stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tcptrack-1.4.2/src/Collector.h
Examining data/tcptrack-1.4.2/src/PacketBuffer.h
Examining data/tcptrack-1.4.2/src/defs.h
Examining data/tcptrack-1.4.2/src/headers.h
Examining data/tcptrack-1.4.2/src/SortedIterator.h
Examining data/tcptrack-1.4.2/src/util.h
Examining data/tcptrack-1.4.2/src/TCPConnection.h
Examining data/tcptrack-1.4.2/src/Guesser.h
Examining data/tcptrack-1.4.2/src/TCPPacket.h
Examining data/tcptrack-1.4.2/src/IPv4Address.h
Examining data/tcptrack-1.4.2/src/IPv6Address.h
Examining data/tcptrack-1.4.2/src/TCPHeader.h
Examining data/tcptrack-1.4.2/src/TCPCapture.h
Examining data/tcptrack-1.4.2/src/TCPTrack.h
Examining data/tcptrack-1.4.2/src/SocketPair.h
Examining data/tcptrack-1.4.2/src/IPAddress.h
Examining data/tcptrack-1.4.2/src/AppError.h
Examining data/tcptrack-1.4.2/src/PcapError.h
Examining data/tcptrack-1.4.2/src/GenericError.h
Examining data/tcptrack-1.4.2/src/Collector.cc
Examining data/tcptrack-1.4.2/src/TextUI.cc
Examining data/tcptrack-1.4.2/src/util.cc
Examining data/tcptrack-1.4.2/src/TCPPacket.cc
Examining data/tcptrack-1.4.2/src/IPv4Address.cc
Examining data/tcptrack-1.4.2/src/IPv6Address.cc
Examining data/tcptrack-1.4.2/src/TCPHeader.cc
Examining data/tcptrack-1.4.2/src/TCPCapture.cc
Examining data/tcptrack-1.4.2/src/TCPTrack.cc
Examining data/tcptrack-1.4.2/src/SocketPair.cc
Examining data/tcptrack-1.4.2/src/IPAddress.cc
Examining data/tcptrack-1.4.2/src/AppError.cc
Examining data/tcptrack-1.4.2/src/PcapError.cc
Examining data/tcptrack-1.4.2/src/GenericError.cc
Examining data/tcptrack-1.4.2/src/Guesser.cc
Examining data/tcptrack-1.4.2/src/PacketBuffer.cc
Examining data/tcptrack-1.4.2/src/Sniffer.cc
Examining data/tcptrack-1.4.2/src/Sniffer.h
Examining data/tcptrack-1.4.2/src/SortedIterator.cc
Examining data/tcptrack-1.4.2/src/TCContainer.cc
Examining data/tcptrack-1.4.2/src/TCContainer.h
Examining data/tcptrack-1.4.2/src/TCPConnection.cc
Examining data/tcptrack-1.4.2/src/TextUI.h
Examining data/tcptrack-1.4.2/src/main.cc

FINAL RESULTS:

data/tcptrack-1.4.2/src/TCPTrack.cc:138:12:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while( (o=getopt(argc,argv,"dhvfi:pr:T:")) > 0 )
data/tcptrack-1.4.2/src/IPv4Address.cc:12:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ascii[16]; // 12 for octets, 3 dots, 1 null
data/tcptrack-1.4.2/src/IPv4Address.cc:20:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(ascii,"%d.%d.%d.%d",oc1,oc2,oc3,oc4);
data/tcptrack-1.4.2/src/IPv6Address.cc:22:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ascii[INET6_ADDRSTRLEN];
data/tcptrack-1.4.2/src/Sniffer.cc:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errbuf[PCAP_ERRBUF_SIZE]; // error messages stored here
data/tcptrack-1.4.2/src/TCPTrack.cc:156:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			cf.remto = atoi(optarg);
data/tcptrack-1.4.2/src/util.cc:72:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy( (void *)n->p, (void *)(p+ENET_HEADER_LEN+(vlan_frame ? VLAN_HEADER_LEN : 0)), n->len);
data/tcptrack-1.4.2/src/util.cc:90:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( (void *)n->p, (void *)(p+SLL_HEADER_LEN), n->len);
data/tcptrack-1.4.2/src/util.cc:102:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( (void *)n->p, (void *)(p), n->len);

ANALYSIS SUMMARY:

Hits = 9
Lines analyzed = 3855 in approximately 0.17 seconds (22818 lines/second)
Physical Source Lines of Code (SLOC) = 2521
Hits@level = [0]   3 [1]   0 [2]   8 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  12 [1+]   9 [2+]   9 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 4.76002 [1+] 3.57001 [2+] 3.57001 [3+] 0.396668 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.