Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ssmping-0.9.1/ssmpngcl.c
Examining data/ssmping-0.9.1/ssmpingd.c
Examining data/ssmping-0.9.1/ssmpingc.c
Examining data/ssmping-0.9.1/ssmping.h
Examining data/ssmping-0.9.1/mcfirst.c
Examining data/ssmping-0.9.1/joingrp.c
Examining data/ssmping-0.9.1/joinch.c
Examining data/ssmping-0.9.1/asmping.c
Examining data/ssmping-0.9.1/ssmping.c
FINAL RESULTS:
data/ssmping-0.9.1/asmping.c:74:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(source, addr2string((struct sockaddr *)&ucaddr, namelen));
data/ssmping-0.9.1/ssmping.c:76:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(source, addr2string((struct sockaddr *)&ucaddr, namelen));
data/ssmping-0.9.1/ssmpingc.c:17:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/ssmping-0.9.1/ssmpingc.c:33:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/ssmping-0.9.1/ssmpngcl.c:477:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srvname, "_ldap._tcp.%s", name);
data/ssmping-0.9.1/ssmpngcl.c:713:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/ssmping-0.9.1/ssmpngcl.c:722:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/ssmping-0.9.1/ssmpngcl.c:731:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/ssmping-0.9.1/ssmpngcl.c:625:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv,
data/ssmping-0.9.1/asmping.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pingee, *group, source[INET6_ADDRSTRLEN];
data/ssmping-0.9.1/joinch.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gsreq.gsr_source, src, addrlen);
data/ssmping-0.9.1/joinch.c:62:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gsreq.gsr_group, grp, addrlen);
data/ssmping-0.9.1/joingrp.c:62:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&greq.gr_group, grp, addrlen);
data/ssmping-0.9.1/mcfirst.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *addr1, *addr2, *srv, recvbuf[65535];
data/ssmping-0.9.1/ssmping.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pingee, *group, source[INET6_ADDRSTRLEN];
data/ssmping-0.9.1/ssmpingc.c:57:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in *)ss)->sin_addr,
data/ssmping-0.9.1/ssmpingc.c:65:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in6 *)ss)->sin6_addr,
data/ssmping-0.9.1/ssmpingc.c:82:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char addr_buf[2][INET6_ADDRSTRLEN];
data/ssmping-0.9.1/ssmpingc.c:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, 2);
data/ssmping-0.9.1/ssmpingc.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, 2);
data/ssmping-0.9.1/ssmpingc.c:109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, v, l);
data/ssmping-0.9.1/ssmpingc.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, 2);
data/ssmping-0.9.1/ssmpingc.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &tmp, 2);
data/ssmping-0.9.1/ssmpingd.c:62:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, p, 2);
data/ssmping-0.9.1/ssmpingd.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, p, 2);
data/ssmping-0.9.1/ssmpingd.c:82:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rqsize, v, 2);
data/ssmping-0.9.1/ssmpingd.c:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in *)group)->sin_addr, v + 1, 4);
data/ssmping-0.9.1/ssmpingd.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in6 *)group)->sin6_addr, v + 1, 16);
data/ssmping-0.9.1/ssmpingd.c:117:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char groupid[4] = { 0x43, 0x21, 0x12, 0x34 };
data/ssmping-0.9.1/ssmpingd.c:126:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inbuf[65535], outbuf[65535];
data/ssmping-0.9.1/ssmpingd.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[10240];
data/ssmping-0.9.1/ssmpingd.c:172:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf + 1, inbuf + 1, incnt - 1);
data/ssmping-0.9.1/ssmpngcl.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[1024];
data/ssmping-0.9.1/ssmpngcl.c:404:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, p, 2);
data/ssmping-0.9.1/ssmpngcl.c:407:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, p, 2);
data/ssmping-0.9.1/ssmpngcl.c:420:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, v, 4);
data/ssmping-0.9.1/ssmpngcl.c:427:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, v, 4);
data/ssmping-0.9.1/ssmpngcl.c:434:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, v, 4);
data/ssmping-0.9.1/ssmpngcl.c:436:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, v + 4, 4);
data/ssmping-0.9.1/ssmpngcl.c:446:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*verstring, v, l);
data/ssmping-0.9.1/ssmpngcl.c:557:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mcsa, res1->ai_addr, res1->ai_addrlen);
data/ssmping-0.9.1/ssmpngcl.c:564:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ucsa, res1->ai_addr, res1->ai_addrlen);
data/ssmping-0.9.1/ssmpngcl.c:594:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mcsa, res1->ai_addr, res1->ai_addrlen);
data/ssmping-0.9.1/ssmpngcl.c:595:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ucsa, res2->ai_addr, res2->ai_addrlen);
data/ssmping-0.9.1/ssmpngcl.c:599:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ucsa, res1->ai_addr, res1->ai_addrlen);
data/ssmping-0.9.1/ssmpngcl.c:600:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mcsa, res2->ai_addr, res2->ai_addrlen);
data/ssmping-0.9.1/ssmpngcl.c:655:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*count = atoi(optarg);
data/ssmping-0.9.1/ssmpngcl.c:661:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*size = atoi(optarg);
data/ssmping-0.9.1/ssmpngcl.c:667:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*runtime = atoi(optarg);
data/ssmping-0.9.1/ssmpngcl.c:764:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mc, sendbuf[1024], recvbuf[1024], *sendtimestamp, *verstring = NULL;
data/ssmping-0.9.1/ssmpngcl.c:816:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendseq, &u32t, 4);
data/ssmping-0.9.1/ssmpngcl.c:818:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendtimestamp, &u32t, 4);
data/ssmping-0.9.1/ssmpngcl.c:820:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendtimestamp + 4, &u32t, 4);
data/ssmping-0.9.1/ssmpingd.c:177:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rqver && (p + tlvspace(strlen(SSMPING_SERVERVERSIONSTRING)) < outbuf + outbuflen)) {
data/ssmping-0.9.1/ssmpingd.c:178:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = tlvadd(p, SSMPING_VER, strlen(SSMPING_SERVERVERSIONSTRING), SSMPING_SERVERVERSIONSTRING);
data/ssmping-0.9.1/ssmpingd.c:179:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(SSMPING_SERVERVERSIONSTRING);
data/ssmping-0.9.1/ssmpngcl.c:476:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srvname = malloc(strlen(name) + strlen("_ldap._tcp.") + 1);
data/ssmping-0.9.1/ssmpngcl.c:476:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srvname = malloc(strlen(name) + strlen("_ldap._tcp.") + 1);
ANALYSIS SUMMARY:
Hits = 58
Lines analyzed = 2036 in approximately 0.08 seconds (25591 lines/second)
Physical Source Lines of Code (SLOC) = 1640
Hits@level = [0] 60 [1] 5 [2] 44 [3] 1 [4] 8 [5] 0
Hits@level+ = [0+] 118 [1+] 58 [2+] 53 [3+] 9 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 71.9512 [1+] 35.3659 [2+] 32.3171 [3+] 5.4878 [4+] 4.87805 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.