Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sendip-2.6/bgp.c
Examining data/sendip-2.6/compact.c
Examining data/sendip-2.6/dummy.c
Examining data/sendip-2.6/dummy.h
Examining data/sendip-2.6/gnugetopt.c
Examining data/sendip-2.6/gnugetopt.h
Examining data/sendip-2.6/gnugetopt1.c
Examining data/sendip-2.6/icmp.c
Examining data/sendip-2.6/icmp.h
Examining data/sendip-2.6/ipv6.c
Examining data/sendip-2.6/ipv6.h
Examining data/sendip-2.6/ntp.c
Examining data/sendip-2.6/ntp.h
Examining data/sendip-2.6/rip.h
Examining data/sendip-2.6/ripng.h
Examining data/sendip-2.6/sendip_module.h
Examining data/sendip-2.6/tcp.h
Examining data/sendip-2.6/types.h
Examining data/sendip-2.6/udp.c
Examining data/sendip-2.6/udp.h
Examining data/sendip-2.6/ipv4.c
Examining data/sendip-2.6/tcp.c
Examining data/sendip-2.6/ipv4.h
Examining data/sendip-2.6/sendip.c
Examining data/sendip-2.6/ripng.c
Examining data/sendip-2.6/csum.c
Examining data/sendip-2.6/rip.c
FINAL RESULTS:
data/sendip-2.6/ipv4.c:212:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char*)data,"0x%s",arg);
data/sendip-2.6/sendip.c:283:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newmod->name,modname);
data/sendip-2.6/sendip.c:286:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newmod->name,"./%s.so",modname);
data/sendip-2.6/sendip.c:289:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newmod->name,"%s/%s.so",SENDIP_LIBS,modname);
data/sendip-2.6/sendip.c:292:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newmod->name,"%s/%s",SENDIP_LIBS,modname);
data/sendip-2.6/sendip.c:308:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newmod->name,modname);
data/sendip-2.6/sendip.c:536:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%c%s",mod->optchar,mod->opts[j].optname);
data/sendip-2.6/sendip_module.h:38:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define usage_error(x) fprintf(stderr,x)
data/sendip-2.6/tcp.c:209:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char*)data,"0x%s",arg);
data/sendip-2.6/gnugetopt.h:125:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long (int __argc, char *const *__argv, const char *__shortopts,
data/sendip-2.6/gnugetopt1.c:70:5: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long (int argc, char *const *argv, const char *options,
data/sendip-2.6/gnugetopt1.c:118:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "abc:d:0123456789",
data/sendip-2.6/sendip.c:435:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL) ^ (getpid()+(42<<15)));
data/sendip-2.6/sendip.c:461:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i]=(char)random();
data/sendip-2.6/sendip.c:582:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
unsigned long r = (unsigned long)random()<<1;
data/sendip-2.6/icmp.c:37:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf,icmp_hdr->data,icmp_hdr->alloc_len);
data/sendip-2.6/icmp.c:38:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+icmp_hdr->alloc_len,data->data,data->alloc_len);
data/sendip-2.6/icmp.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+sizeof(phdr), hdr->data, hdr->alloc_len);
data/sendip-2.6/icmp.c:57:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+sizeof(phdr)+hdr->alloc_len, data->data, data->alloc_len);
data/sendip-2.6/icmp.c:61:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&phdr.source, src, sizeof(struct in6_addr));
data/sendip-2.6/icmp.c:62:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&phdr.destination, dst, sizeof(struct in6_addr));
data/sendip-2.6/icmp.c:66:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf, &phdr, sizeof(phdr));
data/sendip-2.6/ipv4.c:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_out,&ip,4);
data/sendip-2.6/ipv4.c:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((u_int8_t *)pack->data+pack->alloc_len+2,data,len-2);
data/sendip-2.6/ipv4.c:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ip->daddr),host->h_addr,host->h_length);
data/sendip-2.6/ipv4.c:301:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(data_in);
data/sendip-2.6/ipv4.c:318:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(data_in);
data/sendip-2.6/ipv4.c:343:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_out,&ip,4);
data/sendip-2.6/ipv4.c:349:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts = htonl(atoi(data_in));
data/sendip-2.6/ipv4.c:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_out,&ts,4);
data/sendip-2.6/ipv4.c:385:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int16_t sid = htons(atoi(arg));
data/sendip-2.6/ipv6.c:43:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ipv6->ip6_dst),host->h_addr,host->h_length);
