Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tcpxtract-1.0.1/search.h Examining data/tcpxtract-1.0.1/conf.h Examining data/tcpxtract-1.0.1/extract.h Examining data/tcpxtract-1.0.1/search.c Examining data/tcpxtract-1.0.1/confy.h Examining data/tcpxtract-1.0.1/sessionlist.h Examining data/tcpxtract-1.0.1/util.h Examining data/tcpxtract-1.0.1/confy.c Examining data/tcpxtract-1.0.1/util.c Examining data/tcpxtract-1.0.1/conf.c Examining data/tcpxtract-1.0.1/confl.c Examining data/tcpxtract-1.0.1/sessionlist.c Examining data/tcpxtract-1.0.1/tcpxtract.c Examining data/tcpxtract-1.0.1/extract.c FINAL RESULTS: data/tcpxtract-1.0.1/confy.c:502:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/tcpxtract-1.0.1/tcpxtract.c:287:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output_prefix, optarg); data/tcpxtract-1.0.1/util.c:41:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, args); data/tcpxtract-1.0.1/tcpxtract.c:269:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "f:d:o:c:hv", long_options, &option_index); data/tcpxtract-1.0.1/extract.c:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[FILENAME_BUFFER_SIZE] = {'\0'}; /* buffer to snprintf our filename to */ data/tcpxtract-1.0.1/extract.c:117:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). while ((retval = open(fname, O_WRONLY|O_CREAT|O_EXCL, S_IRWXU)) == -1); data/tcpxtract-1.0.1/search.c:74:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[3] = {'\0'}; data/tcpxtract-1.0.1/sessionlist.c:61:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*last_slist)->connection, conn, sizeof (*conn)); data/tcpxtract-1.0.1/tcpxtract.c:200:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(conn.eth_src, ethernet->ether_shost, ETHER_ADDR_LEN); data/tcpxtract-1.0.1/tcpxtract.c:201:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(conn.eth_dst, ethernet->ether_dhost, ETHER_ADDR_LEN); data/tcpxtract-1.0.1/tcpxtract.c:241:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PCAP_ERRBUF_SIZE]; /* Error buffer */ data/tcpxtract-1.0.1/tcpxtract.c:306:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). yyin = fopen(yyinfname, "r"); data/tcpxtract-1.0.1/util.c:49:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, &ip, 4); data/tcpxtract-1.0.1/confl.c:484:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/tcpxtract-1.0.1/confy.c:623:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/tcpxtract-1.0.1/search.c:48:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). speclen = strlen(spec); data/tcpxtract-1.0.1/tcpxtract.c:285:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (optarg[strlen(optarg) - 1] != '/') { data/tcpxtract-1.0.1/tcpxtract.c:286:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output_prefix = emalloc(strlen(optarg) + 2); data/tcpxtract-1.0.1/tcpxtract.c:288:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output_prefix[strlen(optarg)] = '/'; data/tcpxtract-1.0.1/tcpxtract.c:289:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output_prefix[strlen(optarg) + 1] = '\0'; ANALYSIS SUMMARY: Hits = 20 Lines analyzed = 4452 in approximately 0.12 seconds (37350 lines/second) Physical Source Lines of Code (SLOC) = 2884 Hits@level = [0] 16 [1] 7 [2] 9 [3] 1 [4] 3 [5] 0 Hits@level+ = [0+] 36 [1+] 20 [2+] 13 [3+] 4 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 12.4827 [1+] 6.93481 [2+] 4.50763 [3+] 1.38696 [4+] 1.04022 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.