Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtables.h Examining data/west-chamber-20100405+svn20111107.r124/extensions/libxt_CUI.c Examining data/west-chamber-20100405+svn20111107.r124/extensions/xt_gfw.c Examining data/west-chamber-20100405+svn20111107.r124/extensions/libxt_gfw.c Examining data/west-chamber-20100405+svn20111107.r124/extensions/compat_skbuff.h Examining data/west-chamber-20100405+svn20111107.r124/extensions/libxt_UDPENCAP.c Examining data/west-chamber-20100405+svn20111107.r124/extensions/xt_UDPENCAP.c Examining data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtnu.h Examining data/west-chamber-20100405+svn20111107.r124/extensions/libxt_ZHANG.c Examining data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtables.c Examining data/west-chamber-20100405+svn20111107.r124/extensions/compat_nfinetaddr.h Examining data/west-chamber-20100405+svn20111107.r124/extensions/xt_UDPENCAP.h Examining data/west-chamber-20100405+svn20111107.r124/extensions/xt_CUI.c Examining data/west-chamber-20100405+svn20111107.r124/extensions/xt_ZHANG.c Examining data/west-chamber-20100405+svn20111107.r124/include/linux/netfilter.h FINAL RESULTS: data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtables.c:161:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, nt->name, sizeof(nt->name)); data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtables.c:164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &nt, sizeof(void *)); data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtables.c:373:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, nt->name, sizeof(nt->name)); data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtables.c:376:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &nt, sizeof(void *)); data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtables.c:570:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(skb->data - hh_alen, hh->hh_data, hh_alen); data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtnu.h:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[sizeof(((struct xt_match *)NULL)->name) - 1 - sizeof(void *)]; data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtnu.h:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[sizeof(((struct xt_target *)NULL)->name) - 1 - sizeof(void *)]; data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtnu.h:127:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&q, m->name + sizeof(m->name) - sizeof(void *), sizeof(void *)); data/west-chamber-20100405+svn20111107.r124/extensions/compat_xtnu.h:134:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&q, t->name + sizeof(t->name) - sizeof(void *), sizeof(void *)); ANALYSIS SUMMARY: Hits = 9 Lines analyzed = 2099 in approximately 0.09 seconds (23738 lines/second) Physical Source Lines of Code (SLOC) = 1679 Hits@level = [0] 8 [1] 0 [2] 9 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 17 [1+] 9 [2+] 9 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 10.1251 [1+] 5.36033 [2+] 5.36033 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.