Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/scamper-20191102/internal.h
Examining data/scamper-20191102/mjl_heap.c
Examining data/scamper-20191102/mjl_heap.h
Examining data/scamper-20191102/mjl_list.c
Examining data/scamper-20191102/mjl_list.h
Examining data/scamper-20191102/mjl_patricia.c
Examining data/scamper-20191102/mjl_patricia.h
Examining data/scamper-20191102/mjl_prefixtree.c
Examining data/scamper-20191102/mjl_prefixtree.h
Examining data/scamper-20191102/mjl_splaytree.c
Examining data/scamper-20191102/mjl_splaytree.h
Examining data/scamper-20191102/mjl_threadpool.c
Examining data/scamper-20191102/mjl_threadpool.h
Examining data/scamper-20191102/utils.c
Examining data/scamper-20191102/utils.h
Examining data/scamper-20191102/scamper/scamper.c
Examining data/scamper-20191102/scamper/scamper.h
Examining data/scamper-20191102/scamper/scamper_addr.c
Examining data/scamper-20191102/scamper/scamper_addr.h
Examining data/scamper-20191102/scamper/scamper_addr2mac.c
Examining data/scamper-20191102/scamper/scamper_addr2mac.h
Examining data/scamper-20191102/scamper/scamper_control.c
Examining data/scamper-20191102/scamper/scamper_control.h
Examining data/scamper-20191102/scamper/scamper_cyclemon.c
Examining data/scamper-20191102/scamper/scamper_cyclemon.h
Examining data/scamper-20191102/scamper/scamper_debug.c
Examining data/scamper-20191102/scamper/scamper_debug.h
Examining data/scamper-20191102/scamper/scamper_dl.c
Examining data/scamper-20191102/scamper/scamper_dl.h
Examining data/scamper-20191102/scamper/scamper_dlhdr.c
Examining data/scamper-20191102/scamper/scamper_dlhdr.h
Examining data/scamper-20191102/scamper/scamper_fds.c
Examining data/scamper-20191102/scamper/scamper_fds.h
Examining data/scamper-20191102/scamper/scamper_file.c
Examining data/scamper-20191102/scamper/scamper_file.h
Examining data/scamper-20191102/scamper/scamper_file_arts.c
Examining data/scamper-20191102/scamper/scamper_file_arts.h
Examining data/scamper-20191102/scamper/scamper_file_json.c
Examining data/scamper-20191102/scamper/scamper_file_json.h
Examining data/scamper-20191102/scamper/scamper_file_text.c
Examining data/scamper-20191102/scamper/scamper_file_text.h
Examining data/scamper-20191102/scamper/scamper_file_warts.c
Examining data/scamper-20191102/scamper/scamper_file_warts.h
Examining data/scamper-20191102/scamper/scamper_firewall.c
Examining data/scamper-20191102/scamper/scamper_firewall.h
Examining data/scamper-20191102/scamper/scamper_getsrc.c
Examining data/scamper-20191102/scamper/scamper_getsrc.h
Examining data/scamper-20191102/scamper/scamper_icmp4.c
Examining data/scamper-20191102/scamper/scamper_icmp4.h
Examining data/scamper-20191102/scamper/scamper_icmp6.c
Examining data/scamper-20191102/scamper/scamper_icmp6.h
Examining data/scamper-20191102/scamper/scamper_icmp_resp.c
Examining data/scamper-20191102/scamper/scamper_icmp_resp.h
Examining data/scamper-20191102/scamper/scamper_icmpext.c
Examining data/scamper-20191102/scamper/scamper_icmpext.h
Examining data/scamper-20191102/scamper/scamper_if.c
Examining data/scamper-20191102/scamper/scamper_if.h
Examining data/scamper-20191102/scamper/scamper_ip4.c
Examining data/scamper-20191102/scamper/scamper_ip4.h
Examining data/scamper-20191102/scamper/scamper_ip6.c
Examining data/scamper-20191102/scamper/scamper_ip6.h
Examining data/scamper-20191102/scamper/scamper_linepoll.c
Examining data/scamper-20191102/scamper/scamper_linepoll.h
Examining data/scamper-20191102/scamper/scamper_list.c
Examining data/scamper-20191102/scamper/scamper_list.h
Examining data/scamper-20191102/scamper/scamper_options.c
Examining data/scamper-20191102/scamper/scamper_options.h
Examining data/scamper-20191102/scamper/scamper_osinfo.c
Examining data/scamper-20191102/scamper/scamper_osinfo.h
Examining data/scamper-20191102/scamper/scamper_outfiles.c
Examining data/scamper-20191102/scamper/scamper_outfiles.h
Examining data/scamper-20191102/scamper/scamper_privsep.c
Examining data/scamper-20191102/scamper/scamper_privsep.h
Examining data/scamper-20191102/scamper/scamper_probe.c
Examining data/scamper-20191102/scamper/scamper_probe.h
Examining data/scamper-20191102/scamper/scamper_queue.c
Examining data/scamper-20191102/scamper/scamper_queue.h
Examining data/scamper-20191102/scamper/scamper_rtsock.c
Examining data/scamper-20191102/scamper/scamper_rtsock.h
Examining data/scamper-20191102/scamper/scamper_source_cmdline.c
Examining data/scamper-20191102/scamper/scamper_source_cmdline.h
Examining data/scamper-20191102/scamper/scamper_source_control.c
Examining data/scamper-20191102/scamper/scamper_source_control.h
Examining data/scamper-20191102/scamper/scamper_source_file.c
Examining data/scamper-20191102/scamper/scamper_source_file.h
Examining data/scamper-20191102/scamper/scamper_source_tsps.c
Examining data/scamper-20191102/scamper/scamper_source_tsps.h
Examining data/scamper-20191102/scamper/scamper_sources.c
Examining data/scamper-20191102/scamper/scamper_sources.h
Examining data/scamper-20191102/scamper/scamper_task.c
Examining data/scamper-20191102/scamper/scamper_task.h
Examining data/scamper-20191102/scamper/scamper_tcp4.c
Examining data/scamper-20191102/scamper/scamper_tcp4.h
Examining data/scamper-20191102/scamper/scamper_tcp6.c
Examining data/scamper-20191102/scamper/scamper_tcp6.h
Examining data/scamper-20191102/scamper/scamper_udp4.c
Examining data/scamper-20191102/scamper/scamper_udp4.h
Examining data/scamper-20191102/scamper/scamper_udp6.c
Examining data/scamper-20191102/scamper/scamper_udp6.h
Examining data/scamper-20191102/scamper/scamper_writebuf.c
Examining data/scamper-20191102/scamper/scamper_writebuf.h
Examining data/scamper-20191102/scamper/dealias/scamper_dealias.c
Examining data/scamper-20191102/scamper/dealias/scamper_dealias.h
Examining data/scamper-20191102/scamper/dealias/scamper_dealias_do.c
Examining data/scamper-20191102/scamper/dealias/scamper_dealias_do.h
Examining data/scamper-20191102/scamper/dealias/scamper_dealias_json.c
Examining data/scamper-20191102/scamper/dealias/scamper_dealias_json.h
Examining data/scamper-20191102/scamper/dealias/scamper_dealias_text.c
Examining data/scamper-20191102/scamper/dealias/scamper_dealias_text.h
Examining data/scamper-20191102/scamper/dealias/scamper_dealias_warts.c
Examining data/scamper-20191102/scamper/dealias/scamper_dealias_warts.h
Examining data/scamper-20191102/scamper/host/scamper_host.c
Examining data/scamper-20191102/scamper/host/scamper_host.h
Examining data/scamper-20191102/scamper/host/scamper_host_do.c
Examining data/scamper-20191102/scamper/host/scamper_host_do.h
Examining data/scamper-20191102/scamper/host/scamper_host_warts.c
Examining data/scamper-20191102/scamper/host/scamper_host_warts.h
Examining data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc.c
Examining data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc.h
Examining data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c
Examining data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.h
Examining data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_warts.c
Examining data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_warts.h
Examining data/scamper-20191102/scamper/ping/scamper_ping.c
Examining data/scamper-20191102/scamper/ping/scamper_ping.h
Examining data/scamper-20191102/scamper/ping/scamper_ping_do.c
Examining data/scamper-20191102/scamper/ping/scamper_ping_do.h
Examining data/scamper-20191102/scamper/ping/scamper_ping_json.c
Examining data/scamper-20191102/scamper/ping/scamper_ping_json.h
Examining data/scamper-20191102/scamper/ping/scamper_ping_text.c
Examining data/scamper-20191102/scamper/ping/scamper_ping_text.h
Examining data/scamper-20191102/scamper/ping/scamper_ping_warts.c
Examining data/scamper-20191102/scamper/ping/scamper_ping_warts.h
Examining data/scamper-20191102/scamper/sniff/scamper_sniff.c
Examining data/scamper-20191102/scamper/sniff/scamper_sniff.h
Examining data/scamper-20191102/scamper/sniff/scamper_sniff_do.c
Examining data/scamper-20191102/scamper/sniff/scamper_sniff_do.h
Examining data/scamper-20191102/scamper/sniff/scamper_sniff_warts.c
Examining data/scamper-20191102/scamper/sniff/scamper_sniff_warts.h
Examining data/scamper-20191102/scamper/sting/scamper_sting.c
Examining data/scamper-20191102/scamper/sting/scamper_sting.h
Examining data/scamper-20191102/scamper/sting/scamper_sting_do.c
Examining data/scamper-20191102/scamper/sting/scamper_sting_do.h
Examining data/scamper-20191102/scamper/sting/scamper_sting_text.c
Examining data/scamper-20191102/scamper/sting/scamper_sting_text.h
Examining data/scamper-20191102/scamper/sting/scamper_sting_warts.c
Examining data/scamper-20191102/scamper/sting/scamper_sting_warts.h
Examining data/scamper-20191102/scamper/tbit/scamper_tbit.c
Examining data/scamper-20191102/scamper/tbit/scamper_tbit.h
Examining data/scamper-20191102/scamper/tbit/scamper_tbit_do.c
Examining data/scamper-20191102/scamper/tbit/scamper_tbit_do.h
Examining data/scamper-20191102/scamper/tbit/scamper_tbit_json.c
Examining data/scamper-20191102/scamper/tbit/scamper_tbit_json.h
Examining data/scamper-20191102/scamper/tbit/scamper_tbit_text.c
Examining data/scamper-20191102/scamper/tbit/scamper_tbit_text.h
Examining data/scamper-20191102/scamper/tbit/scamper_tbit_warts.c
Examining data/scamper-20191102/scamper/tbit/scamper_tbit_warts.h
Examining data/scamper-20191102/scamper/trace/scamper_trace.c
Examining data/scamper-20191102/scamper/trace/scamper_trace.h
Examining data/scamper-20191102/scamper/trace/scamper_trace_do.c
Examining data/scamper-20191102/scamper/trace/scamper_trace_do.h
Examining data/scamper-20191102/scamper/trace/scamper_trace_json.c
Examining data/scamper-20191102/scamper/trace/scamper_trace_json.h
Examining data/scamper-20191102/scamper/trace/scamper_trace_text.c
Examining data/scamper-20191102/scamper/trace/scamper_trace_text.h
Examining data/scamper-20191102/scamper/trace/scamper_trace_warts.c
Examining data/scamper-20191102/scamper/trace/scamper_trace_warts.h
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb.c
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb.h
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.c
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.h
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.h
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb_text.c
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb_text.h
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb_warts.c
Examining data/scamper-20191102/scamper/tracelb/scamper_tracelb_warts.h
Examining data/scamper-20191102/utils/sc_ally/sc_ally.c
Examining data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c
Examining data/scamper-20191102/utils/sc_attach/sc_attach.c
Examining data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c
Examining data/scamper-20191102/utils/sc_erosprober/sc_erosprober.c
Examining data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c
Examining data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c
Examining data/scamper-20191102/utils/sc_ipiddump/sc_ipiddump.c
Examining data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c
Examining data/scamper-20191102/utils/sc_radargun/sc_radargun.c
Examining data/scamper-20191102/utils/sc_remoted/sc_remoted.c
Examining data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c
Examining data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c
Examining data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c
Examining data/scamper-20191102/utils/sc_tracediff/sc_tracediff.c
Examining data/scamper-20191102/utils/sc_ttlexp/sc_ttlexp.c
Examining data/scamper-20191102/utils/sc_uptime/sc_uptime.c
Examining data/scamper-20191102/utils/sc_warts2csv/sc_warts2csv.c
Examining data/scamper-20191102/utils/sc_warts2json/sc_warts2json.c
Examining data/scamper-20191102/utils/sc_warts2pcap/sc_warts2pcap.c
Examining data/scamper-20191102/utils/sc_warts2text/sc_warts2text.c
Examining data/scamper-20191102/utils/sc_wartscat/sc_wartscat.c
Examining data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c
Examining data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c
FINAL RESULTS:
data/scamper-20191102/scamper/scamper_control.c:3380:39: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if((uid = getuid()) != geteuid() && chown(file, uid, -1) != 0)
data/scamper-20191102/scamper/scamper_privsep.c:1247:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if(chown(PRIVSEP_DIR, uid, gid) == -1)
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:897:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if(chmod(filename, mode) != 0)
data/scamper-20191102/internal.h:257:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/scamper-20191102/internal.h:257:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/scamper-20191102/scamper/scamper_control.c:489:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = len = vsnprintf(msg, sizeof(msg), fs, ap);
data/scamper-20191102/scamper/scamper_control.c:502:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str, len+1, fs, ap);
data/scamper-20191102/scamper/scamper_debug.c:119:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, sizeof(message), format, ap);
data/scamper-20191102/scamper/scamper_debug.c:153:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/scamper/scamper_debug.c:187:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/scamper/scamper_debug.c:233:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, sizeof(message), format, ap);
data/scamper-20191102/utils.c:1317:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
wc = vsnprintf(str + *off, left, fs, ap);
data/scamper-20191102/utils.c:2284:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, len, sp, off);
data/scamper-20191102/utils/sc_ally/sc_ally.c:496:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_ally/sc_ally.c:520:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:433:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf2, buf, "(for only one responding IP)");
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:436:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf2, buf3, "(for multiple responding IPs)");
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:1254:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:1278:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_erosprober/sc_erosprober.c:284:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:497:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:738:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fsaddr, "");
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:770:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fsaddr, scamper_addr_tostr(item->addr, buf, sizeof(buf)));
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:380:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:404:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:522:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:554:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:310:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:453:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, sizeof(message), format, ap);
