Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/wide-dhcpv6-20080615/addrconf.h
Examining data/wide-dhcpv6-20080615/auth.c
Examining data/wide-dhcpv6-20080615/auth.h
Examining data/wide-dhcpv6-20080615/base64.c
Examining data/wide-dhcpv6-20080615/base64.h
Examining data/wide-dhcpv6-20080615/cfparse.c
Examining data/wide-dhcpv6-20080615/control.h
Examining data/wide-dhcpv6-20080615/dhcp6_ctl.h
Examining data/wide-dhcpv6-20080615/dhcp6c.h
Examining data/wide-dhcpv6-20080615/dhcp6c_ia.h
Examining data/wide-dhcpv6-20080615/lease.h
Examining data/wide-dhcpv6-20080615/prefixconf.h
Examining data/wide-dhcpv6-20080615/timer.h
Examining data/wide-dhcpv6-20080615/y.tab.h
Examining data/wide-dhcpv6-20080615/missing/arc4random.h
Examining data/wide-dhcpv6-20080615/missing/strlcat.c
Examining data/wide-dhcpv6-20080615/missing/strlcpy.c
Examining data/wide-dhcpv6-20080615/missing/daemon.c
Examining data/wide-dhcpv6-20080615/missing/err.h
Examining data/wide-dhcpv6-20080615/missing/warnx.c
Examining data/wide-dhcpv6-20080615/missing/ifaddrs.h
Examining data/wide-dhcpv6-20080615/missing/sys/queue.h
Examining data/wide-dhcpv6-20080615/missing/arc4random.c
Examining data/wide-dhcpv6-20080615/missing/getifaddrs.c
Examining data/wide-dhcpv6-20080615/common.h
Examining data/wide-dhcpv6-20080615/dhcp6c_ia.c
Examining data/wide-dhcpv6-20080615/dhcp6c_script.c
Examining data/wide-dhcpv6-20080615/dhcp6relay_script.c
Examining data/wide-dhcpv6-20080615/lease.c
Examining data/wide-dhcpv6-20080615/timer.c
Examining data/wide-dhcpv6-20080615/addrconf.c
Examining data/wide-dhcpv6-20080615/cftoken.c
Examining data/wide-dhcpv6-20080615/dhcp6_ctlclient.c
Examining data/wide-dhcpv6-20080615/dhcp6relay.c
Examining data/wide-dhcpv6-20080615/if.c
Examining data/wide-dhcpv6-20080615/common.c
Examining data/wide-dhcpv6-20080615/dhcp6.h
Examining data/wide-dhcpv6-20080615/dhcp6c.c
Examining data/wide-dhcpv6-20080615/dhcp6_ctl.c
Examining data/wide-dhcpv6-20080615/dhcp6s.c
Examining data/wide-dhcpv6-20080615/config.h
Examining data/wide-dhcpv6-20080615/prefixconf.c
Examining data/wide-dhcpv6-20080615/config.c
FINAL RESULTS:
data/wide-dhcpv6-20080615/cfparse.c:940:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/wide-dhcpv6-20080615/cftoken.c:2495:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bp += vsnprintf(bp, ep - bp, s, ap);
data/wide-dhcpv6-20080615/common.c:3235:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logbuf, sizeof(logbuf), fmt, ap);
data/wide-dhcpv6-20080615/dhcp6c.c:2210:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logbuf, sizeof(logbuf), fmt, ap);
data/wide-dhcpv6-20080615/missing/getifaddrs.c:121:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(ifa->ifa_name = buf, lifrp->lifr_name);
data/wide-dhcpv6-20080615/missing/warnx.c:46:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(stderr, fmt, args);
data/wide-dhcpv6-20080615/missing/warnx.c:57:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(stderr, fmt, args);
data/wide-dhcpv6-20080615/common.c:843:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (x + ((y - x) * (ratio - 1) / random() & (ratio - 1)));
data/wide-dhcpv6-20080615/common.c:2857:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ev->retrans = (random() % (SOL_MAX_DELAY));
data/wide-dhcpv6-20080615/common.c:2867:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = (double)((random() % 1000) + 1) / 10000;
data/wide-dhcpv6-20080615/common.c:2870:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = (double)((random() % 2000) - 1000) / 10000;
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:96:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "CSa:k:p:")) != -1) {
data/wide-dhcpv6-20080615/dhcp6c.c:165:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL) & getpid());
data/wide-dhcpv6-20080615/dhcp6c.c:173:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "c:dDfik:p:P:")) != -1) {
data/wide-dhcpv6-20080615/dhcp6c.c:1225:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ev->xid = random() & DH6_XIDMASK;
data/wide-dhcpv6-20080615/dhcp6relay.c:149:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, "b:dDfH:r:s:S:p:")) != -1) {
data/wide-dhcpv6-20080615/dhcp6s.c:253:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL) & getpid());
data/wide-dhcpv6-20080615/dhcp6s.c:254:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "c:dDfk:n:p:P:")) != -1) {
data/wide-dhcpv6-20080615/auth.c:88:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[HMACMD5_KEYLENGTH];
data/wide-dhcpv6-20080615/auth.c:130:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5_DIGESTLENGTH];
data/wide-dhcpv6-20080615/auth.c:149:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + off, digest, MD5_DIGESTLENGTH);
data/wide-dhcpv6-20080615/auth.c:163:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MD5_DIGESTLENGTH];
data/wide-dhcpv6-20080615/auth.c:186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + off, digest, sizeof(digest));
