Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tftp-hpa-5.2+20150808/common/tftpsubs.c Examining data/tftp-hpa-5.2+20150808/common/tftpsubs.h Examining data/tftp-hpa-5.2+20150808/config.h Examining data/tftp-hpa-5.2+20150808/lib/bsdsignal.c Examining data/tftp-hpa-5.2+20150808/lib/daemon.c Examining data/tftp-hpa-5.2+20150808/lib/dup2.c Examining data/tftp-hpa-5.2+20150808/lib/getaddrinfo.c Examining data/tftp-hpa-5.2+20150808/lib/getopt.h Examining data/tftp-hpa-5.2+20150808/lib/getopt_long.c Examining data/tftp-hpa-5.2+20150808/lib/inet_ntop.c Examining data/tftp-hpa-5.2+20150808/lib/xmalloc.c Examining data/tftp-hpa-5.2+20150808/lib/xstrdup.c Examining data/tftp-hpa-5.2+20150808/tftp/extern.h Examining data/tftp-hpa-5.2+20150808/tftp/main.c Examining data/tftp-hpa-5.2+20150808/tftp/tftp.c Examining data/tftp-hpa-5.2+20150808/tftpd/misc.c Examining data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c Examining data/tftp-hpa-5.2+20150808/tftpd/recvfrom.h Examining data/tftp-hpa-5.2+20150808/tftpd/remap.c Examining data/tftp-hpa-5.2+20150808/tftpd/remap.h Examining data/tftp-hpa-5.2+20150808/tftpd/tftpd.c Examining data/tftp-hpa-5.2+20150808/tftpd/tftpd.h FINAL RESULTS: data/tftp-hpa-5.2+20150808/lib/inet_ntop.c:25:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, p); data/tftp-hpa-5.2+20150808/tftp/main.c:193:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/tftp-hpa-5.2+20150808/tftp/main.c:383:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line, partial); data/tftp-hpa-5.2+20150808/tftp/main.c:384:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line + len, eline); data/tftp-hpa-5.2+20150808/tftp/main.c:393:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line, partial); data/tftp-hpa-5.2+20150808/tftp/main.c:594:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cp, tail(argv[n])); data/tftp-hpa-5.2+20150808/tftp/tftp.c:285:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cp, name); data/tftp-hpa-5.2+20150808/tftp/tftp.c:288:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cp, mode); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1321:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. retlen = sprintf(retbuf, "%"PRIuMAX, v); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1361:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output, p); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1382:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output, tb); data/tftp-hpa-5.2+20150808/lib/getopt.h:20:5: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt_long(int, char *const *, const char *, data/tftp-hpa-5.2+20150808/lib/getopt_long.c:36:5: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt_long(int argc, char *const *argv, const char *optstring, data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:393:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL) ^ getpid()); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:395:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, short_options, long_options, NULL)) data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:995:13: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chroot(".")) { data/tftp-hpa-5.2+20150808/common/tftpsubs.c:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PKTSIZE]; /* room for data packet */ data/tftp-hpa-5.2+20150808/common/tftpsubs.c:239:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[PKTSIZE]; data/tftp-hpa-5.2+20150808/common/tftpsubs.c:319:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, addrResult->ai_addr, addrResult->ai_addrlen); data/tftp-hpa-5.2+20150808/lib/daemon.c:18:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((nullfd = open("/dev/null", O_RDWR)) < 0 || data/tftp-hpa-5.2+20150808/lib/getaddrinfo.c:81:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((struct sockaddr_in *)sa)->sin_addr, host->h_addr, host->h_length); data/tftp-hpa-5.2+20150808/lib/getaddrinfo.c:84:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((struct sockaddr_in6 *)sa)->sin6_addr, host->h_addr, host->h_length); data/tftp-hpa-5.2+20150808/lib/getopt_long.c:125:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. optarg = (char *)argv[optind+1]; data/tftp-hpa-5.2+20150808/lib/inet_ntop.c:41:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%x:", ntohs(a->s6_addr16[i])); data/tftp-hpa-5.2+20150808/tftp/main.c:93:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LBUFLEN]; data/tftp-hpa-5.2+20150808/tftp/main.c:96:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *margv[20]; data/tftp-hpa-5.2+20150808/tftp/main.c:211:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *peerargv[3]; data/tftp-hpa-5.2+20150808/tftp/main.c:466:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[INET6_ADDRSTRLEN], *tp; data/tftp-hpa-5.2+20150808/tftp/main.c:576:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(cp, O_RDONLY | mode->m_openflags); data/tftp-hpa-5.2+20150808/tftp/main.c:595:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(argv[n], O_RDONLY | mode->m_openflags); data/tftp-hpa-5.2+20150808/tftp/main.c:662:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(cp, O_WRONLY | O_CREAT | O_TRUNC | mode->m_openflags, data/tftp-hpa-5.2+20150808/tftp/main.c:677:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(cp, O_WRONLY | O_CREAT | O_TRUNC | mode->m_openflags, data/tftp-hpa-5.2+20150808/tftp/main.c:714:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t = atoi(argv[1]); data/tftp-hpa-5.2+20150808/tftp/main.c:737:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t = atoi(argv[1]); data/tftp-hpa-5.2+20150808/tftp/tftp.c:49:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ackbuf[PKTSIZE]; data/tftp-hpa-5.2+20150808/tftp/tftp.c:339:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tp->th_msg, msg, length); data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:65:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa1, addr, sizeof sa1); data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:129:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in.sin_addr, (const char *)&myaddr->s6.sin6_addr + data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:131:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&myaddr->si, &in, sizeof in); data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:149:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_addr)) + data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:152:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct in_addr))]; data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:156:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control6[CMSG_SPACE(sizeof(struct in6_addr)) + data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:159:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control6[CMSG_SPACE(sizeof(struct