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:540:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:307:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:444:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/utils/sc_tracediff/sc_tracediff.c:363:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fs, a, b);
data/scamper-20191102/utils/sc_tracediff/sc_tracediff.c:369:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fs, i+1,
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:511:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, ap);
data/scamper-20191102/mjl_list.c:105:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
*r = random();
data/scamper-20191102/scamper/scamper.c:511:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((i = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/scamper/scamper_privsep.c:1341:6: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if(chroot(PRIVSEP_DIR) == -1)
data/scamper-20191102/utils.c:1661:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_usec);
data/scamper-20191102/utils.c:1676:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
*r = random();
data/scamper-20191102/utils.c:1691:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
*r = random();
data/scamper-20191102/utils.c:1706:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
*r = random();
data/scamper-20191102/utils/sc_ally/sc_ally.c:320:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:106:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((i = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_attach/sc_attach.c:196:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:904:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:6082:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_usec);
data/scamper-20191102/utils/sc_erosprober/sc_erosprober.c:147:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:286:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:428:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_ipiddump/sc_ipiddump.c:135:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:208:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:304:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:2053:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(now.tv_usec);
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:356:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:318:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:138:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:241:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_tracediff/sc_tracediff.c:74:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((i = getopt(argc, argv, "am:n?")) != -1)
data/scamper-20191102/utils/sc_ttlexp/sc_ttlexp.c:65:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:250:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/utils/sc_warts2pcap/sc_warts2pcap.c:109:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, "o:s:")) != -1)
data/scamper-20191102/utils/sc_warts2text/sc_warts2text.c:214:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((i = getopt(argc, argv, "d:")) != -1)
data/scamper-20191102/utils/sc_wartscat/sc_wartscat.c:104:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((i = getopt(argc, argv, opts)) != -1)
data/scamper-20191102/internal.h:255:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/scamper-20191102/mjl_prefixtree.c:144:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, item, sizeof(prefix4_t));
data/scamper-20191102/mjl_prefixtree.c:181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->net, net, sizeof(struct in6_addr));
data/scamper-20191102/mjl_prefixtree.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, item, sizeof(prefix6_t));
data/scamper-20191102/mjl_prefixtree.c:553:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fm.net, net, sizeof(struct in6_addr));
data/scamper-20191102/scamper/dealias/scamper_dealias.c:834:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prefixscan->probedefs[prefixscan->probedefc],
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:353:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:2033:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pfstate->probedefs[i], &pd, sizeof(pd));
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:2241:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:2243:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:2251:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:2253:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:2758:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pd[1], &pd[0], sizeof(scamper_dealias_probedef_t));
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:2962:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rg->probedefs[j], &pd[j], sizeof(scamper_dealias_probedef_t));
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:2969:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rg->probedefs[i], pd, sizeof(scamper_dealias_probedef_t));
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:3101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefixscan->probedefs, &pd0, sizeof(pd0));
data/scamper-20191102/scamper/dealias/scamper_dealias_do.c:3379:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512], tmp[64];
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], tmp[64];
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], tmp[64];
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[256], **replies = NULL, *rc = NULL, *str = NULL;
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, header, header_len); wc += header_len;
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:314:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, ", ", 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:317:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, replies[i], reply_lens[i]);
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:321:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, "]}\0", 3); wc += 3;
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:397:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, header, header_len); wc += header_len;
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, ", \"probedefs\":[", 15); wc += 15;
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:403:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, ", ", 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:406:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, pds[i], pd_lens[i]);
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, "]", 1); wc++;
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, ", \"probes\":[", 12); wc += 12;
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:417:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, ", ", 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:420:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, prs[j], pr_lens[j]);
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:424:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, "]", 1); wc++;
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:425:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, "}\n", 2); wc += 2;
data/scamper-20191102/scamper/dealias/scamper_dealias_text.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], a[64], b[64], c[32];
data/scamper-20191102/scamper/dealias/scamper_dealias_warts.c:499:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes+0, &u16, 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_warts.c:501:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes+2, &u16, 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_warts.c:506:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes+0, &u16, 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_warts.c:508:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes+2, &u16, 2);
data/scamper-20191102/scamper/dealias/scamper_dealias_warts.c:701:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &pfs, sizeof(pfs));
data/scamper-20191102/scamper/host/scamper_host_do.c:284:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qname[128];
data/scamper-20191102/scamper/host/scamper_host_do.c:407:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name+i, pktbuf+off+1, u8);
data/scamper-20191102/scamper/host/scamper_host_do.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[256], rname[256];
data/scamper-20191102/scamper/host/scamper_host_do.c:456:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exchange[256];
data/scamper-20191102/scamper/host/scamper_host_do.c:486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], str[256];
data/scamper-20191102/scamper/host/scamper_host_do.c:597:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in4, pktbuf+off, rdlength);
data/scamper-20191102/scamper/host/scamper_host_do.c:606:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in6, pktbuf+off, rdlength);
data/scamper-20191102/scamper/host/scamper_host_do.c:1133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qname[128];
data/scamper-20191102/scamper/host/scamper_host_do.c:1335:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/etc/resolv.conf", flags);
data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c:262:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sol, ((uint8_t *)nd->dst_ip->addr)+12, 4);
data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ip6_dst+12, sol, 4);
data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c:286:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip6->ip6_src, nd->src_ip->addr, 16);
data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c:287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip6->ip6_dst, ip6_dst, 16);
data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c:303:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a, &ip6->ip6_src, sizeof(struct in6_addr));
data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c:307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a, &ip6->ip6_dst, sizeof(struct in6_addr));
data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c:338:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64], b[64];
data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[64], mac[32];
data/scamper-20191102/scamper/neighbourdisc/scamper_neighbourdisc_do.c:818:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[64];
data/scamper-20191102/scamper/ping/scamper_ping_do.c:873:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->payload+off, src->addr, al);
data/scamper-20191102/scamper/ping/scamper_ping_do.c:891:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->payload+off, ping->probe_data, ping->probe_datalen);
data/scamper-20191102/scamper/ping/scamper_ping_do.c:898:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->payload+off,ping->probe_data,ping->probe_datalen);
data/scamper-20191102/scamper/ping/scamper_ping_do.c:901:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->payload+off,ping->probe_data,state->payload_len-off);
data/scamper-20191102/scamper/ping/scamper_ping_do.c:967:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state->tsps_ips[i], ping->probe_tsps->ips[i]->addr, 4);
data/scamper-20191102/scamper/ping/scamper_ping_do.c:1092:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->payload+i, &u16, 2);
data/scamper-20191102/scamper/ping/scamper_ping_do.c:1097:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->payload+i, &u16, 2);
data/scamper-20191102/scamper/ping/scamper_ping_do.c:1437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ips[4], *ptr = tsopt;
data/scamper-20191102/scamper/ping/scamper_ping_json.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], tmp[512];
data/scamper-20191102/scamper/ping/scamper_ping_json.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512], tmp[64];
data/scamper-20191102/scamper/ping/scamper_ping_json.c:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512], str[64];
data/scamper-20191102/scamper/ping/scamper_ping_json.c:354:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, header, header_len); wc += header_len;
data/scamper-20191102/scamper/ping/scamper_ping_json.c:355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, ", \"responses\":[", 15); wc += 15;
data/scamper-20191102/scamper/ping/scamper_ping_json.c:360:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, ",", 1);
data/scamper-20191102/scamper/ping/scamper_ping_json.c:363:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, replies[i], reply_lens[i]);
data/scamper-20191102/scamper/ping/scamper_ping_json.c:366:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, "],", 2); wc += 2;
data/scamper-20191102/scamper/ping/scamper_ping_json.c:369:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, stats, stats_len);
data/scamper-20191102/scamper/ping/scamper_ping_json.c:372:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, "}\n", 2); wc += 2;
data/scamper-20191102/scamper/ping/scamper_ping_text.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[192], src[64], dst[64];
data/scamper-20191102/scamper/ping/scamper_ping_text.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], a[64], rtt[32], *tcp, flags[16], tso[32], tsr[32], tst[32];
data/scamper-20191102/scamper/ping/scamper_ping_text.c:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/scamper-20191102/scamper/ping/scamper_ping_text.c:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/scamper/ping/scamper_ping_text.c:249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, header, header_len); wc += header_len;
data/scamper-20191102/scamper/ping/scamper_ping_text.c:252:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, replies[i], reply_lens[i]);
data/scamper-20191102/scamper/ping/scamper_ping_text.c:258:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, stats, stats_len);
data/scamper-20191102/scamper/scamper.c:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/scamper/scamper.c:374:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, mc->cmd, off);
data/scamper-20191102/scamper/scamper.c:379:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+off, argv[i], tmp);
data/scamper-20191102/scamper/scamper.c:475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opts[64];
data/scamper-20191102/scamper/scamper.c:1017:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/scamper-20191102/scamper/scamper.c:1031:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pidfile, flags, mode);
data/scamper-20191102/scamper/scamper_addr.c:333:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net, &p, sizeof(p));
data/scamper-20191102/scamper/scamper_addr.c:651:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net, &p, sizeof(p));
data/scamper-20191102/scamper/scamper_addr2mac.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstr[128], macstr[128];