data/wide-dhcpv6-20080615/auth.c:201:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipad[PADLEN];
data/wide-dhcpv6-20080615/auth.c:211:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key, key, len);
data/wide-dhcpv6-20080615/auth.c:244:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opad[PADLEN];
data/wide-dhcpv6-20080615/auth.c:266:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char newdigest[MD5_DIGESTLENGTH];
data/wide-dhcpv6-20080615/auth.c:440:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char *)ctx->in + 64 - t, buf, len);
data/wide-dhcpv6-20080615/auth.c:444:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char *)ctx->in + 64 - t, buf, t);
data/wide-dhcpv6-20080615/auth.c:452:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/wide-dhcpv6-20080615/auth.c:460:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/wide-dhcpv6-20080615/auth.c:495:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, ctx->buf, 16);
data/wide-dhcpv6-20080615/base64.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->dst, base, length);
data/wide-dhcpv6-20080615/base64.c:103:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/wide-dhcpv6-20080615/cfparse.c:2789:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/wide-dhcpv6-20080615/cfparse.c:2806:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/wide-dhcpv6-20080615/cftoken.c:2489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[BUFSIZ], *bp, *ep;
data/wide-dhcpv6-20080615/cftoken.c:2543:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "re");
data/wide-dhcpv6-20080615/cftoken.c:2545:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "r");
data/wide-dhcpv6-20080615/cftoken.c:2570:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((yyin = fopen(configfilename, "re")) == NULL) {
data/wide-dhcpv6-20080615/cftoken.c:2572:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((yyin = fopen(configfilename, "r")) == NULL) {
data/wide-dhcpv6-20080615/common.c:329:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->dv_buf, src->dv_buf, dst->dv_len);
data/wide-dhcpv6-20080615/common.c:415:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in6, &d->val_addr6, sizeof(*in6));
data/wide-dhcpv6-20080615/common.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXDNAME + 1];
data/wide-dhcpv6-20080615/common.c:474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXDNAME], *cp, *ep;
data/wide-dhcpv6-20080615/common.c:513:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, name, nlen);
data/wide-dhcpv6-20080615/common.c:623:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, authparam, sizeof(*dst));
data/wide-dhcpv6-20080615/common.c:718:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin6, ifa->ifa_addr, sysdep_sa_len(ifa->ifa_addr));
data/wide-dhcpv6-20080615/common.c:732:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
data/wide-dhcpv6-20080615/common.c:744:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
data/wide-dhcpv6-20080615/common.c:890:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char addrbuf[8][NI_MAXHOST];
data/wide-dhcpv6-20080615/common.c:999:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[256]; /* DUID should be no more than 256 bytes */
data/wide-dhcpv6-20080615/common.c:1001:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(idfile, "r")) == NULL && errno != ENOENT)
data/wide-dhcpv6-20080615/common.c:1048:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(dp + 1), tmpbuf, (len - sizeof(*dp)));
data/wide-dhcpv6-20080615/common.c:1056:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(idfile, "w+")) == NULL) {
data/wide-dhcpv6-20080615/common.c:1099:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXPATHLEN], *cp;
data/wide-dhcpv6-20080615/common.c:1119:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_RDWR | O_CLOEXEC)) == -1) {
data/wide-dhcpv6-20080615/common.c:1121:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_RDWR)) == -1) {
data/wide-dhcpv6-20080615/common.c:1136:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dlar.dl_ppa = atoi(cp);
data/wide-dhcpv6-20080615/common.c:1139:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_RDWR | O_CLOEXEC)) == -1)
data/wide-dhcpv6-20080615/common.c:1141:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_RDWR)) == -1)
data/wide-dhcpv6-20080615/common.c:1211:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(buf, (char *)getbuf + dlpaa->dl_addr_offset,
data/wide-dhcpv6-20080615/common.c:1296:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, LLADDR(sdl), sdl->sdl_alen);
data/wide-dhcpv6-20080615/common.c:1309:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sll->sll_addr, sll->sll_halen);
data/wide-dhcpv6-20080615/common.c:1444:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->relaymsg_msg, src->relaymsg_msg,
data/wide-dhcpv6-20080615/common.c:1452:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->ifidopt_id, src->ifidopt_id, src->ifidopt_len);