data/sendip-2.6/ipv6.c:87:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr->ip6_src, &addr, sizeof(struct in6_addr));
data/sendip-2.6/ipv6.c:93:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr->ip6_dst, &addr, sizeof(struct in6_addr));
data/sendip-2.6/ntp.c:143:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ntp->reference.id,arg,strlen(arg));
data/sendip-2.6/ntp.h:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/sendip-2.6/rip.c:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&(ripopt->address), p, l);
data/sendip-2.6/sendip.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss_padding[122];
data/sendip-2.6/sendip.c:114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&to4->sin_addr, host->h_addr, host->h_length);
data/sendip-2.6/sendip.c:119:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&to6->sin6_addr, host->h_addr, host->h_length);
data/sendip-2.6/sendip.c:277:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmod,cur,sizeof(sendip_module));
data/sendip-2.6/sendip.c:411:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuff[31];
data/sendip-2.6/sendip.c:453:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
datalen = atoi(data+1);
data/sendip-2.6/sendip.c:477:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
datafile=open(gnuoptarg,O_RDONLY);
data/sendip-2.6/sendip.c:584:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rbuff,"%lu",r);
data/sendip-2.6/sendip.c:641:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)packet.data+i,mod->pack->data,mod->pack->alloc_len);
data/sendip-2.6/sendip.c:648:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(data != NULL) memcpy((char *)packet.data+i,data,datalen);
data/sendip-2.6/sendip.c:658:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdrs[num_modules];
data/sendip-2.6/tcp.c:45:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf,&(ip->saddr),sizeof(u_int32_t));
data/sendip-2.6/tcp.c:46:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(tempbuf[4]),&(ip->daddr),sizeof(u_int32_t));
data/sendip-2.6/tcp.c:52:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+12,tcp_hdr->data,tcp_hdr->alloc_len);
data/sendip-2.6/tcp.c:53:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+12+tcp_hdr->alloc_len,data->data,data->alloc_len);
data/sendip-2.6/tcp.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&phdr.source,&ipv6->ip6_src,sizeof(struct in6_addr));
data/sendip-2.6/tcp.c:76:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&phdr.destination,&ipv6->ip6_dst,sizeof(struct in6_addr));
data/sendip-2.6/tcp.c:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf,&phdr,sizeof(phdr));
data/sendip-2.6/tcp.c:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+sizeof(phdr),tcp_hdr->data,tcp_hdr->alloc_len);
data/sendip-2.6/tcp.c:83:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+sizeof(phdr)+tcp_hdr->alloc_len,data->data,data->alloc_len);
data/sendip-2.6/tcp.c:97:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((u_int8_t *)pack->data+pack->alloc_len+2,data,len-2);
data/sendip-2.6/tcp.c:224:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int16_t mss=htons(atoi(arg));
data/sendip-2.6/tcp.c:228:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int8_t wscale=atoi(arg);
data/sendip-2.6/tcp.c:263:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
le=atoi(arg);
data/sendip-2.6/tcp.c:271:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
re=atoi(arg);
data/sendip-2.6/tcp.c:276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, &le, 4);
data/sendip-2.6/tcp.c:277:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c+4, &re, 4);
data/sendip-2.6/tcp.c:294:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comb, &tsval, 4);
data/sendip-2.6/tcp.c:296:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comb+4, &tsecr, 4);
data/sendip-2.6/udp.c:38:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf,&(ip->saddr),sizeof(u_int32_t));
data/sendip-2.6/udp.c:39:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(tempbuf[4]),&(ip->daddr),sizeof(u_int32_t));
data/sendip-2.6/udp.c:45:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+12,udp_hdr->data,udp_hdr->alloc_len);
data/sendip-2.6/udp.c:46:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+12+udp_hdr->alloc_len,data->data,data->alloc_len);
data/sendip-2.6/udp.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&phdr.source,&ipv6->ip6_src,sizeof(struct in6_addr));
data/sendip-2.6/udp.c:69:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&phdr.destination,&ipv6->ip6_dst,sizeof(struct in6_addr));
data/sendip-2.6/udp.c:73:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf,&phdr,sizeof(phdr));