data/scamper-20191102/scamper/scamper_addr2mac.c:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstr[128], macstr[128];
data/scamper-20191102/scamper/scamper_control.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512], *str = NULL;
data/scamper-20191102/scamper/scamper_control.c:638:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descr[256], outfile[256], type[512], sw1[4];
data/scamper-20191102/scamper/scamper_control.c:809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sab[128];
data/scamper-20191102/scamper/scamper_control.c:1025:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char autoreload[16];
data/scamper-20191102/scamper/scamper_control.c:1026:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cycles[16];
data/scamper-20191102/scamper/scamper_control.c:1027:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char priority[24];
data/scamper-20191102/scamper/scamper_control.c:1097:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/scamper/scamper_control.c:1208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[24];
data/scamper-20191102/scamper/scamper_control.c:1268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[4], *next;
data/scamper-20191102/scamper/scamper_control.c:1329:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *files[2];
data/scamper-20191102/scamper/scamper_control.c:1468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[24];
data/scamper-20191102/scamper/scamper_control.c:1636:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[1];
data/scamper-20191102/scamper/scamper_control.c:1679:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[1];
data/scamper-20191102/scamper/scamper_control.c:1716:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/scamper-20191102/scamper/scamper_control.c:1735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[1], str[1024];
data/scamper-20191102/scamper/scamper_control.c:1779:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[10], *next;
data/scamper-20191102/scamper/scamper_control.c:2191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/scamper-20191102/scamper/scamper_control.c:2238:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, o->data + client->sof_off, len);
data/scamper-20191102/scamper/scamper_control.c:2506:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/scamper/scamper_control.c:2697:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listname[512];
data/scamper-20191102/scamper/scamper_control.c:2843:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rm->buf + rm->bufoff, buf+off, y);
data/scamper-20191102/scamper/scamper_control.c:2850:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rm->buf + rm->bufoff, buf+off, x);
data/scamper-20191102/scamper/scamper_control.c:2904:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, rm->magic, 8); off += 8;
data/scamper-20191102/scamper/scamper_control.c:2909:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, monitorname, len);
data/scamper-20191102/scamper/scamper_control.c:3145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[8];
data/scamper-20191102/scamper/scamper_control.c:3309:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
random_u32(&u32); memcpy(ctrl_rem->magic+0, &u32, 4);
data/scamper-20191102/scamper/scamper_control.c:3310:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
random_u32(&u32); memcpy(ctrl_rem->magic+4, &u32, 4);
data/scamper-20191102/scamper/scamper_debug.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[16];
data/scamper-20191102/scamper/scamper_debug.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[512];
data/scamper-20191102/scamper/scamper_debug.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[16];
data/scamper-20191102/scamper/scamper_debug.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512], ts[16];
data/scamper-20191102/scamper/scamper_debug.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512], ts[16];
data/scamper-20191102/scamper/scamper_debug.c:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[512];
data/scamper-20191102/scamper/scamper_debug.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[16];
data/scamper-20191102/scamper/scamper_debug.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[64];
data/scamper-20191102/scamper/scamper_debug.c:282:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, flags, mode);
data/scamper-20191102/scamper/scamper_dl.c:580:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pf, pkt, 4);
data/scamper-20191102/scamper/scamper_dl.c:678:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&type, pkt+16, 2); type = ntohs(type);
data/scamper-20191102/scamper/scamper_dl.c:705:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(dev, O_RDWR)) == -1)
data/scamper-20191102/scamper/scamper_dl.c:727:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[16];
data/scamper-20191102/scamper/scamper_dl.c:781:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/scamper-20191102/scamper/scamper_dl.c:888:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/scamper-20191102/scamper/scamper_dl.c:1042:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/scamper-20191102/scamper/scamper_dl.c:1238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[5+IFNAMSIZ];
data/scamper-20191102/scamper/scamper_dl.c:1248:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(ifname, O_RDWR)) == -1)
data/scamper-20191102/scamper/scamper_dl.c:1351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/scamper-20191102/scamper/scamper_dl.c:1630:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/scamper-20191102/scamper/scamper_dl.c:1649:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64], ipid[16];
data/scamper-20191102/scamper/scamper_dl.c:1679:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/scamper-20191102/scamper/scamper_dl.c:1680:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[32], *flags;
data/scamper-20191102/scamper/scamper_dl.c:1681:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos[32];
data/scamper-20191102/scamper/scamper_dl.c:1682:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipid[16];
data/scamper-20191102/scamper/scamper_dl.c:1695:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flags, tcpflags[i], 3); flags += 3;
data/scamper-20191102/scamper/scamper_dl.c:1735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/scamper-20191102/scamper/scamper_dl.c:1736:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[256];
data/scamper-20191102/scamper/scamper_dl.c:1737:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char icmp[256];
data/scamper-20191102/scamper/scamper_dl.c:1738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inner_ip[256];
data/scamper-20191102/scamper/scamper_dl.c:1739:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inner_transport[256];
data/scamper-20191102/scamper/scamper_dlhdr.c:58:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dlhdr->buf, mac->addr, 6);
data/scamper-20191102/scamper/scamper_fds.c:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/scamper-20191102/scamper/scamper_fds.c:199:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[144];
data/scamper-20191102/scamper/scamper_fds.c:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/scamper/scamper_fds.c:1796:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, a, l);
data/scamper-20191102/scamper/scamper_file.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_str[256];
data/scamper-20191102/scamper/scamper_file.c:827:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(mode == 'r') fd = open(filename, flags);
data/scamper-20191102/scamper/scamper_file.c:828:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fd = open(filename, flags, mo);
data/scamper-20191102/scamper/scamper_file_arts.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk16, buf, 2);
data/scamper-20191102/scamper/scamper_file_arts.c:119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, buf+2, 4);
data/scamper-20191102/scamper/scamper_file_arts.c:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, buf+6, 4);
data/scamper-20191102/scamper/scamper_file_arts.c:129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, buf+16, 4);
data/scamper-20191102/scamper/scamper_file_arts.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, buf+12, 4);
data/scamper-20191102/scamper/scamper_file_arts.c:156:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, tmp + i, 4); junk32 = ntohl(junk32);
data/scamper-20191102/scamper/scamper_file_arts.c:167:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, tmp + i + 8, 4);
data/scamper-20191102/scamper/scamper_file_arts.c:173:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, tmp + i + 4, 4);
data/scamper-20191102/scamper/scamper_file_arts.c:260:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, buf+i, 4); i += 4;
data/scamper-20191102/scamper/scamper_file_arts.c:432:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, buf+i, 4); i += 4; junk32 = ntohl(junk32);
data/scamper-20191102/scamper/scamper_file_arts.c:438:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, buf+i, 4); i += 4; junk32 = ntohl(junk32);
data/scamper-20191102/scamper/scamper_file_arts.c:449:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, buf+i, 4); i += 4;
data/scamper-20191102/scamper/scamper_file_arts.c:454:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&junk32, buf+i, 4); i += 4;
data/scamper-20191102/scamper/scamper_file_json.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/scamper-20191102/scamper/scamper_file_json.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/scamper-20191102/scamper/scamper_file_text.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/scamper-20191102/scamper/scamper_file_warts.c:295:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*off], addr->addr, size);
data/scamper-20191102/scamper/scamper_file_warts.c:306:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*off], &id, size);
data/scamper-20191102/scamper/scamper_file_warts.c:318:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*off], &tmp, 2);
data/scamper-20191102/scamper/scamper_file_warts.c:328:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*off], &tmp, 4);
data/scamper-20191102/scamper/scamper_file_warts.c:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*off], &tmp, 4);
data/scamper-20191102/scamper/scamper_file_warts.c:367:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *off, vin, *count);
data/scamper-20191102/scamper/scamper_file_warts.c:403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *off, &t32, 4); *off += 4;
data/scamper-20191102/scamper/scamper_file_warts.c:406:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *off, &t32, 4); *off += 4;
data/scamper-20191102/scamper/scamper_file_warts.c:451:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u32, &buf[*off], 4); u32 = ntohl(u32);
data/scamper-20191102/scamper/scamper_file_warts.c:516:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf + *off, 2); *off += 2;
data/scamper-20191102/scamper/scamper_file_warts.c:526:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf + *off, 4); *off += 4;
data/scamper-20191102/scamper/scamper_file_warts.c:537:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u32, buf + *off, 4); *off += 4;
data/scamper-20191102/scamper/scamper_file_warts.c:582:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*out, buf + *off, *req);
data/scamper-20191102/scamper/scamper_file_warts.c:603:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf + *off, *req);
data/scamper-20191102/scamper/scamper_file_warts.c:1877:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, &buf[*off], 2);
data/scamper-20191102/scamper/scamper_file_warts.c:1892:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u16, &buf[*off], 2); u16 = ntohs(u16);
data/scamper-20191102/scamper/scamper_file_warts.c:1938:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*off + 2 + tmp], &u16, 2); tmp += 2;
data/scamper-20191102/scamper/scamper_file_warts.c:1947:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*off + 2 + tmp], ie->ie_data, ie->ie_dl);
data/scamper-20191102/scamper/scamper_file_warts.c:1954:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*off], &u16, 2);
data/scamper-20191102/scamper/scamper_file_warts.c:1991:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offs[16];
data/scamper-20191102/scamper/scamper_firewall.c:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&insn_ip6->addr6, s, 16);
data/scamper-20191102/scamper/scamper_firewall.c:346:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&insn_ip6->addr6, d, 16);
data/scamper-20191102/scamper/scamper_firewall.c:441:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(insn_u32->d, s, 4);
data/scamper-20191102/scamper/scamper_firewall.c:449:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&insn_ip6->addr6, s, 16);
data/scamper-20191102/scamper/scamper_firewall.c:483:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(insn_u32->d, d, 4);
data/scamper-20191102/scamper/scamper_firewall.c:491:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&insn_ip6->addr6, d, 16);
data/scamper-20191102/scamper/scamper_firewall.c:600:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fw.fw_src, s, 4);
data/scamper-20191102/scamper/scamper_firewall.c:602:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fw.fw_dst, d, 4);
data/scamper-20191102/scamper/scamper_firewall.c:625:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fw6.fw_src, s, 16);
data/scamper-20191102/scamper/scamper_firewall.c:628:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fw6.fw_dst, d, 16);
data/scamper-20191102/scamper/scamper_firewall.c:850:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((pf_fd = open("/dev/pf", O_RDWR)) == -1)
data/scamper-20191102/scamper/scamper_firewall.c:889:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char anchor[PF_ANCHOR_NAME_SIZE];
data/scamper-20191102/scamper/scamper_firewall.c:937:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pfr.rule.src.addr.v.a.addr.v4, s, 4);
data/scamper-20191102/scamper/scamper_firewall.c:939:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pfr.rule.dst.addr.v.a.addr.v4, d, 4);
data/scamper-20191102/scamper/scamper_firewall.c:944:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pfr.rule.src.addr.v.a.addr.v6, s, 16);
data/scamper-20191102/scamper/scamper_firewall.c:946:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pfr.rule.src.addr.v.a.addr.v6, d, 16);
data/scamper-20191102/scamper/scamper_getsrc.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/scamper/scamper_icmp4.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 8, probe->pr_data, probe->pr_len);
data/scamper-20191102/scamper/scamper_icmp4.c:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+2, &csum, 2);
data/scamper-20191102/scamper/scamper_icmp4.c:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/scamper/scamper_icmp4.c:392:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ir->ir_inner_ipopt_tsips[i], ptr, 4);