data/wide-dhcpv6-20080615/common.c:1471:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->delayedauth_realmval,
data/wide-dhcpv6-20080615/common.c:1582:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&opttype, val, sizeof(u_int16_t));
data/wide-dhcpv6-20080615/common.c:1635:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optinfo->relaymsg_msg, cp, optlen);
data/wide-dhcpv6-20080615/common.c:1685:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optinfo->delayedauth_realmval, cp,
data/wide-dhcpv6-20080615/common.c:1723:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optinfo->ifidopt_id, cp, optlen);
data/wide-dhcpv6-20080615/common.c:1919:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[MAXDNAME + 1];
data/wide-dhcpv6-20080615/common.c:2182:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[1024]; /* XXX: thread unsafe */
data/wide-dhcpv6-20080615/common.c:2246:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt, &opth, sizeof(opth));
data/wide-dhcpv6-20080615/common.c:2248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt + 1, val, len);
data/wide-dhcpv6-20080615/common.c:2306:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, tmpbuf, optlen);
data/wide-dhcpv6-20080615/common.c:2460:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, tmpbuf, optlen);
data/wide-dhcpv6-20080615/common.c:2538:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(authinfo, optinfo->delayedauth_realmval,
data/wide-dhcpv6-20080615/common.c:2544:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(authinfo, &p32, sizeof(p32));
data/wide-dhcpv6-20080615/common.c:2768:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pd_prefix.dh6_iapd_prefix_prefix_addr,
data/wide-dhcpv6-20080615/common.c:2790:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, opt, headlen);
data/wide-dhcpv6-20080615/common.c:2903:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dd->duid_id, ds->duid_id, dd->duid_len);
data/wide-dhcpv6-20080615/common.c:2983:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdvalue, &u32, sizeof(u32));
data/wide-dhcpv6-20080615/common.c:2984:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)rdvalue + sizeof(u32), &l32, sizeof(l32));
data/wide-dhcpv6-20080615/common.c:2993:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char genstr[sizeof("opt_65535") + 1]; /* XXX thread unsafe */
data/wide-dhcpv6-20080615/common.c:3083:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char genstr[sizeof("msg255") + 1]; /* XXX thread unsafe */
data/wide-dhcpv6-20080615/common.c:3125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char genstr[sizeof("code255") + 1]; /* XXX thread unsafe */
data/wide-dhcpv6-20080615/common.c:3157:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char duidstr[sizeof("xx:") * 128 + sizeof("...")];
data/wide-dhcpv6-20080615/common.c:3231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbuf[LINE_MAX];
data/wide-dhcpv6-20080615/common.c:3342:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req.ifr6_addr, &addr->sin6_addr, sizeof(struct in6_addr));
data/wide-dhcpv6-20080615/common.c:3358:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req.lifr_addr, addr, sizeof (*addr));
data/wide-dhcpv6-20080615/config.c:393:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iac->iaid = (u_int32_t)atoi(iap->name);
data/wide-dhcpv6-20080615/config.c:720:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret[1024];
data/wide-dhcpv6-20080615/config.c:818:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kinfo->secret, secret, secretlen);
data/wide-dhcpv6-20080615/config.c:1977:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, qstr + 1, len - 1);
data/wide-dhcpv6-20080615/config.h:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifid[16]; /* Interface ID, up to 128bits */
data/wide-dhcpv6-20080615/dhcp6.h:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[16]; /* key value */
data/wide-dhcpv6-20080615/dhcp6_ctl.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputbuf[1024]; /* input buffer */
data/wide-dhcpv6-20080615/dhcp6_ctl.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], secret[1024];
data/wide-dhcpv6-20080615/dhcp6_ctl.c:164:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(keyfile, "r")) == NULL) {
data/wide-dhcpv6-20080615/dhcp6_ctl.c:199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctlkey->secret, secret, secretlen);
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], secret[1024];
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:222:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(keyfile, "r")) == NULL) {
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:240:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->secret, secret, secretlen);
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp, &val, sizeof(val));
