.3+dfsg/src/envelope.c:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(res, 0)), iv, ivlen); data/r-cran-openssl-1.4.3+dfsg/src/envelope.c:49:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(res, 1)), ek[0], ekl[0]); data/r-cran-openssl-1.4.3+dfsg/src/envelope.c:50:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(res, 2)), out, len1 + len2); data/r-cran-openssl-1.4.3+dfsg/src/envelope.c:93:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), out, len1 + len2); data/r-cran-openssl-1.4.3+dfsg/src/hash.c:34:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md_value[EVP_MAX_MD_SIZE]; data/r-cran-openssl-1.4.3+dfsg/src/hash.c:39:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(out), md_value, md_len); data/r-cran-openssl-1.4.3+dfsg/src/hash.c:61:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md_value[EVP_MAX_MD_SIZE]; data/r-cran-openssl-1.4.3+dfsg/src/hash.c:65:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mdString[2*md_len+1]; data/r-cran-openssl-1.4.3+dfsg/src/hash.c:67:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&mdString[i*2], "%02x", (unsigned int) md_value[i]); data/r-cran-openssl-1.4.3+dfsg/src/keygen.c:30:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/keygen.c:44:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/keygen.c:64:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/keygen.c:85:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/keygen.c:106:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/keys.c:18:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/keys.c:33:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/keys.c:47:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/keys.c:63:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/keys.c:81:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/openssh.c:49:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/openssh.c:65:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/openssh.c:114:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/openssh.c:128:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/openssh.c:215:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/openssh.c:237:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pem.c:29:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(res, 2)), data, (int) len); data/r-cran-openssl-1.4.3+dfsg/src/pem.c:49:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pem.c:64:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pem.c:77:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pem.c:92:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pem.c:107:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pkcs12.c:59:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pkcs12.c:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[max_size]; data/r-cran-openssl-1.4.3+dfsg/src/pkcs12.c:95:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(res, 0)), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pkcs12.c:104:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(res, 1)), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pkcs12.c:116:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(bundle, i)), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pkcs7.c:20:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pkcs7.c:42:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pkcs7.c:82:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(bundle, i)), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/pkcs7.c:98:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(bundle, i)), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/rand.c:11:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[length]; data/r-cran-openssl-1.4.3+dfsg/src/rand.c:14:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(out), buf, length); data/r-cran-openssl-1.4.3+dfsg/src/rsa.c:18:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/rsa.c:33:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/signing.c:56:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), sig, siglen); data/r-cran-openssl-1.4.3+dfsg/src/signing.c:104:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, siglen); data/r-cran-openssl-1.4.3+dfsg/src/ssl.c:48:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1000], *p; data/r-cran-openssl-1.4.3+dfsg/src/ssl.c:103:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[INET6_ADDRSTRLEN]; data/r-cran-openssl-1.4.3+dfsg/src/ssl.c:184:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(VECTOR_ELT(res, i)), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/stream.c:42:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md_value[EVP_MAX_MD_SIZE]; data/r-cran-openssl-1.4.3+dfsg/src/stream.c:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(out), md_value, md_len); data/r-cran-openssl-1.4.3+dfsg/src/stream.c:95:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md_value[EVP_MAX_MD_SIZE]; data/r-cran-openssl-1.4.3+dfsg/src/stream.c:101:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(out), md_value, md_len); data/r-cran-openssl-1.4.3+dfsg/src/win32/ipv6.c:17:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_copy[INET6_ADDRSTRLEN+1]; data/r-cran-openssl-1.4.3+dfsg/src/write.c:20:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufsize]; data/r-cran-openssl-1.4.3+dfsg/src/write.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufsize]; data/r-cran-openssl-1.4.3+dfsg/src/write.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufsize]; data/r-cran-openssl-1.4.3+dfsg/src/write.c:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufsize]; data/r-cran-openssl-1.4.3+dfsg/src/write.c:107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufsize]; data/r-cran-openssl-1.4.3+dfsg/src/x25519.c:22:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/x25519.c:38:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(res), buf, len); data/r-cran-openssl-1.4.3+dfsg/src/bcrypt/blowfish.c:672:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). blf_key(&c, (u_int8_t *) key2, strlen(key2)); data/r-cran-openssl-1.4.3+dfsg/src/password.c:18:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, CHAR(STRING_ELT(cb, 0)), max_size); data/r-cran-openssl-1.4.3+dfsg/src/password.c:20:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buf); data/r-cran-openssl-1.4.3+dfsg/src/password.c:33:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, CHAR(STRING_ELT(res, 0)), max_size); data/r-cran-openssl-1.4.3+dfsg/src/password.c:36:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buf); data/r-cran-openssl-1.4.3+dfsg/src/pkcs12.c:79:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!PKCS12_verify_mac(p12, passwd, strlen(passwd))) data/r-cran-openssl-1.4.3+dfsg/src/ssl.c:53:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf+strlen(buf) -1; data/r-cran-openssl-1.4.3+dfsg/src/ssl.c:55:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf+strlen(buf) -1; data/r-cran-openssl-1.4.3+dfsg/src/ssl.c:57:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf+strlen(buf) -1; data/r-cran-openssl-1.4.3+dfsg/src/win32/ipv6.c:21:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (src_copy, src, INET6_ADDRSTRLEN+1); ANALYSIS SUMMARY: Hits = 79 Lines analyzed = 3636 in approximately 0.12 seconds (30925 lines/second) Physical Source Lines of Code (SLOC) = 3021 Hits@level = [0] 3 [1] 10 [2] 69 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 82 [1+] 79 [2+] 69 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 27.1433 [1+] 26.1503 [2+] 22.8401 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.