data/scamper-20191102/scamper/scamper_icmp4.c:428:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ir->ir_ipopt_tsips[i], ptr, 4);
data/scamper-20191102/scamper/scamper_icmp4.c:546:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ir->ir_ip_src.v4, &ip->ip_src, sizeof(struct in_addr));
data/scamper-20191102/scamper/scamper_icmp4.c:656:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&resp->ir_inner_ip_dst.v4, &ip_outer->ip_src,
data/scamper-20191102/scamper/scamper_icmp4.c:700:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&resp->ir_inner_ip_dst.v4, &ip_inner->ip_dst,
data/scamper-20191102/scamper/scamper_icmp4.c:840:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/scamper-20191102/scamper/scamper_icmp6.c:158:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + ip6hlen + icmp6hlen, probe->pr_data, probe->pr_len);
data/scamper-20191102/scamper/scamper_icmp6.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/scamper/scamper_icmp6.c:223:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txbuf + icmphdrlen, probe->pr_data, probe->pr_len);
data/scamper-20191102/scamper/scamper_icmp6.c:312:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&resp->ir_ip_src.v6, &from->sin6_addr, sizeof(struct in6_addr));
data/scamper-20191102/scamper/scamper_icmp6.c:412:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&resp->ir_inner_ip_dst.v6, &from.sin6_addr,
data/scamper-20191102/scamper/scamper_icmp6.c:486:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&resp->ir_inner_ip_dst.v6, &ip->ip6_dst, sizeof(struct in6_addr));
data/scamper-20191102/scamper/scamper_icmp_resp.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/scamper-20191102/scamper/scamper_icmp_resp.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[256];
data/scamper-20191102/scamper/scamper_icmp_resp.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char icmp[256];
data/scamper-20191102/scamper/scamper_icmp_resp.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inner_ip[256];
data/scamper-20191102/scamper/scamper_icmp_resp.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inner_transport[256];
data/scamper-20191102/scamper/scamper_icmp_resp.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[256];
data/scamper-20191102/scamper/scamper_icmpext.c:91:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dl, u8+off, 2);
data/scamper-20191102/scamper/scamper_icmpext.c:168:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&unn->un.v6, u8 + off, u16);
data/scamper-20191102/scamper/scamper_icmpext.c:177:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(unn->name, &u8[off+1], u8[off]-1);
data/scamper-20191102/scamper/scamper_icmpext.h:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/scamper-20191102/scamper/scamper_if.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/scamper-20191102/scamper/scamper_if.c:193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, ifr.ifr_hwaddr.sa_data, 6);
data/scamper-20191102/scamper/scamper_if.c:212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, row.bPhysAddr, 6);
data/scamper-20191102/scamper/scamper_if.c:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[5+IFNAMSIZ];
data/scamper-20191102/scamper/scamper_if.c:234:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(ifname, O_RDWR)) == -1)
data/scamper-20191102/scamper/scamper_if.c:275:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, ctl.buf+ack->dl_addr_offset, 6);
data/scamper-20191102/scamper/scamper_if.c:318:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, LLADDR(sdl), 6);
data/scamper-20191102/scamper/scamper_ip4.c:214:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, &opt->opt_v4tsps_ips[j], 4); off += 4;
data/scamper-20191102/scamper/scamper_ip4.c:273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + ip4hlen, probe->pr_data, probe->pr_len);
data/scamper-20191102/scamper/scamper_ip6.c:90:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, &opt->opt_v6rh0_ips[i], 16);
data/scamper-20191102/scamper/scamper_ip6.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, &ip6->ip6_dst, 16);
data/scamper-20191102/scamper/scamper_ip6.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip6->ip6_dst, &opt->opt_v6rh0_ips[0], 16);
data/scamper-20191102/scamper/scamper_ip6.c:217:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip6->ip6_src, probe->pr_ip_src->addr, 16);
data/scamper-20191102/scamper/scamper_ip6.c:218:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip6->ip6_dst, probe->pr_ip_dst->addr, 16);
data/scamper-20191102/scamper/scamper_ip6.c:335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + ip6hlen, probe->pr_data, probe->pr_len);
data/scamper-20191102/scamper/scamper_linepoll.c:121:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bbuf, lp->buf, lp->len);
data/scamper-20191102/scamper/scamper_linepoll.c:122:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bbuf+lp->len, buf, i+1);
data/scamper-20191102/scamper/scamper_linepoll.c:169:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lp->buf+lp->len, buf, len);
data/scamper-20191102/scamper/scamper_linepoll.c:218:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lp->buf, buf+s, lp->len);
data/scamper-20191102/scamper/scamper_outfiles.c:234:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, flags, mode);
data/scamper-20191102/scamper/scamper_outfiles.c:291:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, flags, mode);
data/scamper-20191102/scamper/scamper_privsep.c:365:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, param+off, al); off += al;
data/scamper-20191102/scamper/scamper_privsep.c:369:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, param+off, al);
data/scamper-20191102/scamper/scamper_privsep.c:508:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, param+off, al); off += al;
data/scamper-20191102/scamper/scamper_privsep.c:509:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, param+off, al); off += al;
data/scamper-20191102/scamper/scamper_privsep.c:633:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&flags, param, sizeof(int));
data/scamper-20191102/scamper/scamper_privsep.c:672:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, flags, mode);
data/scamper-20191102/scamper/scamper_privsep.c:674:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, flags);
data/scamper-20191102/scamper/scamper_privsep.c:701:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &rc, sizeof(int));
data/scamper-20191102/scamper/scamper_privsep.c:702:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+sizeof(int), &error, sizeof(int));
data/scamper-20191102/scamper/scamper_privsep.c:990:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, &p1, sizeof(p1));
data/scamper-20191102/scamper/scamper_privsep.c:999:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+off, &p1, sizeof(p1)); off += sizeof(p1);
data/scamper-20191102/scamper/scamper_privsep.c:1000:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+off, &p2, sizeof(p2)); off += sizeof(p2);
data/scamper-20191102/scamper/scamper_privsep.c:1001:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+off, &p3, sizeof(p3));
data/scamper-20191102/scamper/scamper_privsep.c:1042:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, &flags, sizeof(flags)); off = sizeof(flags);
data/scamper-20191102/scamper/scamper_privsep.c:1045:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+off, &mode, sizeof(mode));
data/scamper-20191102/scamper/scamper_privsep.c:1050:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+off, file, len-off);
data/scamper-20191102/scamper/scamper_privsep.c:1085:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, addr, 4);
data/scamper-20191102/scamper/scamper_privsep.c:1130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &af, sizeof(af)); len += sizeof(af);
data/scamper-20191102/scamper/scamper_privsep.c:1131:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &n, sizeof(n)); len += sizeof(n);
data/scamper-20191102/scamper/scamper_privsep.c:1132:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &p, sizeof(p)); len += sizeof(p);
data/scamper-20191102/scamper/scamper_privsep.c:1133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, s, al); len += al;
data/scamper-20191102/scamper/scamper_privsep.c:1136:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, d, al);
data/scamper-20191102/scamper/scamper_privsep.c:1139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &sp, sizeof(sp)); len += sizeof(sp);
data/scamper-20191102/scamper/scamper_privsep.c:1140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &dp, sizeof(dp)); len += sizeof(dp);
data/scamper-20191102/scamper/scamper_privsep.c:1149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &n, sizeof(int)); len += sizeof(n);
data/scamper-20191102/scamper/scamper_privsep.c:1150:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &af, sizeof(int)); len += sizeof(af);
data/scamper-20191102/scamper/scamper_privsep.c:1178:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &af, sizeof(af)); len += sizeof(af);
data/scamper-20191102/scamper/scamper_privsep.c:1179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &n, sizeof(n)); len += sizeof(n);
data/scamper-20191102/scamper/scamper_privsep.c:1180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &p, sizeof(p)); len += sizeof(p);
data/scamper-20191102/scamper/scamper_privsep.c:1181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, s, al); len += al;
data/scamper-20191102/scamper/scamper_privsep.c:1182:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, d, al); len += al;
data/scamper-20191102/scamper/scamper_privsep.c:1183:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &sp, sizeof(sp)); len += sizeof(sp);
data/scamper-20191102/scamper/scamper_privsep.c:1184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param+len, &dp, sizeof(dp)); len += sizeof(dp);
data/scamper-20191102/scamper/scamper_privsep.c:1192:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, &n, sizeof(int));
data/scamper-20191102/scamper/scamper_probe.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcp[16];
data/scamper-20191102/scamper/scamper_probe.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos[32];
data/scamper-20191102/scamper/scamper_probe.c:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/scamper/scamper_probe.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char icmp[16];
data/scamper-20191102/scamper/scamper_probe.c:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tos[8];
data/scamper-20191102/scamper/scamper_probe.c:488:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt, dlhdr->buf, dlhdr->len);
data/scamper-20191102/scamper/scamper_probe.c:920:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pktbuf+pad, probe->pr_dl_buf, probe->pr_dl_len);
data/scamper-20191102/scamper/scamper_rtsock.c:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/scamper-20191102/scamper/scamper_rtsock.c:299:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(struct rt_msghdr), &sas, (size_t)slen);
data/scamper-20191102/scamper/scamper_rtsock.c:384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), dst->addr, dst_len);
data/scamper-20191102/scamper/scamper_rtsock.c:420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rta_data[64];
data/scamper-20191102/scamper/scamper_source_cmdline.c:68:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, cmd, cmdlen);
data/scamper-20191102/scamper/scamper_source_cmdline.c:76:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*out)+cmdlen+1, addr, addrlen + 1);
data/scamper-20191102/scamper/scamper_source_control.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/scamper/scamper_source_file.c:122:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/scamper-20191102/scamper/scamper_source_file.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_buf[256], *cmd = NULL;
data/scamper-20191102/scamper/scamper_source_file.c:209:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd, ssf->command, ssf->command_len);
data/scamper-20191102/scamper/scamper_source_file.c:211:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd + ssf->command_len + 1, str, len+1);
data/scamper-20191102/scamper/scamper_source_tsps.c:102:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/scamper-20191102/scamper/scamper_source_tsps.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bits[5];
data/scamper-20191102/scamper/scamper_source_tsps.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cb[256];
data/scamper-20191102/scamper/scamper_sources.c:829:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/scamper-20191102/scamper/scamper_sources.c:1122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/scamper/scamper_sources.c:1270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[512];
data/scamper-20191102/scamper/scamper_sources.c:1951:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/scamper/scamper_task.c:362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/scamper-20191102/scamper/scamper_tcp4.c:105:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+2, probe->pr_tcp_fo_cookie, probe->pr_tcp_fo_cookielen);
data/scamper-20191102/scamper/scamper_tcp4.c:119:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+4, probe->pr_tcp_fo_cookie, probe->pr_tcp_fo_cookielen);
data/scamper-20191102/scamper/scamper_tcp4.c:221:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + tcphlen, probe->pr_data, probe->pr_len);
data/scamper-20191102/scamper/scamper_tcp4.c:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/scamper/scamper_tcp4.c:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/scamper-20191102/scamper/scamper_tcp6.c:97:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+2, probe->pr_tcp_fo_cookie, probe->pr_tcp_fo_cookielen);
data/scamper-20191102/scamper/scamper_tcp6.c:111:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+4, probe->pr_tcp_fo_cookie, probe->pr_tcp_fo_cookielen);
data/scamper-20191102/scamper/scamper_tcp6.c:136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a, &ip6->ip6_src, sizeof(struct in6_addr));
data/scamper-20191102/scamper/scamper_tcp6.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a, &ip6->ip6_dst, sizeof(struct in6_addr));
data/scamper-20191102/scamper/scamper_tcp6.c:274:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + ip6hlen + tcphlen, probe->pr_data, probe->pr_len);
data/scamper-20191102/scamper/scamper_tcp6.c:301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/scamper-20191102/scamper/scamper_udp4.c:105:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 8, probe->pr_data, probe->pr_len);
data/scamper-20191102/scamper/scamper_udp4.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/scamper/scamper_udp4.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/scamper-20191102/scamper/scamper_udp4.c:263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/scamper-20191102/scamper/scamper_udp6.c:115:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + ip6hlen + 8, probe->pr_data, probe->pr_len);