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:290:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp, &val, sizeof(val));
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:313:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp, val, valsize);
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commandbuf[4096]; /* XXX: ad-hoc value */
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:394:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(commandbuf, &ctl, sizeof(ctl));
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:408:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, commandbuf, len);
data/wide-dhcpv6-20080615/dhcp6c.c:243:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfp = fopen(pid_file, "w")) != NULL) {
data/wide-dhcpv6-20080615/dhcp6c.c:374:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sa6_allagent_storage, res->ai_addr, res->ai_addrlen);
data/wide-dhcpv6-20080615/dhcp6c.c:617:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifbuf, *bpp, ifnamelen);
data/wide-dhcpv6-20080615/dhcp6c.c:637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/wide-dhcpv6-20080615/dhcp6c.c:1177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/wide-dhcpv6-20080615/dhcp6c.c:1417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[BUFSIZ], cmsgbuf[BUFSIZ];
data/wide-dhcpv6-20080615/dhcp6c.c:2190:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optinfo->delayedauth_realmval, authparam->key->realm,
data/wide-dhcpv6-20080615/dhcp6c.c:2207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbuf[LINE_MAX];
data/wide-dhcpv6-20080615/dhcp6c_script.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/wide-dhcpv6-20080615/dhcp6c_script.c:416:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (foreground == 0 && (fd = open("/dev/null", O_RDWR)) != -1) {
data/wide-dhcpv6-20080615/dhcp6relay.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rdatabuf[BUFSIZ];
data/wide-dhcpv6-20080615/dhcp6relay.c:224:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfp = fopen(pid_file, "w")) != NULL) {
data/wide-dhcpv6-20080615/dhcp6relay.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstr[BUFSIZ];
data/wide-dhcpv6-20080615/dhcp6relay.c:605:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IF_NAMESIZE];
data/wide-dhcpv6-20080615/dhcp6relay.c:750:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA((struct cmsghdr *)cm), pktinfo,
data/wide-dhcpv6-20080615/dhcp6relay.c:786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctlbuf[CMSG_SPACE(sizeof (struct in6_pktinfo))
data/wide-dhcpv6-20080615/dhcp6relay.c:802:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optinfo.relaymsg_msg, dh6, len);
data/wide-dhcpv6-20080615/dhcp6relay.c:811:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optinfo.ifidopt_id, &ifid, sizeof (ifid));
data/wide-dhcpv6-20080615/dhcp6relay.c:934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifnamebuf[IFNAMSIZ];
data/wide-dhcpv6-20080615/dhcp6relay.c:941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctlbuf[CMSG_SPACE(sizeof (struct in6_pktinfo))];
data/wide-dhcpv6-20080615/dhcp6relay_script.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZ];
data/wide-dhcpv6-20080615/dhcp6relay_script.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/wide-dhcpv6-20080615/dhcp6relay_script.c:201:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open("/dev/null", O_RDWR)) != -1) {
data/wide-dhcpv6-20080615/dhcp6s.c:141:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rdatabuf[BUFSIZ];
data/wide-dhcpv6-20080615/dhcp6s.c:330:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfp = fopen(pid_file, "w")) != NULL) {
data/wide-dhcpv6-20080615/dhcp6s.c:555:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sa6_any_downstream_storage, res->ai_addr, res->ai_addrlen);
data/wide-dhcpv6-20080615/dhcp6s.c:570:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sa6_any_relay_storage, res->ai_addr, res->ai_addrlen);
data/wide-dhcpv6-20080615/dhcp6s.c:688:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(valp, bp, vallen);
data/wide-dhcpv6-20080615/dhcp6s.c:863:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[BUFSIZ];
data/wide-dhcpv6-20080615/dhcp6s.c:2712:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char replybuf[BUFSIZ];
data/wide-dhcpv6-20080615/dhcp6s.c:3457:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char strbuf[LINE_MAX]; /* XXX: thread unsafe */
data/wide-dhcpv6-20080615/dhcp6s.c:3643:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(roptinfo->delayedauth_realmval, key->realm,
data/wide-dhcpv6-20080615/lease.c:275:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->val, val, size);
data/wide-dhcpv6-20080615/missing/arc4random.c:51:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY, 0600);
data/wide-dhcpv6-20080615/missing/daemon.c:42:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void) open("/dev/null", O_RDWR);
data/wide-dhcpv6-20080615/missing/getifaddrs.c:107:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(buf, addr, len);
