Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ramond-0.5/src/xmlparser.c
Examining data/ramond-0.5/src/xmlparser.h
Examining data/ramond-0.5/src/log.c
Examining data/ramond-0.5/src/type.h
Examining data/ramond-0.5/src/log.h
Examining data/ramond-0.5/src/main.c
Examining data/ramond-0.5/src/main.h
FINAL RESULTS:
data/ramond-0.5/src/log.c:27:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(syslog_message, sizeof(syslog_message), fmt, ap);
data/ramond-0.5/src/main.c:591:7: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(execv(this_action->args[0], this_action->args) == -1)
data/ramond-0.5/src/xmlparser.c:170:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plen, (strstr(prefix, "/") + 1));
data/ramond-0.5/src/log.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[32];
data/ramond-0.5/src/log.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syslog_message[1024];
data/ramond-0.5/src/main.c:10:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char packet[1500];
data/ramond-0.5/src/main.c:40:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen(argv[i+1], "r");
data/ramond-0.5/src/main.c:62:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen("ramond.conf", "r");
data/ramond-0.5/src/main.c:71:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen("/etc/ramond.conf", "r");
data/ramond-0.5/src/main.c:191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(data->from), &(from.sin6_addr), sizeof(struct in6_addr));
data/ramond-0.5/src/main.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interface_name[IF_NAMESIZE];
data/ramond-0.5/src/main.c:274:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(data->ll_addr), hdr+1, sizeof(struct macaddress));
data/ramond-0.5/src/main.c:286:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(prf->prefix), &(p->nd_opt_pi_prefix),
data/ramond-0.5/src/main.c:329:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(rrt->prefix),
data/ramond-0.5/src/main.c:551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plen_str[8];
data/ramond-0.5/src/main.c:552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_address[32];
data/ramond-0.5/src/main.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interface_name[IF_NAMESIZE];
data/ramond-0.5/src/main.c:557:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mac_address, "%02x:%02x:%02x:%02x:%02x:%02x",
data/ramond-0.5/src/main.c:564:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(plen_str, "%i", data->matched_prefix->plen);
data/ramond-0.5/src/main.c:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IF_NAMESIZE];
data/ramond-0.5/src/main.c:625:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/ramond-0.5/src/main.c:668:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hdr->nd_opt_pi_prefix), &(prf->prefix),
data/ramond-0.5/src/main.c:702:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((u08 *)hdr + sizeof(struct nd_opt_route_info)),
data/ramond-0.5/src/main.c:727:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ip6->ip6_src), &(data->from), sizeof(struct in6_addr));
data/ramond-0.5/src/main.c:773:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(phdr.src), &(ip6->ip6_src), sizeof(struct in6_addr));
data/ramond-0.5/src/main.c:774:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(phdr.dst), &(ip6->ip6_dst), sizeof(struct in6_addr));
data/ramond-0.5/src/main.c:791:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optins, options, options_len);
data/ramond-0.5/src/main.c:835:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidstr[32];
data/ramond-0.5/src/main.c:863:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open("/dev/null", O_RDWR); /* (re)open stdin */
data/ramond-0.5/src/main.c:871:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfile = open("/var/run/ramond.pid", O_RDWR|O_CREAT, 0640);
data/ramond-0.5/src/main.c:877:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pidstr, "%d\n", getpid());
data/ramond-0.5/src/main.c:936:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen(config->log_file, "wa");
data/ramond-0.5/src/type.h:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from_str[NI_MAXHOST];
data/ramond-0.5/src/type.h:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_str[NI_MAXHOST];
data/ramond-0.5/src/type.h:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_str[NI_MAXHOST];
data/ramond-0.5/src/xmlparser.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[64], plen[4];
data/ramond-0.5/src/xmlparser.c:175:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this_rule->plen = atoi((char *)plen);
data/ramond-0.5/src/xmlparser.c:370:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this_rule->lifetime = atoi(lifetime);
data/ramond-0.5/src/main.c:844:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(027);
data/ramond-0.5/src/main.c:878:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(pidfile, pidstr, strlen(pidstr));
data/ramond-0.5/src/main.c:879:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(ret < strlen(pidstr))
data/ramond-0.5/src/xmlparser.c:166:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(address, prefix, i);
ANALYSIS SUMMARY:
Hits = 42
Lines analyzed = 2012 in approximately 0.19 seconds (10446 lines/second)
Physical Source Lines of Code (SLOC) = 1423
Hits@level = [0] 20 [1] 4 [2] 35 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 62 [1+] 42 [2+] 38 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 43.5699 [1+] 29.5151 [2+] 26.7041 [3+] 2.10822 [4+] 2.10822 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.