Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tcludp-1.0.11/generic/udp_tcl.c
Examining data/tcludp-1.0.11/generic/udp_tcl.h
Examining data/tcludp-1.0.11/win/nmakehlp.c
FINAL RESULTS:
data/tcludp-1.0.11/generic/udp_tcl.c:82:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf /* trust Microsoft to complicate things */
data/tcludp-1.0.11/generic/udp_tcl.c:82:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf /* trust Microsoft to complicate things */
data/tcludp-1.0.11/generic/udp_tcl.c:456:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(remoteOptions, "%s %s",argv[2],argv[3] );
data/tcludp-1.0.11/generic/udp_tcl.c:649:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(statePtr->peerhost,hostaddr);
data/tcludp-1.0.11/generic/udp_tcl.c:650:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->r_host,hostaddr);
data/tcludp-1.0.11/generic/udp_tcl.c:1131:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(statePtr->peerhost, packets->r_host);
data/tcludp-1.0.11/generic/udp_tcl.c:1247:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifreq.ifr_name,Tcl_GetStringFromObj(nw_interface,&lenPtr));
data/tcludp-1.0.11/generic/udp_tcl.c:1398:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(op, "-%s", *p);
data/tcludp-1.0.11/generic/udp_tcl.c:1747:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(statePtr->remotehost, Tcl_GetString(hostPtr));
data/tcludp-1.0.11/generic/udp_tcl.c:1863:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(dbg, format, args);
data/tcludp-1.0.11/win/nmakehlp.c:139:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmdline, option);
data/tcludp-1.0.11/win/nmakehlp.c:234:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmdline, option);
data/tcludp-1.0.11/win/nmakehlp.c:143:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tcludp-1.0.11/win/nmakehlp.c:143:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tcludp-1.0.11/win/nmakehlp.c:238:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tcludp-1.0.11/win/nmakehlp.c:238:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tcludp-1.0.11/generic/udp_tcl.c:89:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errBuf[256];
data/tcludp-1.0.11/generic/udp_tcl.c:175:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbg = fopen("udp.dbg", "wt");
data/tcludp-1.0.11/generic/udp_tcl.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channelName[20];
data/tcludp-1.0.11/generic/udp_tcl.c:376:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(channelName, "sock%d", statePtr->sock);
data/tcludp-1.0.11/generic/udp_tcl.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remoteOptions[255];
data/tcludp-1.0.11/generic/udp_tcl.c:433:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
chan = Tcl_GetChannel(interp, (char *)argv[1], NULL);
data/tcludp-1.0.11/generic/udp_tcl.c:481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[17];
data/tcludp-1.0.11/generic/udp_tcl.c:491:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
chan = Tcl_GetChannel(interp, (char *)argv[1], NULL);
data/tcludp-1.0.11/generic/udp_tcl.c:498:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(argv[2]);
data/tcludp-1.0.11/generic/udp_tcl.c:595:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostaddr[256];
data/tcludp-1.0.11/generic/udp_tcl.c:597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remoteaddr[256];
data/tcludp-1.0.11/generic/udp_tcl.c:647:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
statePtr->peerport = atoi(portaddr);
data/tcludp-1.0.11/generic/udp_tcl.c:939:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errBuf, "udp_close: %d, error: %d\n", sock, errorCode);
data/tcludp-1.0.11/generic/udp_tcl.c:941:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errBuf, "udp_cose: %d, error: %d\n", sock, WSAGetLastError());
data/tcludp-1.0.11/generic/udp_tcl.c:1035:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sendaddrv6, result->ai_addr, result->ai_addrlen);
data/tcludp-1.0.11/generic/udp_tcl.c:1127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, packets->message, packets->actual_size);
data/tcludp-1.0.11/generic/udp_tcl.c:1282:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mreq.imr_multiaddr.s_addr, name->h_addr, sizeof(mreq.imr_multiaddr));
data/tcludp-1.0.11/generic/udp_tcl.c:1293:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mreq.imr_interface, &((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr, sizeof(struct in_addr));
data/tcludp-1.0.11/generic/udp_tcl.c:1397:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char op[16];
data/tcludp-1.0.11/generic/udp_tcl.c:1416:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Tcl_DStringValue(&ds), "%u", ntohs(statePtr->localport));
data/tcludp-1.0.11/generic/udp_tcl.c:1421:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Tcl_DStringValue(&dsInt), "%u",
data/tcludp-1.0.11/generic/udp_tcl.c:1431:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Tcl_DStringValue(&dsInt), "%u", statePtr->peerport);
data/tcludp-1.0.11/generic/udp_tcl.c:1450:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Tcl_DStringValue(&ds), "%d", tmp);
data/tcludp-1.0.11/generic/udp_tcl.c:1457:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Tcl_DStringValue(&ds), "%d", (int)tmp);
data/tcludp-1.0.11/generic/udp_tcl.c:1465:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Tcl_DStringValue(&ds), "%u", tmp);
data/tcludp-1.0.11/generic/udp_tcl.c:1855:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/tcludp-1.0.11/generic/udp_tcl.h:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_host[256];
data/tcludp-1.0.11/generic/udp_tcl.h:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remotehost[256]; /* send packets to */
data/tcludp-1.0.11/generic/udp_tcl.h:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peerhost[256]; /* receive packets from */
data/tcludp-1.0.11/win/nmakehlp.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/tcludp-1.0.11/win/nmakehlp.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tcludp-1.0.11/win/nmakehlp.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tcludp-1.0.11/win/nmakehlp.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/tcludp-1.0.11/win/nmakehlp.c:137:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdline, "cl.exe -nologo -c -TC -Fdtemp ");
data/tcludp-1.0.11/win/nmakehlp.c:141:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdline, " nul");
data/tcludp-1.0.11/win/nmakehlp.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tcludp-1.0.11/win/nmakehlp.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/tcludp-1.0.11/win/nmakehlp.c:232:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdline, "link.exe -nologo ");
data/tcludp-1.0.11/win/nmakehlp.c:319:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(file, "r");
data/tcludp-1.0.11/win/nmakehlp.c:344:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ofp = fopen("version.vc", "w");
data/tcludp-1.0.11/generic/udp_tcl.c:646:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hostaddr,remoteaddr,strlen(remoteaddr)-strlen(portaddr)-1);
data/tcludp-1.0.11/generic/udp_tcl.c:646:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(hostaddr,remoteaddr,strlen(remoteaddr)-strlen(portaddr)-1);
data/tcludp-1.0.11/generic/udp_tcl.c:646:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(hostaddr,remoteaddr,strlen(remoteaddr)-strlen(portaddr)-1);
data/tcludp-1.0.11/win/nmakehlp.c:162:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL);
data/tcludp-1.0.11/win/nmakehlp.c:257:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL);
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 2425 in approximately 0.08 seconds (31218 lines/second)
Physical Source Lines of Code (SLOC) = 1695
Hits@level = [0] 6 [1] 5 [2] 40 [3] 4 [4] 12 [5] 0
Hits@level+ = [0+] 67 [1+] 61 [2+] 56 [3+] 16 [4+] 12 [5+] 0
Hits/KSLOC@level+ = [0+] 39.528 [1+] 35.9882 [2+] 33.0383 [3+] 9.43953 [4+] 7.07965 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.