Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r8168-8.048.03/src/r8168.h
Examining data/r8168-8.048.03/src/r8168_asf.c
Examining data/r8168-8.048.03/src/r8168_asf.h
Examining data/r8168-8.048.03/src/r8168_dash.h
Examining data/r8168-8.048.03/src/r8168_fiber.h
Examining data/r8168-8.048.03/src/r8168_realwow.h
Examining data/r8168-8.048.03/src/rtltool.c
Examining data/r8168-8.048.03/src/rtltool.h
Examining data/r8168-8.048.03/src/rtl_eeprom.c
Examining data/r8168-8.048.03/src/rtl_eeprom.h
Examining data/r8168-8.048.03/src/r8168_n.c
FINAL RESULTS:
data/r8168-8.048.03/src/r8168_n.c:4843:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->driver, MODULENAME);
data/r8168-8.048.03/src/r8168_n.c:4844:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->version, RTL8168_VERSION);
data/r8168-8.048.03/src/r8168_n.c:4845:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->bus_info, pci_name(tp->pci_dev));
data/r8168-8.048.03/src/r8168.h:719:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[32];
data/r8168-8.048.03/src/r8168.h:720:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[32];
data/r8168-8.048.03/src/r8168.h:721:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw_version[32];
data/r8168-8.048.03/src/r8168.h:722:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bus_info[32];
data/r8168-8.048.03/src/r8168.h:723:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved1[32];
data/r8168-8.048.03/src/r8168.h:724:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved2[16];
data/r8168-8.048.03/src/r8168_asf.h:275:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_STR_LEN];
data/r8168-8.048.03/src/r8168_n.c:659:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->data, src, len);
data/r8168-8.048.03/src/r8168_n.c:1648:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12];
data/r8168-8.048.03/src/r8168_n.c:3563:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(skb_put(skb, dev->addr_len), dev->dev_addr, dev->addr_len);
data/r8168-8.048.03/src/r8168_n.c:3564:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(skb_put(skb, dev->addr_len), dev->dev_addr, dev->addr_len);
data/r8168-8.048.03/src/r8168_n.c:3565:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(skb_put(skb, sizeof(type)), &type, sizeof(type));
data/r8168-8.048.03/src/r8168_n.c:5562:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, *rtl8168_gstrings, sizeof(rtl8168_gstrings));
data/r8168-8.048.03/src/r8168_n.c:5641:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, (u8 *)eeprom_buff + (eeprom->offset & 3), eeprom->len);
data/r8168-8.048.03/src/r8168_n.c:24580:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len);
data/r8168-8.048.03/src/r8168_n.c:24607:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 32998 in approximately 0.80 seconds (41281 lines/second)
Physical Source Lines of Code (SLOC) = 29561
Hits@level = [0] 33 [1] 0 [2] 16 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 52 [1+] 19 [2+] 19 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 1.75907 [1+] 0.642739 [2+] 0.642739 [3+] 0.101485 [4+] 0.101485 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.