in6_addr))]; data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:217:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&myaddr->si.sin_addr, CMSG_DATA(cmptr), data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:225:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pktinfo, CMSG_DATA(cmptr), data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:227:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&myaddr->si.sin_addr, &pktinfo.ipi_addr, data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:238:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&myaddr->s6.sin6_addr, CMSG_DATA(cmptr), data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:249:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pktinfo6, CMSG_DATA(cmptr), data/tftp-hpa-5.2+20150808/tftpd/recvfrom.c:251:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&myaddr->s6.sin6_addr, &pktinfo6.ipi6_addr, data/tftp-hpa-5.2+20150808/tftpd/remap.c:75:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string, input, pmatch[0].rm_so); data/tftp-hpa-5.2+20150808/tftpd/remap.c:147:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string, input + pmatch[0].rm_eo, endbytes); data/tftp-hpa-5.2+20150808/tftpd/remap.c:193:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAXLINE]; data/tftp-hpa-5.2+20150808/tftpd/remap.c:265:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[BUFSIZ]; data/tftp-hpa-5.2+20150808/tftpd/remap.c:286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXLINE]; data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:89:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[PKTSIZE]; data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:90:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ackbuf[PKTSIZE]; data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:93:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmpbuf[INET6_ADDRSTRLEN], *tmp_p; data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:170:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rt"); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:427:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). waittime = atoi(optarg); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:500:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). verbosity = atoi(optarg); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:743:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pf = fopen (pidfile, "w"); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:903:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SOCKADDR_P(&myaddr), &bindaddr4.sin_addr, data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:909:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SOCKADDR_P(&myaddr), &bindaddr6.sin6_addr, data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:954:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmpbuf, "???"); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1122:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmpbuf, "???"); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1300:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char retbuf[OPTBUFSIZE]; data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1328:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, opt, optlen+1); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1330:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, retbuf, retlen+1); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1353:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, tb[INET6_ADDRSTRLEN]; data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1370:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(output, "%08lX", data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1378:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(p, "%02X", *c); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stdio_mode[3]; data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1484:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, mode == RRQ ? rmode : wmode, 0666); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1777:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tp->th_msg, msg, length); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1785:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmpbuf, "???"); data/tftp-hpa-5.2+20150808/common/tftpsubs.c:133:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b->counter = read(fileno(file), dp->th_data, segsize); data/tftp-hpa-5.2+20150808/common/tftpsubs.c:146:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(file); data/tftp-hpa-5.2+20150808/common/tftpsubs.c:397:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = addr + strlen(addr); data/tftp-hpa-5.2+20150808/lib/getopt_long.c:107:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((uintptr_t) (pvt.optptr - carg) > (uintptr_t) strlen(carg)) { data/tftp-hpa-5.2+20150808/lib/inet_ntop.c:21:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cnt <= strlen(p)) { data/tftp-hpa-5.2+20150808/tftp/main.c:371:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(partial); data/tftp-hpa-5.2+20150808/tftp/main.c:376:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). elen = strlen(eline); data/tftp-hpa-5.2+20150808/tftp/main.c:391:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(partial); data/tftp-hpa-5.2+20150808/tftp/tftp.c:286:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(name); data/tftp-hpa-5.2+20150808/tftp/tftp.c:289:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(mode); data/tftp-hpa-5.2+20150808/tftp/tftp.c:338:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(msg) + 1; data/tftp-hpa-5.2+20150808/tftpd/remap.c:72:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). endbytes = strlen(input) - pmatch[0].rm_eo; data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:787:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(my_umask); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1320:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optlen = strlen(opt); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1365:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(p); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1383:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tb); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1455:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filename); data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1465:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(filename, *dirp, strlen(*dirp)) == 0) data/tftp-hpa-5.2+20150808/tftpd/tftpd.c:1776:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(msg) + 1; ANALYSIS SUMMARY: Hits = 94 Lines analyzed = 5491 in approximately 0.16 seconds (33848 lines/second) Physical Source Lines of Code (SLOC) = 4126 Hits@level = [0] 149 [1] 19 [2] 59 [3] 5 [4] 11 [5] 0 Hits@level+ = [0+] 243 [1+] 94 [2+] 75 [3+] 16 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 58.8948 [1+] 22.7824 [2+] 18.1774 [3+] 3.87785 [4+] 2.66602 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.