data/scamper-20191102/scamper/scamper_udp6.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/scamper/scamper_udp6.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/scamper/scamper_writebuf.c:159:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iov[i], slist_node_item(node), sizeof(struct iovec));
data/scamper-20191102/scamper/scamper_writebuf.c:328:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)wb->tail->iov_base + wb->tail->iov_len, data, x);
data/scamper-20191102/scamper/sting/scamper_sting_text.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[192], src[64], dst[64];
data/scamper-20191102/scamper/tbit/scamper_tbit.c:157:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, pktptr+2, *l);
data/scamper-20191102/scamper/tbit/scamper_tbit.c:164:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, pktptr+4, *l);
data/scamper-20191102/scamper/tbit/scamper_tbit_do.c:421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64], buf[16];
data/scamper-20191102/scamper/tbit/scamper_tbit_do.c:851:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+off, frag->data, frag->datalen);
data/scamper-20191102/scamper/tbit/scamper_tbit_do.c:1123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/scamper/tbit/scamper_tbit_do.c:1152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/scamper-20191102/scamper/tbit/scamper_tbit_do.c:3724:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pr->pr_tcp_sack, tp->tp_sack, 32);
data/scamper-20191102/scamper/tbit/scamper_tbit_json.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], tmp[128], *str;
data/scamper-20191102/scamper/tbit/scamper_tbit_json.c:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], tmp[128];
data/scamper-20191102/scamper/tbit/scamper_tbit_json.c:483:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, header, header_len); wc += header_len;
data/scamper-20191102/scamper/tbit/scamper_tbit_json.c:484:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, ", \"pkts\":[", 10); wc += 10;
data/scamper-20191102/scamper/tbit/scamper_tbit_json.c:489:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, ", ", 2);
data/scamper-20191102/scamper/tbit/scamper_tbit_json.c:492:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, pkts[i], pkt_lens[i]);
data/scamper-20191102/scamper/tbit/scamper_tbit_json.c:495:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+wc, "]}\n", 3); wc += 3;
data/scamper-20191102/scamper/tbit/scamper_tbit_text.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[131072], *str;
data/scamper-20191102/scamper/tbit/scamper_tbit_text.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[64], dst[64], tmp[256], ipid[12], fstr[32], tfstr[32], sack[128];
data/scamper-20191102/scamper/tbit/scamper_tbit_warts.c:750:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *off, cookie, *count);
data/scamper-20191102/scamper/tbit/scamper_tbit_warts.c:764:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out+1, buf + *off, cookielen);
data/scamper-20191102/scamper/trace/scamper_trace_do.c:3749:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, trace->payload, trace->payload_len);
data/scamper-20191102/scamper/trace/scamper_trace_do.c:3795:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/trace/scamper_trace_do.c:3813:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/trace/scamper_trace_do.c:3818:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/trace/scamper_trace_json.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], tmp[128];
data/scamper-20191102/scamper/trace/scamper_trace_json.c:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512], tmp[64];
data/scamper-20191102/scamper/trace/scamper_trace_text.c:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[64], dst[64], header[192];
data/scamper-20191102/scamper/trace/scamper_trace_text.c:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_hop[256];
data/scamper-20191102/scamper/trace/scamper_trace_text.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_addr[64];
data/scamper-20191102/scamper/trace/scamper_trace_text.c:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_rtt[24];
data/scamper-20191102/scamper/trace/scamper_trace_text.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_icmp[128];
data/scamper-20191102/scamper/trace/scamper_trace_text.c:297:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str_addrs[i], str_addr, len+1);
data/scamper-20191102/scamper/trace/scamper_trace_text.c:360:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+len, str_rtts[i], len_rtts[i]);
data/scamper-20191102/scamper/trace/scamper_trace_text.c:367:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+len, str_addrs[i], len_addrs[i]);
data/scamper-20191102/scamper/trace/scamper_trace_text.c:370:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+len, str_rtts[i], len_rtts[i]);
data/scamper-20191102/scamper/trace/scamper_trace_text.c:405:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[24];
data/scamper-20191102/scamper/trace/scamper_trace_text.c:506:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], addr[128];
data/scamper-20191102/scamper/tracelb/scamper_tracelb.c:861:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trace->nodes, nodes, trace->nodec*sizeof(scamper_tracelb_node_t *));
data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.c:500:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096], addr[64];
data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.c:560:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], addr[64];
data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.c:2504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[64], to[64];
data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.c:2972:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[64], t[64];
data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.c:4229:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.c:4239:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.c:4251:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_do.c:4256:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probe.pr_data, &u16, 2);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512], tmp[128];
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048], tmp[256];
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], tmp[64], *dup = NULL;
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048], tmp[512], *dup = NULL;
data/scamper-20191102/scamper/tracelb/scamper_tracelb_text.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[64];
data/scamper-20191102/scamper/tracelb/scamper_tracelb_text.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], src[64], dst[64];
data/scamper-20191102/utils.c:79:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, addr_in, size);
data/scamper-20191102/utils.c:97:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, sa, (size_t)len);
data/scamper-20191102/utils.c:118:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(addr != NULL) memcpy(&sin4->sin_addr, addr, sizeof(struct in_addr));
data/scamper-20191102/utils.c:126:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(addr != NULL) memcpy(&sin6->sin6_addr, addr, sizeof(struct in6_addr));
data/scamper-20191102/utils.c:229:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, sdl->sdl_data, sdl->sdl_nlen);
data/scamper-20191102/utils.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/utils.c:441:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, ptr, len);
data/scamper-20191102/utils.c:882:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(struct timeval));
data/scamper-20191102/utils.c:1382:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((uint8_t *)dst) + *off, src, len);
data/scamper-20191102/utils.c:1427:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u16, bytes, 2);
data/scamper-20191102/utils.c:1434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u32, bytes, 4);
data/scamper-20191102/utils.c:1441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes, &tmp, 2);
data/scamper-20191102/utils.c:1448:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes, &tmp, 4);
data/scamper-20191102/utils.c:2245:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(filename, O_RDONLY)) < 0)
data/scamper-20191102/utils.c:2254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sp[8];
data/scamper-20191102/utils.h:74:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memdup(ptr, len) memcpy(malloc(len), ptr, len)
data/scamper-20191102/utils/sc_ally/sc_ally.c:462:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((text = fopen(opt_text, "w")) == NULL)
data/scamper-20191102/utils/sc_ally/sc_ally.c:493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/scamper-20191102/utils/sc_ally/sc_ally.c:513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[32];
data/scamper-20191102/utils/sc_ally/sc_ally.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64], icmp[10], tcp[10], udp[10];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ab[64], bb[64];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1559:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[512];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1622:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outfile_fd = open(outfile_name, flags, mode)) == -1)
data/scamper-20191102/utils/sc_ally/sc_ally.c:1907:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1938:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ab[64], bb[64];
data/scamper-20191102/utils/sc_ally/sc_ally.c:1966:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64], b[64];
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opts[48];
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:103:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(opts, "gG:");
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:113:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skip_numlines = atoi(optarg);
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:118:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_numlines = atoi(optarg);
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64], buf2[64], buf3[256];
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:518:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rtt[64];
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:571:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[256], dst[256], rtt[256];
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:586:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rtt[128], addr[128];
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], path_complete;
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:739:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_analysis_dump/sc_analysis_dump.c:794:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_attach/sc_attach.c:363:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outfile_fd = open(outfile_name, flags, mode)) == -1)
data/scamper-20191102/utils/sc_attach/sc_attach.c:567:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:597:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[32768];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:1224:39: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(logfile_fn != NULL && (logfile = fopen(logfile_fn, "w")) == NULL)
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:1248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[131072];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:1272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[131072];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:1885:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:1970:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:3320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64], buf2[64];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:3732:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], rtt[128];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:3787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:3836:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:3966:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[128], b[128];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:4038:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[64];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:4055:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ab[64], bb[64];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:4150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ab[64], bb[64];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:4304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[32], b[32], ab[32];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:4387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[384], ab[32], bb[32];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:4742:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256], buf[128];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:4787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:4815:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5036:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5057:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(readbuf+readbuf_len, buf, rc);
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5414:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u32 = atoi(a);
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5700:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in, &nest->pfx->pfx.v6->net, sizeof(struct in6_addr));
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5706:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x, &nest->pfx->pfx.v6->net, sizeof(struct in6_addr));
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5711:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&y, &nest2->pfx->pfx.v6->net, sizeof(struct in6_addr));
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5714:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in, &x, sizeof(struct in6_addr));
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5722:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, &nest->pfx->pfx.v6->net, sizeof(struct in6_addr));
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5726:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in, &x, sizeof(struct in6_addr));
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:7806:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_erosprober/sc_erosprober.c:265:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if((logfile = fopen(opt_log, "w")) == NULL)
data/scamper-20191102/utils/sc_erosprober/sc_erosprober.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[131072];
data/scamper-20191102/utils/sc_erosprober/sc_erosprober.c:438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_erosprober/sc_erosprober.c:539:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[256], buf[128];