data/sendip-2.6/udp.c:76:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+sizeof(phdr),udp_hdr->data,udp_hdr->alloc_len);
data/sendip-2.6/udp.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf+sizeof(phdr)+udp_hdr->alloc_len,data->data,data->alloc_len);
data/sendip-2.6/bgp.c:572:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hdrs[strlen(hdrs) - 1] != 't') {
data/sendip-2.6/compact.c:64:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(data_in);
data/sendip-2.6/gnugetopt.c:231:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# if (!defined __STDC__ || !__STDC__) && !defined strlen
data/sendip-2.6/gnugetopt.c:234:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern int strlen (const char *);
data/sendip-2.6/gnugetopt.c:427:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = nonoption_flags_max_len = strlen (orig_str);
data/sendip-2.6/gnugetopt.c:650:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
== (unsigned int) strlen (p->name))
data/sendip-2.6/gnugetopt.c:677:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sendip-2.6/gnugetopt.c:709:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sendip-2.6/gnugetopt.c:725:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sendip-2.6/gnugetopt.c:730:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sendip-2.6/gnugetopt.c:836:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned int) (nameend - nextchar) == strlen (p->name))
data/sendip-2.6/gnugetopt.c:859:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sendip-2.6/gnugetopt.c:879:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sendip-2.6/gnugetopt.c:893:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sendip-2.6/gnugetopt.c:897:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sendip-2.6/icmp.c:105:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i=strlen(hdrs)-1;
data/sendip-2.6/ipv4.c:207:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int8_t *data = malloc(strlen(arg)+2);
data/sendip-2.6/ntp.c:142:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(arg)<=4) {
data/sendip-2.6/ntp.c:143:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(ntp->reference.id,arg,strlen(arg));
data/sendip-2.6/ntp.c:190:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(hdrs[strlen(hdrs)-1] != 'u') {
data/sendip-2.6/rip.c:64:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(p)+1;
data/sendip-2.6/rip.c:120:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(hdrs[strlen(hdrs)-1] != 'u') {
data/sendip-2.6/ripng.c:114:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(hdrs[strlen(hdrs)-1] != 'u') {
data/sendip-2.6/sendip.c:151:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(sockopts && strlen(sockopts)) {
data/sendip-2.6/sendip.c:154:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(sockopts);i++) {
data/sendip-2.6/sendip.c:282:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newmod->name=malloc(strlen(modname)+strlen(SENDIP_LIBS)+strlen(".so")+2);
data/sendip-2.6/sendip.c:282:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newmod->name=malloc(strlen(modname)+strlen(SENDIP_LIBS)+strlen(".so")+2);
data/sendip-2.6/sendip.c:282:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newmod->name=malloc(strlen(modname)+strlen(SENDIP_LIBS)+strlen(".so")+2);
data/sendip-2.6/sendip.c:535:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opts[i].name = s = malloc(strlen(mod->opts[j].optname)+2);
data/sendip-2.6/tcp.c:203:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int8_t *data = malloc(strlen(arg)+3);
data/sendip-2.6/tcp.c:336:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(hdrs[strlen(hdrs)-1]=='i') {
data/sendip-2.6/tcp.c:337:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(hdrs)-1;
data/sendip-2.6/tcp.c:345:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(hdrs[strlen(hdrs)-1]=='6') {
data/sendip-2.6/tcp.c:346:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(hdrs)-1;
data/sendip-2.6/udp.c:128:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(hdrs[strlen(hdrs)-1]=='i') {
data/sendip-2.6/udp.c:129:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(hdrs)-1;
data/sendip-2.6/udp.c:137:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(hdrs[strlen(hdrs)-1]=='6') {
data/sendip-2.6/udp.c:138:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(hdrs)-1;
ANALYSIS SUMMARY:
Hits = 113
Lines analyzed = 5223 in approximately 0.18 seconds (28739 lines/second)
Physical Source Lines of Code (SLOC) = 3751
Hits@level = [0] 128 [1] 38 [2] 60 [3] 6 [4] 9 [5] 0
Hits@level+ = [0+] 241 [1+] 113 [2+] 75 [3+] 15 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 64.2495 [1+] 30.1253 [2+] 19.9947 [3+] 3.99893 [4+] 2.39936 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.