data/wide-dhcpv6-20080615/cfparse.c:1050:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/wide-dhcpv6-20080615/cftoken.c:926:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/wide-dhcpv6-20080615/common.c:450:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vb.dv_len = strlen(name) + 1;
data/wide-dhcpv6-20080615/common.c:973:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr6.ifr_name, ifnam, sizeof(ifr6.ifr_name));
data/wide-dhcpv6-20080615/common.c:1111:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ppa >= 0 && !isdigit(ifname[strlen(ifname) - 1]))
data/wide-dhcpv6-20080615/common.c:1125:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = fname + strlen(fname) - 1;
data/wide-dhcpv6-20080615/common.c:2594:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(name);
data/wide-dhcpv6-20080615/common.c:3335:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
data/wide-dhcpv6-20080615/common.c:3347:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(req.lifr_name, ifname, sizeof (req.lifr_name));
data/wide-dhcpv6-20080615/config.c:300:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(conf->scriptpath) - 1;
data/wide-dhcpv6-20080615/config.c:763:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kinfo->realmlen = strlen(kinfo->realm);
data/wide-dhcpv6-20080615/config.c:1155:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = name + strlen(name) - 1;
data/wide-dhcpv6-20080615/config.c:1159:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_vbuf.dv_len = strlen(name) + 1;
data/wide-dhcpv6-20080615/config.c:1197:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str);
data/wide-dhcpv6-20080615/config.c:1970:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(qstr);
data/wide-dhcpv6-20080615/dhcp6_ctl.c:313:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc = read(ctx->s, cp, resid);
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:539:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iflen = strlen(argv[0]) + 1;
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:542:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (putval(bpp, lenp, argv[0], strlen(argv[0]) + 1))
data/wide-dhcpv6-20080615/dhcp6_ctlclient.c:650:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str);
data/wide-dhcpv6-20080615/dhcp6c.c:1968:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ifp->scriptpath != NULL && strlen(ifp->scriptpath) != 0) {
data/wide-dhcpv6-20080615/dhcp6c_script.c:92:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (scriptpath == NULL || strlen(scriptpath) == 0)
data/wide-dhcpv6-20080615/dhcp6relay_script.c:84:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (scriptpath == NULL || strlen(scriptpath) == 0)
data/wide-dhcpv6-20080615/dhcp6relay_script.c:140:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elen = sizeof (client_str) + 1 + strlen(t) + 1;
data/wide-dhcpv6-20080615/dhcp6relay_script.c:243:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s + strlen(s), BUFSIZ - strlen(s),
data/wide-dhcpv6-20080615/dhcp6relay_script.c:243:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s + strlen(s), BUFSIZ - strlen(s),
data/wide-dhcpv6-20080615/dhcp6relay_script.c:251:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s + strlen(s), BUFSIZ - strlen(s),
data/wide-dhcpv6-20080615/dhcp6relay_script.c:251:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s + strlen(s), BUFSIZ - strlen(s),
data/wide-dhcpv6-20080615/dhcp6relay_script.c:284:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s + strlen(s), BUFSIZ - strlen(s),
data/wide-dhcpv6-20080615/dhcp6relay_script.c:284:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s + strlen(s), BUFSIZ - strlen(s),
data/wide-dhcpv6-20080615/dhcp6relay_script.c:291:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s + strlen(s), BUFSIZ - strlen(s),
data/wide-dhcpv6-20080615/dhcp6relay_script.c:291:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(s + strlen(s), BUFSIZ - strlen(s),
data/wide-dhcpv6-20080615/missing/arc4random.c:66:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, &v, sizeof(v));
data/wide-dhcpv6-20080615/missing/getifaddrs.c:90:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(lifrp->lifr_name) + 1;
data/wide-dhcpv6-20080615/missing/getifaddrs.c:122:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(lifrp->lifr_name) + 1;
data/wide-dhcpv6-20080615/missing/strlcat.c:64:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(dlen + strlen(s));
ANALYSIS SUMMARY:
Hits = 181
Lines analyzed = 25778 in approximately 0.67 seconds (38727 lines/second)
Physical Source Lines of Code (SLOC) = 19363
Hits@level = [0] 55 [1] 35 [2] 128 [3] 11 [4] 7 [5] 0
Hits@level+ = [0+] 236 [1+] 181 [2+] 146 [3+] 18 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 12.1882 [1+] 9.34773 [2+] 7.54015 [3+] 0.929608 [4+] 0.361514 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.