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:462:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((logfile = fopen(opt_log, "w")) == NULL)
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:491:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[131072];
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:698:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fsaddr[30], buf[128];
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], cmd[512];
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:1168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:1213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:1274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[32]; /* the character for the nibble */
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048]; /* regex built so far */
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:769:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:778:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, tmp, r + 1); off += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:1448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:1457:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &S[pt->S_start], pt->S_end - pt->S_start + 1);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:1964:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp->css, eval_p, len);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2090:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(css->css+css->len, &S[pt->S_start], pt->S_end - pt->S_start + 1);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2234:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->css+out->len, ifd->label+l, r - l + 1);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2571:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(css->css + css->len, dup, len);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2692:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512], tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2759:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, tmp, r); off += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2810:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, tmp, r); off += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:3112:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(css->css+off, iface->name + rew->ovector[2*i], l);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:3321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:3335:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ptr, c);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:3369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:3386:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ptr, c);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:3906:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *dup = NULL;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:4334:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *so[200][2]; /* string offsets */
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:4340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:4448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:4756:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best, cp, sizeof(sc_charpos_t));
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:4801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, *ptr, buf[256];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:5173:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(css->css, ifd->label, len+1);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:5220:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(css->css+off, ifd->label, ip_s);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:5226:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(css->css+off, ifd->label + ip_e + 1, len - ip_e - 1);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:5253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifd->label, iface->name, len-1);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6746:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *to, tmp, r + 1);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6771:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6800:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6827:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6860:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6872:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6890:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6953:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6987:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:6998:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7034:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7053:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7076:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7106:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7163:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7249:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7305:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+to, tmp, r); to += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7327:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rb->buf, buf, off);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7377:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048], tmp[2048];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7460:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, tmp, to); off += to;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7481:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, tmp, r); off += r;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7493:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, dom->escape, dom->escapel); off += dom->escapel;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7835:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7877:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:7924:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:8306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:8659:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:9119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:9579:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+off, ss->seg, segl + 1); off += segl;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:10013:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], rebuf[256], *ptr = NULL;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:10178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LAa, La, Lc * 2 * sizeof(int));
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:10410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:10795:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *str;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:11571:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], score[128];
data/scamper-20191102/utils/sc_ipiddump/sc_ipiddump.c:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char probe_src[128], addr[128], ipid[10];
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:333:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((text = fopen(opt_log, "w")) == NULL)
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:377:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[32];
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:398:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:710:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64], icmp[10], tcp[10], udp[10];
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:832:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64], b[64], ab[64];
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:871:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:915:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64], b[64], *meth;
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:983:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[512];
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:1192:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outfile_fd = open(outfile_name, flags, mode)) == -1)
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:1228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:1458:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64], b[64], ab[64];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:491:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((logfile = fopen(opt_logfile, "w")) == NULL)
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:519:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:547:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[32];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:548:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:599:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:684:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:800:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[256];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:826:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256], buf[64], header[128];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:1165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:1269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:1289:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(readbuf+readbuf_len, buf, rc);
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:1549:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outfile_fd = open(outfile_name, flags, mode)) == -1)
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:1811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[32], b[32];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:1968:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:2045:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[10];
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[512], ts[16];
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:794:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sab[128], filename[65535], tmp[512];
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:931:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp+8, sab, off + 1);
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:1050:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ms->buf + ms->buf_offset, buf+off, y);
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:1056:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ms->buf + ms->buf_offset, buf+off, x);
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:1258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[65535];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[255+1];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:439:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((aliasfile = fopen(opt_aliasfile, "a")) == NULL)
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:474:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if((logfile = fopen(opt_log, "w")) == NULL)
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:535:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[131072];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:851:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:1202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64], buf[131072];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:1637:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:1700:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:1710:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:1815:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:1854:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[192], addr[64];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:1950:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[64];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:2319:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:2364:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64], b[64], r[16];
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:67:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[512];
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:247:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((text = fopen(opt_text, "w")) == NULL)
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:288:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((comp = fopen(opt_comp, "a")) == NULL)
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time[32], msg[512];
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:380:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:576:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:596:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(readbuf+readbuf_len, buf, rc);
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:763:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:111:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char command_buf[512];
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:397:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((text = fopen(opt_text, "w")) == NULL)
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:407:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((comp = fopen(opt_comp, "a")) == NULL)
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time[32], msg[512];
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:636:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:748:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(pos);
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:793:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tu->size = atoi(size);
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:840:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:860:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(readbuf+readbuf_len, buf, rc);
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:1038:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:1104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:1411:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u32 = atoi(a);
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:1604:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:1794:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_tracediff/sc_tracediff.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/scamper-20191102/utils/sc_tracediff/sc_tracediff.c:310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[32], a[256], b[256];
data/scamper-20191102/utils/sc_tracediff/sc_tracediff.c:426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_ttlexp/sc_ttlexp.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[128];
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:494:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((logfile = fopen(opt_log, "w")) == NULL)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[131072];
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:584:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[256], buf[128];
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:702:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:898:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2053:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2997:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_warts2csv/sc_warts2csv.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[128], dst[128], addr[128], rtt[32], type[32], stop[32];
data/scamper-20191102/utils/sc_warts2pcap/sc_warts2pcap.c:329:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((outfile_fd = fopen(outfile_name, "w")) == NULL)
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ctime(&tt), 24); buf[24] = '\0';
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[256];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[32];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[256], dst[256];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:682:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:780:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:924:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[128], src[128];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:986:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:1169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[64], b[64];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:1274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[64], dst[64], buf[128], ipid[12], fstr[32], tfstr[32], sack[64];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:1605:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[64], dst[64], buf[32], ipid[12], tfstr[32], *dir;
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:1753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[64], dst[64], buf[32], *str;
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:1828:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:1879:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:1958:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:1965:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ctime(&tt), 24); buf[24] = '\0';
data/scamper-20191102/utils/sc_wartsdump/sc_wartsdump.c:1984:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offs[16];
data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c:67:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((in = open(argv[1], O_RDONLY)) < 0)
data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c:78:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((out = open(fixname, O_WRONLY | O_TRUNC | O_CREAT | O_EXCL, mode)) < 0)
data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c:101:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u16, hdr, 2); u16 = ntohs(u16);
data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c:108:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u32, hdr+4, 4); u32 = ntohl(u32);
data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c:117:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, hdr, 8);
data/scamper-20191102/internal.h:256:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:299:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reply_lens[i] = strlen(replies[i]);
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:360:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (header_len = strlen(header));
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:373:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pd_lens[i] = strlen(pds[i]);
data/scamper-20191102/scamper/dealias/scamper_dealias_json.c:390:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pr_lens[j] = strlen(prs[j]);
data/scamper-20191102/scamper/dealias/scamper_dealias_text.c:66:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_wrap(fd, buf, NULL, strlen(buf));
data/scamper-20191102/scamper/dealias/scamper_dealias_warts.c:1567:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int (*const read[])(scamper_dealias_t *,warts_state_t *,
data/scamper-20191102/scamper/dealias/scamper_dealias_warts.c:1617:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read[dealias->method-1](dealias, state, table, &defs, &defc,
data/scamper-20191102/scamper/ping/scamper_ping_do.c:1636:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(opt->str);
data/scamper-20191102/scamper/ping/scamper_ping_json.c:320:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (header_len = strlen(header));
data/scamper-20191102/scamper/ping/scamper_ping_json.c:340:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (reply_lens[j] = strlen(replies[j]));
data/scamper-20191102/scamper/ping/scamper_ping_json.c:349:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (stats_len = strlen(stats));
data/scamper-20191102/scamper/ping/scamper_ping_text.c:213:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (header_len = strlen(header));
data/scamper-20191102/scamper/ping/scamper_ping_text.c:232:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (reply_lens[j] = strlen(replies[j]));
data/scamper-20191102/scamper/ping/scamper_ping_text.c:242:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (stats_len = strlen(stats));
data/scamper-20191102/scamper/scamper.c:363:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mc->cmd) + 1;
data/scamper-20191102/scamper/scamper.c:366:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i]) + 1;
data/scamper-20191102/scamper/scamper.c:373:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off = strlen(mc->cmd);
data/scamper-20191102/scamper/scamper.c:378:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = strlen(argv[i]);
data/scamper-20191102/scamper/scamper.c:485:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t argv0 = strlen(argv[0]);
data/scamper-20191102/scamper/scamper.c:492:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(multicall[m].argv0);
data/scamper-20191102/scamper/scamper.c:1043:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/scamper-20191102/scamper/scamper_control.c:327:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "off", len);
data/scamper-20191102/scamper/scamper_control.c:329:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "on", len);
data/scamper-20191102/scamper/scamper_control.c:1106:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/scamper-20191102/scamper/scamper_control.c:2150:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rrc = read(fd, buf, sizeof(buf))) < 0)
data/scamper-20191102/scamper/scamper_control.c:2886:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(monitorname) > 254)
data/scamper-20191102/scamper/scamper_control.c:2899:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 1 + 1 + 8 + 1 + (monitorname != NULL ? strlen(monitorname) + 1 : 0);
data/scamper-20191102/scamper/scamper_control.c:2907:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(monitorname) + 1;
data/scamper-20191102/scamper/scamper_control.c:2940:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rrc = read(fd, buf, sizeof(buf))) < 0)
data/scamper-20191102/scamper/scamper_dl.c:938:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((len = read(fd, buf, node->readbuf_len)) == -1)
data/scamper-20191102/scamper/scamper_dl.c:1241:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ifname, "/dev/", sizeof(ifname));
data/scamper-20191102/scamper/scamper_dl.c:1490:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ifname, "<null>", sizeof(ifname)-1);
data/scamper-20191102/scamper/scamper_fds.c:82:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
scamper_fd_poll_t read; /* if monitored for read events */
data/scamper-20191102/scamper/scamper_fds.c:336:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fdn->read.node != NULL)
data/scamper-20191102/scamper/scamper_fds.c:337:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dlist_node_pop(fdn->read.list, fdn->read.node);
data/scamper-20191102/scamper/scamper_fds.c:337:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dlist_node_pop(fdn->read.list, fdn->read.node);
data/scamper-20191102/scamper/scamper_fds.c:390:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(fdn->read.list != NULL && dlist_islocked(fdn->read.list) != 0) ||
data/scamper-20191102/scamper/scamper_fds.c:390:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(fdn->read.list != NULL && dlist_islocked(fdn->read.list) != 0) ||
data/scamper-20191102/scamper/scamper_fds.c:652:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fd->read.cb(fd->fd, fd->read.param);
data/scamper-20191102/scamper/scamper_fds.c:652:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fd->read.cb(fd->fd, fd->read.param);
data/scamper-20191102/scamper/scamper_fds.c:686:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((fd->read.flags & SCAMPER_FD_POLL_FLAG_INACTIVE) != 0 &&
data/scamper-20191102/scamper/scamper_fds.c:705:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((fd->read.flags & SCAMPER_FD_POLL_FLAG_INACTIVE) == 0)
data/scamper-20191102/scamper/scamper_fds.c:824:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdp->read.cb(fd, fdp->read.param);
data/scamper-20191102/scamper/scamper_fds.c:824:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdp->read.cb(fd, fdp->read.param);
data/scamper-20191102/scamper/scamper_fds.c:858:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(fd->read.flags & SCAMPER_FD_POLL_FLAG_INACTIVE) == 0)))
data/scamper-20191102/scamper/scamper_fds.c:870:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(fd->read.flags & SCAMPER_FD_POLL_FLAG_INACTIVE) == 0)
data/scamper-20191102/scamper/scamper_fds.c:941:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdp->read.cb(fd, fdp->read.param);
data/scamper-20191102/scamper/scamper_fds.c:941:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdp->read.cb(fd, fdp->read.param);
data/scamper-20191102/scamper/scamper_fds.c:1048:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((fdn->read.node = dlist_node_alloc(&fdn->read)) == NULL)
data/scamper-20191102/scamper/scamper_fds.c:1048:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((fdn->read.node = dlist_node_alloc(&fdn->read)) == NULL)
data/scamper-20191102/scamper/scamper_fds.c:1052:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.fdn = fdn;
data/scamper-20191102/scamper/scamper_fds.c:1053:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.flags = SCAMPER_FD_POLL_FLAG_INACTIVE;
data/scamper-20191102/scamper/scamper_fds.c:1420:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(kq != -1 && (fdn->read.flags & SCAMPER_FD_POLL_FLAG_INACTIVE) == 0)
data/scamper-20191102/scamper/scamper_fds.c:1425:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(ep != -1 && (fdn->read.flags & SCAMPER_FD_POLL_FLAG_INACTIVE) == 0)
data/scamper-20191102/scamper/scamper_fds.c:1429:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.flags |= SCAMPER_FD_POLL_FLAG_INACTIVE;
data/scamper-20191102/scamper/scamper_fds.c:1441:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(fdn->read.cb != NULL);
data/scamper-20191102/scamper/scamper_fds.c:1443:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((fdn->read.flags & SCAMPER_FD_POLL_FLAG_INACTIVE) != 0)
data/scamper-20191102/scamper/scamper_fds.c:1445:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.flags &= ~(SCAMPER_FD_POLL_FLAG_INACTIVE);
data/scamper-20191102/scamper/scamper_fds.c:1461:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fdn->read.list != read_fds)
data/scamper-20191102/scamper/scamper_fds.c:1463:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dlist_node_head_push(read_queue, fdn->read.node);
data/scamper-20191102/scamper/scamper_fds.c:1464:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.list = read_queue;
data/scamper-20191102/scamper/scamper_fds.c:1533:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.cb = cb;
data/scamper-20191102/scamper/scamper_fds.c:1534:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.param = param;
data/scamper-20191102/scamper/scamper_fds.c:1552:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.cb = scamper_icmp4_read_cb;
data/scamper-20191102/scamper/scamper_fds.c:1565:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.cb = scamper_icmp6_read_cb;
data/scamper-20191102/scamper/scamper_fds.c:1579:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.cb = scamper_rtsock_read_cb;
data/scamper-20191102/scamper/scamper_fds.c:1674:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.cb = scamper_dl_read_cb;
data/scamper-20191102/scamper/scamper_fds.c:1675:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.param = fdn->fd_dl_dl;
data/scamper-20191102/scamper/scamper_fds.c:1734:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.cb = read_cb;
data/scamper-20191102/scamper/scamper_fds.c:1735:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fdn->read.param = param;
data/scamper-20191102/scamper/scamper_file.c:114:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(scamper_file_t *sf, scamper_file_filter_t *filter,
data/scamper-20191102/scamper/scamper_file.c:418:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(sf->type != SCAMPER_FILE_NONE && handlers[sf->type].read != NULL)
data/scamper-20191102/scamper/scamper_file.c:420:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return handlers[sf->type].read(sf, filter, type, object);
data/scamper-20191102/scamper/scamper_file.c:620:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, handlers[sf->type].type, len);
data/scamper-20191102/scamper/scamper_file_warts.c:187:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(str) + 1;
data/scamper-20191102/scamper/scamper_file_warts.c:769:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
handler = &handlers[id]; assert(handler->read != NULL);
data/scamper-20191102/scamper/scamper_file_warts.c:770:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(handler->read(buf, off, len, handler->data, handler->param) == -1)
data/scamper-20191102/scamper/scamper_file_warts.c:1340:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(list->name) + 1;
data/scamper-20191102/scamper/scamper_file_warts.h:156:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
wpr_t read;
data/scamper-20191102/scamper/scamper_firewall.c:841:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len = strlen(name)) == 0 || string_isprint(name, len) == 0)
data/scamper-20191102/scamper/scamper_firewall.c:903:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pfte.anchor, anchor, sizeof(pfte.anchor)-1);
data/scamper-20191102/scamper/scamper_firewall.c:920:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pfr.anchor, anchor, sizeof(pfr.anchor)-1);
data/scamper-20191102/scamper/scamper_firewall.c:1054:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name_str) < 1)
data/scamper-20191102/scamper/scamper_if.c:92:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ifname) + 1 > len)
data/scamper-20191102/scamper/scamper_if.c:98:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, ifname, len);
data/scamper-20191102/scamper/scamper_if.c:228:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ifname, "/dev/", sizeof(ifname));
data/scamper-20191102/scamper/scamper_privsep.c:440:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(name[plen] != '\0' || strlen(name) + 1 != plen)
data/scamper-20191102/scamper/scamper_privsep.c:1012:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(file) + 1;
data/scamper-20191102/scamper/scamper_privsep.c:1026:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(flags) + strlen(file) + 1;
data/scamper-20191102/scamper/scamper_privsep.c:1097:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(file) + 1;
data/scamper-20191102/scamper/scamper_privsep.c:1156:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(anchor) + 1;
data/scamper-20191102/scamper/scamper_privsep.c:1316:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
data/scamper-20191102/scamper/scamper_source_cmdline.c:46:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t addrlen = strlen(addr);
data/scamper-20191102/scamper/scamper_source_cmdline.c:98:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len = strlen(cmd);
data/scamper-20191102/scamper/scamper_source_file.c:194:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/scamper-20191102/scamper/scamper_source_file.c:247:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/scamper/scamper_source_file.c:537:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssf->command_len = strlen(ssf->command);
data/scamper-20191102/scamper/scamper_source_tsps.c:203:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/scamper/sting/scamper_sting_text.c:56:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/scamper-20191102/scamper/sting/scamper_sting_text.c:70:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/scamper-20191102/scamper/tbit/scamper_tbit_do.c:3964:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = strlen(param);
data/scamper-20191102/scamper/tbit/scamper_tbit_json.c:471:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pkt_lens[i] = strlen(pkts[i]);
data/scamper-20191102/scamper/tbit/scamper_tbit_json.c:478:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (header_len = strlen(header));
data/scamper-20191102/scamper/trace/scamper_trace_do.c:3969:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(param) % 2) != 0)
data/scamper-20191102/scamper/trace/scamper_trace_do.c:4180:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(opt->str);
data/scamper-20191102/scamper/trace/scamper_trace_json.c:186:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(header);
data/scamper-20191102/scamper/trace/scamper_trace_json.c:203:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(hops[j]);
data/scamper-20191102/scamper/trace/scamper_trace_text.c:294:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str_addr);
data/scamper-20191102/scamper/trace/scamper_trace_text.c:306:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str_rtt) + 3 + strlen(str_icmp);
data/scamper-20191102/scamper/trace/scamper_trace_text.c:306:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str_rtt) + 3 + strlen(str_icmp);
data/scamper-20191102/scamper/trace/scamper_trace_text.c:351:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str); spare = -1;
data/scamper-20191102/scamper/trace/scamper_trace_text.c:672:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(header) + 2;
data/scamper-20191102/scamper/trace/scamper_trace_text.c:683:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(hops[i]);
data/scamper-20191102/scamper/trace/scamper_trace_text.c:698:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(mtus[i]);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:162:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(rxs[j]);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:168:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(buf);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:221:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*off += strlen(str);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:463:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(header);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_json.c:478:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(nodes[nodec]);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_text.c:88:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/scamper-20191102/scamper/tracelb/scamper_tracelb_text.c:106:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/scamper-20191102/utils.c:145:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(file) + 1 > sizeof(sn->sun_path))
data/scamper-20191102/utils.c:1466:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((r = read(fd, buf+rc, rt-rc)) < 0)
data/scamper-20191102/utils.c:2195:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ss = read(fd, readbuf+readbuf_off, readbuf_len-readbuf_off-1)) >= 0)
data/scamper-20191102/utils/sc_ally/sc_ally.c:1778:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_attach/sc_attach.c:391:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scamper_writebuf_send(scamper_wb, command, strlen(command));
data/scamper-20191102/utils/sc_attach/sc_attach.c:416:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(stdin_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_attach/sc_attach.c:520:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_bdrmap/sc_bdrmap.c:5041:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_erosprober/sc_erosprober.c:671:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:718:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len = strlen(buf)) > maxaddr)
data/scamper-20191102/utils/sc_filterpolicy/sc_filterpolicy.c:1428:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:1672:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(r == 0) r = strlen(S);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:1673:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(n == 0) n = strlen(T);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:1963:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(eval_p) + 1;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2155:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fm.len = strlen(str) + 1;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2267:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(in) + sc_css_strlen(css) + 1;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2345:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(in) + strlen(lit) + 1;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2345:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(in) + strlen(lit) + 1;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2410:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(in) + 3;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2468:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((out = malloc(strlen(in) + 1)) == NULL)
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2570:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dup);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:2713:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fm.len = strlen(buf) + 1;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:3013:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = pcre2_match(rew->pcre[k], (PCRE2_SPTR)str, strlen(str), 0, 0,
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:3023:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = pcre_exec(rew->pcre[k], rew->study[k], str, strlen(str), 0, 0,
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:3638:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(re->regexes[i]->str);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:4021:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(in) * 3;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:4321:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iface->len = strlen(name);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:5162:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(ifd->label);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:8702:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
css_fm.len = strlen(css_fm.css) + 1;
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:9576:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
segl = strlen(ss->seg);
data/scamper-20191102/utils/sc_hoiho/sc_hoiho.c:9771:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(re->regexes[0]->str) * 3;
data/scamper-20191102/utils/sc_prefixscan/sc_prefixscan.c:1160:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_radargun/sc_radargun.c:1274:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:926:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off = strlen(sab);
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:1105:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rrc = read(ms->inet_fd.fd, buf, sizeof(buf))) < 0)
data/scamper-20191102/utils/sc_remoted/sc_remoted.c:1442:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(cn->unix_fd->fd, buf, sizeof(buf))) <= 0)
data/scamper-20191102/utils/sc_speedtrap/sc_speedtrap.c:2521:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_tbitblind/sc_tbitblind.c:581:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:741:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(url) > 300)
data/scamper-20191102/utils/sc_tbitpmtud/sc_tbitpmtud.c:845:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:708:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, up_sql, strlen(up_sql)+1, &stmt, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:715:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(stmt, 1, buf, strlen(buf), SQLITE_STATIC);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:716:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(stmt, 2, type, strlen(type), SQLITE_STATIC);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:735:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, in_sql, strlen(in_sql)+1, &stmt, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:742:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(stmt, 1, type, strlen(type), SQLITE_STATIC);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:743:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(stmt, 2, buf, strlen(buf), SQLITE_STATIC);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:781:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((x = sqlite3_prepare_v2(db,sql,strlen(sql)+1,&stmt,NULL)) != SQLITE_OK)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:787:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(stmt, 1, type, strlen(type), SQLITE_STATIC);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1091:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((rc = read(scamper_fd, buf, sizeof(buf))) > 0)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1253:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(st_addr_i, 1, buf, strlen(buf), SQLITE_TRANSIENT);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1428:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((x = sqlite3_prepare_v2(db,sql,strlen(sql)+1,&stmt,NULL)) != SQLITE_OK)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1462:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((x = sqlite3_prepare_v2(db,sql,strlen(sql)+1,&stmt,NULL)) != SQLITE_OK)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1547:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sql);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1772:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((x = sqlite3_prepare_v2(db,sql,strlen(sql)+1,&stmt,NULL)) != SQLITE_OK)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1811:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, sql, strlen(sql)+1, &st_addr_i, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1820:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, sql, strlen(sql)+1, &st_addr_u, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1875:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((x = sqlite3_prepare_v2(db,sql,strlen(sql)+1,&st_s,NULL)) != SQLITE_OK)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:1882:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((x = sqlite3_prepare_v2(db,sql,strlen(sql)+1,&st_d,NULL)) != SQLITE_OK)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2082:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((x = sqlite3_prepare_v2(db,sql,strlen(sql)+1,&stmt,NULL)) != SQLITE_OK)
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2118:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, sql, strlen(sql)+1, &st_filename_sel, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2126:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, sql, strlen(sql)+1, &st_filename_ins, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2134:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, sql, strlen(sql)+1, &st_addr_ins, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2142:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, sql, strlen(sql)+1, &st_addr_upd, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2152:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, buf, strlen(buf)+1, &st_sample_ins, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2181:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(st_filename_sel, 1, ptr, strlen(ptr), SQLITE_STATIC);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2224:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(st_addr_ins,1,buf,strlen(buf),SQLITE_STATIC);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:2321:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(st_filename_ins, 1, ptr, strlen(ptr), SQLITE_STATIC);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:3013:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, sql, strlen(sql)+1, &st, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:3025:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3_bind_text(st, 1, ptr, strlen(ptr), SQLITE_STATIC);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:3054:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = sqlite3_prepare_v2(db, sql, strlen(sql)+1, &st, NULL);
data/scamper-20191102/utils/sc_uptime/sc_uptime.c:3100:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((x = sqlite3_prepare_v2(db, sql, strlen(sql)+1, &st, NULL)) != SQLITE_OK)
data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c:58:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[1]);
data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c:89:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(in, hdr, 8);
data/scamper-20191102/utils/sc_wartsfix/sc_wartsfix.c:118:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(in, tmp+8, u32);
ANALYSIS SUMMARY:
Hits = 915
Lines analyzed = 137106 in approximately 2.99 seconds (45833 lines/second)
Physical Source Lines of Code (SLOC) = 103723
Hits@level = [0] 1692 [1] 196 [2] 655 [3] 29 [4] 32 [5] 3
Hits@level+ = [0+] 2607 [1+] 915 [2+] 719 [3+] 64 [4+] 35 [5+] 3
Hits/KSLOC@level+ = [0+] 25.1343 [1+] 8.82157 [2+] 6.93192 [3+] 0.617028 [4+] 0.337437 [5+] 0.0289232
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.